Guide to Operating Systems Security



Guide to Operating Systems Security

Chapter 2 Solutions

Answers to the Chapter 2 Review Questions

1. The Melissa virus was transported by ___________________________.

Answer: c. e-mail

2. Which of the following are used for updates in Windows XP Professional? (Choose all that apply.)

Answer: b. Windows Update

3. A Windows Server 2003 server administrator, whom you know from another firm, is complaining about a virus that was installed on one of his firm’s servers from a device driver file that the server administrator downloaded from a freeware Internet site. What steps could that server administrator have taken to avoid getting a virus in this way? (Choose all that apply.)

Answer: a. both a and c

4. You can use an emergency repair disk in ________________________________.

Answer: a. Windows 2000

5. The ______________________ mode in Mac OS X enables you to view operating system files as they load.

Answer: d. verbose

6. Which of the following is used by the Linux.Millen.Worm and the Code Red worms? (Choose all that apply.)

Answer: c. buffer overflow

7. A server operator in your organization is planning to do a quick virus scan of a NetWare server before releasing the server for daily use, just after completing the overnight backups. She does not have much time and wants to do a fast virus scan only on executable files. Which of the following files are examples of executable files she should scan? (Choose all that apply.)

Answer: a., c., and d.

8. Your Red Hat Linux 9.x system will not boot, and you decide to replace the MBR. What mode can you use to boot the system in order to replace the MBR?

Answer: b. rescue mode

9. An employee in your company obtained a Microsoft Word XP template from a friend in another company and has distributed that template to other users. You have used a virus scanner on the template and found that it contains a virus. What should you do next?

Answer: d. Have users disable macros in Word XP

10. Which of the following are steps you can take to protect a system from malicious software? (Choose all that apply.)

Answer: a., b., c., and d.

11. Which of the following is not true of a service pack from Microsoft?

Answer: a. Only one service pack is issued at a time and there are options in that service pack so that it can be applied to any Microsoft operating system.

12. On what menu in Windows Server 2003 can you access the Enable Boot Logging option?

Answer: d. Advanced Options menu when you boot the system

13. Which of the following should you look for in a malicious software scanning tool? (Choose all that apply.)

Answer: a., b., c., and d.

14. Where is the MBR found on a Red Hat Linux system?

Answer: a. boot or partition sector of a hard disk

15. When a virus infects the boot sector of a hard disk, ______________________________.

Answer: b. it is common that disks placed in the floppy drive may become infected, too

16. Well-known vulnerabilities to malicious software exist in which of the following systems? (Choose all that apply.)

Answer: c. and d.

17. Which of the following is an example of a NetWare 6.x file that may commonly house a virus?

Answer: c. startup.ncf

18. Which of the following is an example of a Mac OS X folder that contains items that are commonly targeted by a virus?

Answer: b. Startupitems folder

19. Which of the following is an example of a Red Hat Linux file that can be a target of a virus?

Answer: d. inittab

20. The Simpsons AppleScript virus __________________________.

Answer: a. is a Trojan horse sent with an e-mail message

21. As server administrator, you are the backup person for the SQL Server database administrator, who has informed you that the SQL Administrator account uses the password sa. Is the SQL Server at any risk with this password?

Answer: c. Yes, because the Digispid.B.Worm targets SQL Server systems that have this password.

22. How do you check for updates available in Red Hat Linux 9.x?

Answer: b. Click the exclamation point icon in the Panel

23. Which of the following systems use an Automated System Recovery set? (Choose all that apply.)

Answer: c. Windows Server 2003

24. Which Trojan horse alters a system folder in Windows XP?

Answer: d. Backdoor.Egghead

25. A major update in NetWare 6.x is performed through ______________________.

Answer: a. consolidated support packs

Hands-On Projects Tips and Solutions for Chapter 2

Project 2-1

For this project, students use the Cert Coordination Center to learn more about viruses.

In Step 3, at this writing there are 317 matches found for a search on virus.

Project 2-2

This project enables students to practice accessing the Windows registry with the Registry Editor.

In Step 3, the subkeys under HKEY_LOCAL_MACHINE are:

▪ HARDWARE

▪ SAM

▪ SECURITY

▪ SOFTWARE

▪ SYSTEM

Project 2-3

In this project, students practice viewing the /etc/inittab file in Red Hat Linux 9.x.

In Step 5, students should note that a new window opens for the Emacs editor, which displays the contents of the /etc/inittab file.

Remind students not to make any changes to the /etc/inittab file and to exit properly.

Project 2-4

In this activity, students learn how to access the recovery console in Windows 2000 Server or Windows Server 2003. They will need access to the Windows 2000 Server setup floppy disks or the Windows 2000 Server or Windows Server 2003 installation CD-ROM.

In Step 4, students should report seeing a character-based screen and a prompt at which to type command-line commands.

