* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Chapter04
Survey
Document related concepts
Information security wikipedia , lookup
Airport security wikipedia , lookup
Cross-site scripting wikipedia , lookup
Wireless security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Distributed firewall wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
Windows Update wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Mobile security wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Unix security wikipedia , lookup
Transcript
Security+ Guide to Network Security Fundamentals, 2e Solutions 4-1 Chapter 4 Review Questions 1. You can start to build defenses for your information systems by creating security ___________. a. foundations b. baselines c. pillars d. planes 2. In Microsoft Windows, the name of the background program, such as Svchost.exe, is called a _____ . a. process b. service c. display service d. parent service 3. Stopping and then starting again a service is sometimes called a ______________. a. restart b. disable c. process d. reable 4. A nonsecurity advantage of disabling a service is that ____________. a. ROM is preserved b. the operating system can perform fewer functions c. communication with firmware is enhanced d. it frees up RAM 5. A(n) _____ identifies what program or service on the receiving computer is being accessed. a. process b. port number c. UPD designator d. service-initiated socket (SIS) 6. Port 80 identifies the service as Web traffic (HTTP). True or false? 7. Determining which services to turn off is a very simple task. True or false? Security+ Guide to Network Security Fundamentals, 2e Solutions 4-2 8. With open source software such as Linux, the user community provides updates. True or false? 9. A patch should be applied before a service pack. True or false? 10. Tools that assist in the update procedures of distributing and testing patches are known as patch management tools. True or false? 11. A process provides what is known as a(n) _____ to the operating system. service 12. When a service is in _____ mode, it starts every time the computer is turned on. automatic 13. _____ mode allows Windows to start a service whenever it is needed. Manual 14. A service that has been set to _____ mode is not loaded, even if it is needed. Disable 15. Explain the differences between a service pack, a hotfix, and a patch. Of the different types of software updates there are three that are most commonly used. The service pack, which is a cumulative set updates including fixes for problems that have not been made available through updates, are the most broad. After installing the current version of the operating system software on the computer the very next step should be to install the service pack (or packs). This will serve to update the software to the fullest extent. The second type is known as a hotfix. A hotfix does not typically address security issues. Instead, it addressed a specific problem in software, such as a feature that does not work properly. Once all of the service packs have been installed on a new system then any hotfixes should be applied. The third common update is a patch, or a software update to fix or repair of a specific security flaw. Patches may be released on a regular or irregular basis, depending upon the vendor or support team. Patches for a local operating system can be installed by the end user on his or her own system. 16. What are the desirable features of a good patch management system? Patch management attempts to identify the systems that need updates and then installs and tests those updates as well as identifying any new vulnerabilities. The features of a good patch management system include: Patches can be targeted at certain groups of computers for deployment Computers are automatically rebooted after the patch is installed A reporting system verifies the download and installation of the patch Third-party management and patch tools should connect to the patch management system Patches can be downloaded from the Internet onto a local patch server and then the updates can be distributed locally so that patches can be applied to computers that do not have Internet access Patches can be copied to a CD from the local patch server and installed manually if necessary Security+ Guide to Network Security Fundamentals, 2e Solutions 4-3 17. What are security template snap-ins? Microsoft Windows systems provide a centralized method of defining security on a computer. The Microsoft Management Console (MMC) is Windows a utility that accepts additional components known as snap-ins. Snap-ins, available from either Microsoft or other third-party vendors, adds additional functionality to the operating system. One of the useful snap-in components is the Security Template snap-in. Security Templates do not introduce new security parameters, but rather organizes all existing security attributes into one place to make security administration easier by providing a single point of entry where all system security can be viewed, adjusted, and applied to a local computer. 18. List some ways to secure a Web server. Some of the steps that should be followed to harden a Web server include: Use ACLs to limit a Web surfer’s ability to navigate and browse the content and run selected applications; they should never be given permissions to write to the server. Be sure that patches and service packs are regularly used to update the server. Keep in tune with exposed Web server vulnerabilities by subscribing to security organizations that distribute information on the latest flaws, or regularly visit attacker Web sites. Delete any sample files that may be included with the installation that are intended as references; these may have security holes in them. Isolate the Web server from the internal network Be sure that the Web server records its actions on a log file and examine the file regularly If the server will be sending or receiving sensitive information, implement a technology that encrypts the transmission 19. What is an open mail relay? How can it be prevented? An open mail relay occurs when a mail server processes mail messages when neither the sender nor the recipient is a local user. The mail server is used to “bounce” e-mail from one outside source to other sources. In this case the mail server becomes an entirely unrelated third party. Spammers use open mail relays to to distribute hundreds of thousands of e-mail messages that can only be traced back to the open mail relay and not the spammer’s computer. Open mail relay can be prevented by properly configuring the mail server. Only trusted users should be given permission to send outgoing e-mail messages. This can be set by specifying a IP range of addresses. Another option is to specify which systems are allowed to send mail through the mail server. 20. What is a rule base and how is it used? The rules that a network device will use to permit or deny a packet are sometimes called a rule base. Because more than one criteria is used, such as deny packets arriving from a specific site or that attempt to access a specific TCP port, ACLs end up being lists of rules instead of one specific rule. Because each packet must be compared to the Security+ Guide to Network Security Fundamentals, 2e Solutions 4-4 set of rules before it can pass through, it is important that the rule base size be limited to about 40 rules. As packets arrive they are compared to each rule in sequence: the packet is first compared to Rule 1, and if it passes it is then compared to Rule 2, etc. The most important rules should come towards the top of the list. The last rule should be a “general” rule that covers malicious packets that have not been detected by any previous rules.