What are some types of Tailored Policies?
Privacy, Shared reading, and Shared updating
What are administrative groups?
A group that allows a user access to administrative functions. Also has special privileges for managing the system
With Unix “SUDO” and “SetUID” commands, what privileged operation can the user do?
The user can execute a privileged operation as “root”
While users could log in as “root” to do admin tasks, what was the system’s main problem?
The system could not tell which admin performed a particular task.
Admin roles are dangerous, since admins can accidentally execute Trojan horses and other malware in “root,” what are safe alternatives for this?
Temporary rights (UAC), and having two User IDs: a regular user ID that has no special privileges and one special user ID with administrative privileges.
What are three sets of RWX flags?
- Owner rights (u)
- Group rights (g)
- World rights (o)
What is ACL?
Access Control Lists are a general-purpose technique that cluster access rights by row.
How do you build an effective ACL?
- Deny by Default is the best general approach
- start with no rights, or a small set of defaults- permissions to owner and administrators
- add allow rights as needed
- permissions to owner and administrators
- Keep the rules as simple as possible
Summarize how each of the three tailored file security policies changes the access rights of files under the two default security policies.
Privacy overrides global file sharing policy
Shared reading overrides global isolation policy
Shared updating overrides either global policy
not sure pa
Explain why it is safer for administrators to use two different accounts when working with a computer. Explain the difference between the two accounts.
This is safer because a virus can spread quicker with an admin account since it is logged into “root.” A lesser privileged account can lessen risk of compromise.
Or
It is safer for administrators to use two accounts because:
• The regular user ID has no special privileges, so if malware or mistakes happen while using it, the system is less likely to be damaged.
• The administrative user ID has full privileges and can make serious system changes, but it should only be used when needed.
Using two accounts reduces risk: everyday tasks are done safely with the regular account, and the admin account is used only when necessary
Describe the behavior of “sudo” on Unix. When is “sudo” used?
On Unix, sudo is a prepackaged function that runs setuid with the identity of root. It’s used when administrators need to perform serious system changes, allowing them to run programs as root after authenticating with the correct password, without logging in as the root account directly.
Describe the behavior of the padlock icon on Apple’s OS X. When is the padlock used?
On Apple’s OS X, the padlock icon controls access to sensitive parts of the system. When clicked, it prompts for an administrator’s password; if the correct password is entered, the padlock switches to “unlocked” and the system enables the associated controls. It is used to allow regular users to modify critical system preferences and adjust rights on files and folders.
Describe the behavior of user account control (UAC) on modern versions of Microsoft Windows. In what circumstances does a UAC pop-up appear?
It pops up when the user tries to run an administrative function and asks the user for an admin password before allowing access.
Summarize the behavior of Unix file-permission flags. Identify the sets of users that such permissions can control and what access rights are enforced for each set.
- uses file permission flags to indicate access rights (read, write, execute/search)
- three sets of identities
- owner rights (user rights)
- group rights
- world rights
the owner typically has the right to read and write the file. Users in the files’ group, and all other users, customarily receive permission to read the file but not to write it. If a file is executable , then anyone granted the right to read the file also is granted permission to execute it. In practice, most files that have execute permission also have read permission.
Explain how Unix-like systems decide which of its three sets of access rights to apply when a particular user’s process opens a file.
If the “root” user accesses a file, the system grants full access to the file.
If the file’s owner accesses a file, the system applies the owner rights.
If a group member (who is not the file’s owner) accesses the file, the system applies the group rights.
If the user is neither the owner nor a member of the file’s group, the system applies the world rights.
List the columns that we need to provide when describing security controls implemented with Unix-style permission flags.
- Control number
- File
- Owner
- Owning Group
- Owner access rights
- Group access rights
- World access rights
- Policy statement
Describe the basic features of an access control list.
ACLs list all users and grant appropriate access to each.
Explain how access restrictions on a folder or directory can block a user’s access to a file, even if the file itself may be readable by that user.
An effective ACL implementation has been implemented to make it easier to manage rights in file hierarchies. Files and folders automatically inherit changes made to an enclosing folder’s access rights. This takes precedence in access control, disregarding the permissions of that specific file.
When we create a file, explain how that file acquires its initial ACL under Windows.
In Windows, when we create a new file, it simply inherits access rights from the folder in which we save the file.
This is called dyamic ACLs that inherit access rights from the enclosing folder. Files use the “parent” ACL, which is retrieved from their folder.
If we change the ACL for a folder under Windows, what typically happens to the ACLs for the files within that folder?
If we change the ACL for a folder in Windows, the files inside also change their ACLs—as long as they inherit permissions from the folder.
Why is a program containing a Trojan considered malicious?
A Trojan is hard to detect since it appears as part of a legitimate program, thus allowing it to do malicious activities.
Explain how a Trojan program can make secret data belonging to one user visible to another user.
It looks into protected folders and copies each one to an unauthorized user.
It looks in restricted directories and copied whatever files the process could find.
Describe the typical contents of an entry in an event log.
- Time and date
- Source - component that detected the event
- User identity - user associated with event
- Type - what happened
- Details of event
Describe the typical steps taken to log an event
- A program detects a significant event and emits a log entry to describe it
- The logging process retrieves the event, and discards less-significant events
- The logging process saves the event in a log file
- Administrators monitor the logs for significant events that demand action