In Step 5, after students type help and press Enter they will see a list of commands that can be used in the recovery console.

In Step 6, students see an explanation of the fixmbr command, which has an optional parameter to specify the device.

In Step 7, students see an explanation of the fixboot command.

Project 2-5

This project enables students to access the Red Hat Linux rescue mode.

In Step 2, students should report seeing the boot: __ prompt.

In Step 3, a minimal operating system is loaded from CD-ROM.

In Step 6, there is an option to mount the file systems as read-only, which is accomplished by using the tab key to select the Read-Only option.

In Step 8, to make the system run in the root environment, students learn that they can enter the command: chroot /mnt/sysimag

Project 2-6

In this project, students learn how to configure macro security in Microsoft Word XP. In conjunction with this project, consider holding a class discussion about different ways to educate users about employing security options that come with software.

In Step 5, high security means that macros are used only for digitally signed documents. In medium security, macros are disabled by default, but the user can select to disable macros for documents they believe to be from a trusted source. In low security, macros are enabled.

Project 2-7

.

This project enables students use the Automatic Updates Setup Wizard in Windows Server 2003.

In Step 5, the options students should report seeing are:

▪ Every day

▪ Every Sunday

▪ Every Monday

▪ Every Tuesday

▪ Every Wednesday

▪ Every Thursday

▪ Every Friday

▪ Every Saturday

Also, students should note that to configure updates to go automatically every Wednesday at 9 p.m. they would set the day of the week parameter to Every Wednesday and then set the time parameter to 9 p.m.

Project 2-8

In this project students learn how to use the Red Hat Network Alert Notification Tool.

In Step 2, students should record the number of updates available to be installed.

In Step 7, students should notice and record the amount of disk space required for the packages, which is shown near the bottom of the window.

Project 2-9

This project enables students to learn how to use the Software Update tool in Mac OS X.

In Step 3, the options are:

▪ Daily

▪ Weekly

▪ Monthly

In Step 4, students should report the number of updates already installed.

In Step 6, students should note if any of the updates relate to security. Often they will see security updates, but not always.

Project 2-10

This project gives students an opportunity to boot into the Safe Mode in Windows 2000, Windows XP Professional, or Windows Server 2003.

In Step 4, students should report seeing the files that are loaded as the system boots up.

In Step 6, the desktop appears with a black background, no wallpaper, and large print.

Project 2-11

In this project, students boot using the Mac OS X verbose mode. If they have trouble booting into this mode, make sure that they are holding down the Command and v keys as soon as the system starts until they begin to see text on the screen.

In Step 2, students should see a black screen and lines of text showing what is being loaded as the system boots.

Project 2-12

Students use this project to learn how to configure driver signing in Windows 2000, Windows XP Professional, or Windows Server 2003.

In Step 3, the options students see in Windows XP Professional and Windows Server 2003 (the same options appear in Windows 2000, but the wording of the explanations for each is slightly different) are:

▪ Ignore - Install the software anyway and don’t ask for my approval

▪ Warn - Prompt me each time to choose an action

▪ Block - Never install unsigned driver software.

Solutions to the Case Project Assignments

Nishida and McCormick is a large law firm that has hired you, through Aspen IT Services, to help with security and to train their new server and network administrator Jim Vialpondo. The former network administrator left suddenly and Jim, who was the PC support consultant has been promoted to this position. The main office houses 92 users and has two Red Hat Linux 9.0 servers, one Windows Server 2003 file and print server, a Windows 2000 server used for a Web site, and one NetWare 6.0 server. The firm has a satellite office 128 miles away from the main office that has 62 users on a Red Hat Linux 9.0 server. The attorneys and support staff and both locations primarily use Windows XP Professional, but there are also 12 Mac OS X users.

Case Project 2-1: Training the New Server and Network Administrator

The Computing Services Department director asks you to train the new server and network administrator about malicious software by discussing the ways in which the following can spread in both workstation and server systems:

▪ Viruses

▪ Worms

▪ Trojan horses

Create a short study paper that the server and network administrator can use as a reference.

Answer:

Some typical ways in which a virus or other malicious software can spread include:

▪ Boot or partition sector—which infects the boot or partition sector of a system, which is at the beginning of a disk. Sometimes this type of infection continues to spread by infecting floppy disks that are then taken to other computers.

▪ File infector—which appends to program files, including system files.

▪ Macro—infects macro files, which are instruction set files often used with word processors, spreadsheets, and other software. A macro in a template can be infected and continue infecting all systems using that template or a document using the template.

▪ Multipartite—infects systems through a combination of ways, such as by using a file infector and a macro.

Worms may spread using a buffer overflow or by being sent as an e-mail attachment.

Trojan horses spread as e-mail attachments or when users want to share via floppy disk Trojan horse programs that appear to be harmless.

It is wise to caution users not to run programs that are not from a trusted source.

