Threats to OS Flashcards
Important!
Malicious software that replicates itself is known as a:
a) Trojan Horse
b) Virus
c) Worm
d) Logic Bomb
Answer:
c) Worm
Explanation:
Worms are a type of malware that can replicate themselves and spread to other systems.
Which of the following is NOT a type of malware?
a) Virus
b) Trojan Horse
c) Firewall
d) Worm
Answer:
c) Firewall
Explanation:
A firewall is a security system that monitors and controls incoming and outgoing network traffic, not a type of malware.
A program that appears harmless but performs malicious actions is a:
a) Virus
b) Worm
c) Trojan Horse
d) Logic Bomb
Answer:
c) Trojan Horse
Explanation:
Trojan horses disguise themselves as legitimate software to deceive users.
Which type of attack prevents legitimate users from accessing a system?
a) Buffer Overflow
b) Denial of Service
c) Trap Door
d) Logic Bomb
Answer:
b) Denial of Service
Explanation:
Denial of Service (DoS) attacks overwhelm a system with requests, making it unavailable to intended users.
A vulnerability where more data is written to a buffer than it can hold is called:
a) Denial of Service
b) Trap Door
c) Buffer Overflow
d) Logic Bomb
Answer:
c) Buffer Overflow
Explanation:
Buffer overflows can be exploited to crash a system or execute malicious code.
Which of the following is a program threat?
a) Worm
b) Port Scanning
c) Trojan Horse
d) Denial of Service
Answer:
c) Trojan Horse
Explanation:
Trojan Horses are classified as program threats.
Which of the following is a system threat?
a) Virus
b) Trojan Horse
c) Logic Bomb
d) Denial of Service
Answer:
d) Denial of Service
Explanation:
Denial of Service is a system threat.
Which security measure monitors network traffic to identify intrusions?
a) Authentication
b) Access Control
c) Intrusion Detection System
d) Firewall
Answer:
c) Intrusion Detection System
Explanation:
Intrusion Detection Systems (IDS) analyze system events to detect malicious activity.
Which type of IDS monitors a single host?
a) Network-based IDS
b) Host-based IDS
c) Both a and b
d) None of the above
Answer:
b) Host-based IDS
Explanation:
Host-based IDS (HIDS) focus on monitoring the characteristics of a single host system.
A network security system that protects a network from unwanted traffic is a:
a) Intrusion Detection System
b) Firewall
c) Antivirus Software
d) Access Control System
Answer:
b) Firewall
Explanation:
Firewalls block unwanted network traffic based on predefined rules.
What is the primary purpose of TLS/SSL certificates?
a) Blocking malware
b) Encrypting and protecting private information
c) Monitoring network traffic
d) Managing user accounts
Answer:
b) Encrypting and protecting private information
Explanation:
TLS/SSL certificates encrypt data transmitted between a user and a website.
Which security measure involves verifying the identity of a system entity?
a) Authorization
b) Authentication
c) Access Control
d) Intrusion Detection
Answer:
b) Authentication
Explanation:
Authentication is the process of verifying the identity of a user or device.
The process of verifying access rights to resources is called:
a) Authentication
b) Authorization
c) Identification
d) Verification
Answer:
b) Authorization
Explanation:
Authorization determines what actions a user is allowed to perform.
Which authentication method uses biometric verification?
a) Username/Password
b) User Attribution
c) User Card and Key
d) All of the above
Answer:
b) User Attribution
Explanation:
User attribution, which includes biometric verification like fingerprints, verifies users based on their unique biological traits.
A security policy that specifies who can access system resources is:
a) Authentication
b) Authorization
c) Access Control
d) Intrusion Detection
Answer:
c) Access Control
Explanation:
Access control defines and manages who has permission to access specific resources.
What is the highest level of computer security classification?
a) Type A
b) Type B
c) Type C
d) Type D
Answer:
a) Type A
Explanation:
Type A represents the highest level, using formal design specifications and verification techniques.
Which security classification level involves mandatory protection?
a) Type A
b) Type B
c) Type C
d) Type D
Answer:
b) Type B
Explanation:
Type B provides mandatory protection systems.
What does TCB stand for?
a) Trusted Computer Base
b) Trusted Computing Base
c) Total Computer Base
d) Total Computing Base
Answer:
b) Trusted Computing Base
Explanation:
TCB refers to the combined hardware, firmware, and software components crucial to a computer’s security.
In the Secure OS Trust Model, does the OS trust processes outside the TCB?
a) Yes
b) No
c) Sometimes
d) It depends on the user
Answer:
b) No
Explanation:
A secure OS does not trust processes outside the Trusted Computing Base (TCB).
