Describe the three security properties of information
Confidentiality
- Keeping information secret
- Avoiding disclosure vulnerabilities
Integrity
- Protecting information from improper changes
- Avoiding forgery, subversion, and masquerade attacks
Availability
- Keeping systems available and in operation
- Avoiding denial of service attacks
How does a computer maintain its Chain of Control?
We must never run programs that violate or bypass our security policy. To avoid this, we:
1. Start the computer using a BIOS that maintains our security policy
2. If the software we start can start other software, then the other software either
- Complies with the security policy, or
- Is constrained from violating the policy via access restrictions or other mechanisms
List the typical steps a vendor follows to release a software patch.
Collect error reports
Prioritize errors and assign to engineers
Engineer develops software to fix the error
Software fixes are chosen for a patch
The patch is tested
The patch is released
List the three major hard drive storage problems addressed by file systems
How to store files
How to find files
How to manage the drive’s free space
Explain the difference between a default permit policy and one that enforces Deny by Default.
Default permit - All access is allowed except to anyone we specifically tell it to block.
Dey by default - no access is allowed to anyone unless specifically granted
Summarize the three strategies by which the operating system provides input/output services and a file system.
- Application Programming Interface - a simple, standard way for programs to use IO devices and files
- Device Independence - converts API operations into specific commands for individual devices
- File System - converts file operations into API operations performed on the hard drive
Describe how to recover a deleted FAT file and its contents.
Find the directory entry
- Extract the first cluster number and length
- Retrieve the series of clusters
Describe the format of an executable file
The executable file has a header which contains the magic number, program size, and layout information for the data section.
magic number - a standard data value that appears in the first location of the excutable file
program size - indications of the size of the block of machine instructions that make up the program itself
layout information for the data section- addresses and offsets to be used to lay out variables and stack locations in the program’s data section
After the header, the rest of the file contains machine instructions that make up the program
Explain the four general tasks that may play a role in recovering from a security incident.
- Identify shortcomings in risk assessment, policy, or implementation
- Repair problems caused by the incident
- If the incident is caused by an individual’s malicious act, and we can hold that person accountable, then we collect evidence to clearly tie that person to the incident.
- If someone uses our computer to violate laws, then we need to preserve evidence so that a prosecutor may use it in a trial
Explain two different situations in which a window of vulnerability might arise
- A black hat constructs a zero-day exploit, one for which no patch yet exists
- Installing new software from a DVD or other distribution media. The distribution disk may contain an older version of the software that lacks the latest patches. Thus, the newly installed software may start out in the unprotected state.
What is window of vulnerability
Time during which an exploit exists but computers aren’t patched.
Describe risk threats on an isolated computer
Denial of service - someone deletes some of our files or damages software, making all or part of the computer unusable
Subversion - a program gets a virus infection or suffers some other malware damage
Masquerade - one user logs in, trying to pretend to be another user
Disclosure - some of our personal data is disclosed
Forgery - someone modifies one of our files without our knowledge, so their statements are presented as our own
Describe how a virus operates and spreads.
When a virus infects an application program, it adds its own machine instructions to the end of the program’s file. It copies itself to other programs and modifies them to ensure the virus runs first.
Explain the difference between a virus, a worm, and a Trojan.
A virus infects and spreads by attaching itself to files or programs.
A worm exploits a vulnerability that it can reach via a network connection.
A trojan is a program that appears benign but in fact contains malware.
FAT directories contents:
- file name, or special character if empty
- attributes of this directory entry
- time and date created, last read, and modified
- address variable pointing to the first cluster
- total number of data bytes in the file
Objectives for sharing files
- provide computing for authorized users
- preserve the chain of control
- permit/prevent general sharing among users
An OS can protect files as long as:
- the OS protections are always applied when we access our files and
- there is no way to bypass the OS protections