Case Project 2-2: A Malicious Macro

The administrative assistant to one of the managing partners has brought in a Word XP macro containing a virus. The macro spread from his home computer to a document on a floppy disk that he was working on at home and then used at work. What steps should be taken to keep the virus in the macro from spreading to other areas of the network?

Answer:

Several steps can be taken to prevent the spread of a macro containing a virus. First, the original user should not share this document with anyone else or let anyone else open it. Nor should the user open the document, until it is cleaned and verified by a scanner. Also, it is important that the document not be placed on a server or shared drive. If necessary, the administrative assistant’s computer might be disconnected from the network, until it is checked. Another step is to destroy the floppy disk containing the document.

A malicious software scanner should be used to find and clean the macro virus from the system of the original user. This should also be done on the user’s home computer.

Additionally, the use of macros should be disabled in Word XP or set to “high” on all computers in the firm and on the administrative assistant’s home computer.

Further, the firm should establish clear policies about taking files home and bringing them back to work. If users need to work at home, the firm might purchase scanning software for those users.

Case Project 2-3: Security Policy Recommendations

One of your assignments from Nishida and McCormick is to work with the new server and network administrator to develop recommendations for a security policy to address the threat of malicious software. Create a list of general recommendations that you can use in your first planning meeting with the new administrator.

Answer:

The general recommendations should parallel those in the text, which are:

▪ Train users in security techniques.

▪ Train users about how malicious software works.

▪ Use a malicious software scanner on floppy disks, CD-Rs, and CD-RWs before using them on another computer.

▪ Control the types of media, files, and software brought in from outside the organization.

▪ Limit the types of software that users can install themselves.

▪ Create one or more quarantined areas for files from unknown sources.

▪ Control what files are allowed to be downloaded from off-site locations and if files must be downloaded, put them in a quarantined location until they are scanned.

▪ Scan incoming e-mail and attachments.

▪ Discard e-mail attachments from unknown or untrusted sources.

Case Project 2-4: Updating Operating Systems

Your audit of security reveals that the law firm has been updating the NetWare and Windows servers on a regular basis, as well as the Windows XP Professional systems, but they have not installed any new patches on the Red Hat Linux server or on the Mac OS X desktop computers. Create a document for the new administrator that briefly outlines the steps for performing updates on the Red Hat Linux and Mac OS X computers.

Answer:

The steps for updating Red Hat Linux 9.0 using the Hat Network Alert Notification Tool are generally as follows:

1. On the Panel near the clock, click the exclamation point icon in the red circle or the two arrows icon in the green circle.

2. Select the Available Updates tab and note the updates that need to be made.

3. Click the Launch up2date button.

4. Click Forward after the Red Hat Update Agent window starts.

5. Use the default channel selection and click Forward.

6. Click Forward in the Packages Flagged to be Skipped box.

7. Click the Select all Packages box. Make sure you have enough disk space for the update.

8. Click Forward.

9. Click Forward when you see the message, "All Finished. Click Forward to continue."

10. Click Forward.

11. Click Finished.

12. Click Close.

To obtain and install updates in Mac OS X using the Software Update tool:

1. Click the System Preferences icon in the Dock or click the Go menu, click Applications, and double-click System Preferences.

2. Click Software Update and make sure that the Update Software tab is selected.

3. Ensure that Automatically check for updates when you have a network connection is checked. Change the schedule for updates, if desired.

4. Click the Installed Updates tab, if you want to view updates that have already been made.

5. Click the Update Software tab.

6. Click the Check Now button to access the Apple web site and check for updates.

7. Click the Install button.

8. Enter your account name and password and press Return. The download and installation may take several minutes. When it is finished you will see the message: Status finished.

9. Restart the system, if requested.

Case Project 2-5: Protecting the Windows XP Professional Systems

Your security audit also shows that Windows XP Professional users are not backing up important system files through creating periodic ASR sets. Create a “how to” document for the users explaining the importance of an ASR set and how to create this system backup.

Answer:

Users will need a blank floppy disk and a CD-R, CD-RW, or tape for the backup. With these available, the following steps outline how to create an ASR set:

1. Click Start, point to Accessories, point to System Tools, and click Backup.

2. When the Backup or Restore Wizard starts, click the Advanced Mode link.

3. Click the Automated System Recovery Wizard button.

4. Click Next when the Automated System Recovery Preparation Wizard starts.

5. Change the path for the default file name to the CD-R or tape drive you are using. Insert the CD-R, CD-RW, or tape.

6. Click Next.

7. Click Finish to write the backup files to the CD-R, CD-RW, or tape.

8. Notice the Automated System Recovery information box and then the Backup Progress dialog box as the files are being copied.

9. When requested, insert a blank formatted floppy disk and click OK.

10. Remove the floppy disk and CD-R, CD-RW, or tape, and click OK.

11. Close the Backup Progress dialog box and the Backup Utility window.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download