Which of the following operating systems is mentioned as applying authorization policy while creating a file?
a) Windows
b) macOS
c) Linux
d) Chrome OS
Answer:
c) Linux
Explanation:
Linux applies authorization policies not only when reading a file but also when creating it.
Define “malware” and give two examples.
Answer:
Malware is software designed to infiltrate or damage computer systems.
Examples include viruses and worms.
What is the primary difference between a virus and a worm?
Answer:
A virus requires a host file to spread, while a worm can replicate and spread independently.
Explain the concept of a “Trojan Horse.”
Answer:
A Trojan Horse is a type of malware that disguises itself as legitimate software to trick users into installing it, often to gain unauthorized access.
What is a “Denial of Service” (DoS) attack?
Answer:
A Denial of Service (DoS) attack floods a system with traffic or requests, making it unavailable to legitimate users.
Briefly describe a “Buffer Overflow” vulnerability.
Answer:
A Buffer Overflow occurs when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory and causing crashes or allowing malicious code execution.
List two responsibilities of an Operating System in terms of security.
Answer:
Operating Systems should provide proper boundaries between processes and ensure resource availability to prevent denial-of-service attacks.
Name two counter-measures for OS security.
Answer:
Intrusion Detection and Authentication are two counter-measures for OS security.
What is the purpose of an Intrusion Detection System (IDS)?
Answer:
An Intrusion Detection System (IDS) analyzes system events to identify potential security breaches or malicious activity.
Differentiate between Host-based IDS (HIDS) and Network-based IDS (NIDS).
Answer:
HIDS monitors a single host for malicious activity, while NIDS monitors network traffic.
What role do firewalls play in network security?
Answer:
Firewalls protect networks by monitoring and controlling incoming and outgoing traffic, blocking unwanted or malicious access.
What is the function of TLS/SSL certificates?
Answer:
TLS/SSL certificates encrypt data transmitted between a user and a website, protecting sensitive information.
Why is physical security important for OS security?
Answer:
Physical security is crucial because an attacker with physical access can directly manipulate OS files and configurations.
Explain the two steps involved in the authentication process.
Answer:
The two steps are identification (presenting an identifier like a username) and verification (providing authentication information like a password).
Differentiate between authentication and authorization.
Answer:
Authentication verifies a user’s identity, while authorization determines what actions or resources the user is allowed to access.
Give one example of a user attribution authentication technique.
Answer:
Biometric verification, such as fingerprint scanning, is a user attribution authentication technique.
What is the purpose of access control in OS security?
Answer:
Access control manages and restricts who or what can access specific system resources.
Briefly describe Type C2 security classification.
Answer:
Type C2 security classification adds individual-level access control to protect user data.
What is a Trusted Computing Base (TCB)?
Answer:
The TCB is the set of hardware, firmware, and software components critical for enforcing the system’s security policy.
According to the slide, which operating system is considered the fastest?
Answer:
According to the slide, Linux is considered the fastest operating system.
Give one reason why Linux is considered secure.
Answer:
Linux enforces strict authorization policies, even during file creation, and ensures that the OS is aware of all resources being handled by users.
Discuss the different types of malware, explaining how they operate and the potential damage they can cause to an operating system.
Answer:
1. Malware is malicious software designed to harm computer systems. Types include viruses, worms, Trojan horses, and logic bombs.
2. Viruses attach to executable files and spread when the infected file is executed, corrupting files and data.
3. Worms are self-replicating and can spread across networks, consuming resources and potentially causing system crashes.
4. Trojan horses disguise themselves as legitimate software to trick users into installing them, allowing attackers to gain unauthorized access or steal data.
5. Logic bombs are code snippets that execute malicious actions when specific conditions are met, such as a certain date or user action.
The damage caused by malware can range from data loss and system instability to complete system compromise and unauthorized access.
Explain the concept of “Buffer Overflow” and its implications for operating system security. Provide an example of how a buffer overflow attack might occur.
Answer:
A Buffer Overflow occurs when a program writes more data to a buffer than it is allocated, overwriting adjacent memory locations.
This vulnerability can be exploited by attackers to inject and execute arbitrary code, gain control of the system, or cause it to crash.
For example, if a program asks for a user’s name and stores it in a buffer of 20 characters, providing an input longer than 20 characters can overwrite adjacent memory, potentially altering program execution flow or injecting malicious code.
Buffer overflows are a significant threat because they can be exploited in various software, including operating system components, making them a target for attackers.
Describe the different security measures that can be implemented to protect an operating system from threats.
Answer:
Operating systems can be protected through various security measures:
1. Regular Updates and Patches: Keeping the OS and software updated is crucial to address known vulnerabilities.
2. Antivirus Software: Antivirus software detects and removes malware.
3. Firewalls: Firewalls control network traffic, blocking unauthorized access.
4. Intrusion Detection Systems (IDS): IDS monitor systems for malicious activity.
5. Authentication: Verifying user identities to ensure only authorized users access the system.
6. Access Control: Implementing policies to restrict access to system resources based on user roles and privileges.
Discuss the importance of authentication and authorization in operating system security.
Explain different authentication methods.
Authentication and authorization are fundamental to OS security. Authentication verifies who a user is, while authorization determines what they can do.
Authentication ensures that only legitimate users can access the system, while authorization restricts their actions to prevent unauthorized access to resources.
Authentication methods include:
1. Username/Password: Traditional method using unique credentials.
2. User Attribution: Biometric verification techniques like fingerprints or retina scans.
3. User Card and Key: Using physical cards or key generators for access.
These methods aim to establish trust before granting access to system resources.
Explain the concept of Access Control and its different types.
How does Access Control contribute to OS security?
Access control is a security mechanism that manages and restricts who or what can access specific system resources.
It ensures that users have appropriate permissions and prevents unauthorized access to sensitive data or system functions.
Access control contributes to OS security by:
1. Enforcing security policies.
2. Mediating between users and the system.
3. Limiting the potential damage from insider threats or compromised accounts.
What is Trusted Computing Base (TCB)?
Explain its significance in ensuring a secure operating system.
The Trusted Computing Base (TCB) is the set of all hardware, firmware, and software components critical to the computer’s security.
It’s the foundation of security, and any vulnerability within the TCB can compromise the entire system.
The TCB is significant because it:
1. Enforces the system’s security goals.
2. Provides a trusted environment for the OS to operate.
3. Requires that the software that boots the system and enforces security is also trusted.
Discuss the Secure OS Trust Model and its advantages.
How does it differ from how most modern systems operate?
The Secure OS Trust Model assumes that the OS cannot trust processes outside of the TCB to behave as expected.
This is a stricter approach compared to most modern systems, which often assume that programs run by a user will behave as the user intends.
Advantages of the Secure OS Trust Model:
1. Easy to use and administer.
2. Aligns with the principle of least privilege.
3. Gives object owners more control over access.
Explain the security implications of the Linux OS architecture.
The Linux OS architecture incorporates several security features:
1. Mandatory association of users with groups.
2. Files are owned by users and groups within the OS.
3. Prevention of changing file ownership to non-existent users.
4. Authorization policies applied during file creation and access.
5. Restriction of resources to only those managed by the OS.
These features enhance security by enforcing strict control over file access and ownership, reducing the risk of unauthorized manipulation.
Discuss the role of an Operating System in providing security.
What are the key responsibilities of an OS in mitigating security threats?
An Operating System (OS) plays a crucial role in providing a secure computing environment by managing system resources and enforcing security policies.
Key responsibilities include:
1. Providing boundaries between processes: The OS must prevent processes from interfering with each other’s memory or files, ensuring that a faulty or malicious process cannot compromise the entire system.
2. Managing resource allocation: The OS must schedule resources fairly to prevent denial-of-service attacks, where one process monopolizes resources and prevents others from functioning.
3. Implementing security mechanisms: The OS provides essential security features like authentication, authorization, and access control to protect system resources and data.
Explain the concept of “program threats” and provide examples.
How do they differ from “system threats”?
- “Program threats” refer to malicious actions carried out by user programs that exploit OS functions to perform unauthorized tasks.
Examples of program threats include:
1.1 Trojan Horses: Programs that appear legitimate but contain malicious code.
1.2 Logic Bombs: Code that executes malicious actions under specific conditions.
1.3 Viruses: Code that infects files and spreads to other systems.
- “System threats,” on the other hand, involve the misuse of OS services or network connections to harm users, such as denial-of-service attacks or port scanning.
Describe the different types of Intrusion Detection Systems (IDS) and their methods of operation.
Intrusion Detection Systems (IDS) are security tools that monitor systems or networks for malicious activity.
Types of IDS include:
1. Host-based IDS (HIDS): Monitors the activity on individual host systems, examining log files and system events for suspicious behavior. HIDS use rules and policies to identify potentially malicious behavior. They can operate based on signatures (known patterns of attacks) or anomalies (deviations from normal behavior).
2. Network-based IDS (NIDS): Monitors network traffic for suspicious patterns or attacks.
Discuss the importance of firewalls in operating system security and network protection.
How do firewalls protect systems from threats?
Firewalls are essential security components that protect networks and systems from unwanted traffic.
They act as a barrier between a trusted network and untrusted networks (like the internet), controlling the flow of data based on predefined rules.
Firewalls protect systems by:
1. Blocking incoming malware.
2. Monitoring both incoming and outgoing traffic.
3. Enforcing local security policies.
Explain the significance of TLS/SSL certificates in securing online communications.
TLS/SSL certificates are crucial for securing online communications by encrypting data transmitted between users and websites.
This encryption protects sensitive information like login credentials, personal details, and financial transactions from being intercepted by attackers.
Additionally, TLS/SSL certificates provide identity protection for websites, enhancing user trust.
Discuss the importance of physical security in protecting operating systems.
What are the potential consequences of inadequate physical security?
Physical security is a fundamental aspect of OS security, as it protects the hardware and physical infrastructure on which the OS resides.
Inadequate physical security can have severe consequences, as an attacker with physical access to a system can:
Edit, remove, or steal important files.
Access OS code and configuration files stored on the hard drive.
Potentially install malicious software or hardware.
Elaborate on the authentication process and its importance in OS security.
Discuss various authentication techniques.
Authentication is the process of verifying the identity of a user or device attempting to access a system.
It is crucial for OS security because it ensures that only authorized individuals can access system resources and prevents unauthorized access.
The authentication process typically involves two steps:
1. Identification: Presenting an identifier, such as a username.
2. Verification: Providing or generating authentication information, such as a password, biometric data, or a security token.
Various authentication techniques exist, including:
1. Username/Password: The most common method, relying on secret credentials.
2. User Attribution: Biometric methods like fingerprint or retina scans, verifying users based on unique physical characteristics.
3. User Card and Key: Using physical cards or key generators to gain access.
Differentiate between authentication and authorization, and explain why both are essential for a secure operating system.
Authentication and authorization are distinct but complementary security processes.
*Authentication verifies who a user is, confirming their identity.
*Authorization determines what an authenticated user is allowed to do, granting or denying access to specific resources or actions.
Both are essential because:
1. Authentication establishes trust in the user’s identity.
2. Authorization enforces access control policies, ensuring that users only have the necessary privileges.
3. Without proper authorization, even authenticated users could perform unauthorized actions.
Explain the concept of Access Control and how it is implemented in operating systems.
Access control is a security mechanism that manages and regulates who or what can access specific resources within a system.
It involves implementing security policies that define access permissions for users, groups, or processes.
Operating systems implement access control through various mechanisms, including:
1. File permissions: Controlling who can read, write, or execute files.
2. Access control lists (ACLs): Specifying permissions for individual users or groups for specific resources.
3. Role-based access control (RBAC): Assigning permissions based on user roles within an organization.
Describe the Trusted Computing Base (TCB) and its importance in ensuring operating system security.
The Trusted Computing Base (TCB) is the set of all hardware, firmware, and software components that are critical for enforcing the system’s security policy.
It is the foundation of trust in a secure system.
The TCB is crucial because:
1. Any security vulnerabilities within the TCB can compromise the entire system.
2. It is the minimal amount of software necessary to enforce security goals.
3. It includes software that defines and enforces security policies.
4. The software that initiates the TCB must also be trusted.
Explain the Secure OS Trust Model and its advantages.
How does this model differ from the trust model in most modern operating systems?
The Secure OS Trust Model operates under the principle that the OS cannot inherently trust processes running outside of the TCB.
This means the OS does not automatically assume that a program will behave as the user intends.
Advantages of this model:
1. Simplicity in use and administration.
2. Adherence to the principle of least privilege (granting only necessary permissions).
3. Greater control for object owners over access permissions.
In contrast, many modern OSs operate on a model where the OS often assumes that programs run by a user are acting on the user’s behalf, which can create security vulnerabilities if a program is compromised.
Discuss the security features of the Linux OS architecture .
How do these features contribute to the overall security of the system?
Several security features of the Linux OS architecture:
1. User-Group Relationship: Every user must belong to a group, while a group can exist without users. This helps in managing permissions and access control.
2. File Ownership: Files are owned by users and groups that are part of the Linux OS, preventing ownership by unknown entities.
3. Restricted Ownership Changes: File ownership cannot be changed to a non-existent user, maintaining file integrity.
4. Authorization During File Creation: Linux enforces authorization policies not only when accessing files but also when creating them, adding an extra layer of security.
5. OS Awareness of Resources: The OS manages all resources, preventing users from controlling resources unknown to the OS.
These features enhance security by:
1. Enforcing strict access control and file ownership.
2. Preventing unauthorized manipulation of files and resources.
3. Ensuring that the OS has control over all system operations.
