Apply Your Knowledge

Exercises

8.1. Using the Windows Event Viewer

This exercise examines the Windows Event Viewer described in the “Windows Security Basics” section of this chapter. Access to a Windows NT or Windows 2000 system is required.

Estimated Time: 15 minutes

1.
Launch the Event Viewer. On Windows NT Systems, click the Start button, point to Programs, point to Administrative Tools, and then click Event Viewer. On Windows 2000 Systems, click the Start button, point to Settings, and then click Control Panel. Double-click Administrative Tools, and then double-click the Event Viewer icon.

2.
When the Event Viewer opens, switch to the System log. On Windows NT systems, click the Log menu and then click System. On Windows 2000 systems, select the System log in the left pane.

3.
Examine the entries in this log. Can you identify an informational message, a warning, and an error?

4.
Double-click several of the entries to get more detailed information. What did you discover?

5.
Repeat Steps 3–4 for both the Application log and the Security log. What type of information did those logs contain? Was there any information in the Security log? Why or why not?

8.2. Creating a Group Policy Object

In the “Group Policies” section of this chapter, you discovered that Windows 2000 Active Directory relies on Group Policy Objects to enforce system restrictions. In this exercise, you create a GPO that defines a minimum password length of eight characters. Completion of this exercise requires access to a Windows 2000 Server system.

Estimated Time: 20 minutes

1.
Click the Start button, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

2.
Drill down to an Organizational Unit of your choice.

3.
Right-click on that OU and click Properties.

4.
Click the Group Policy tab of the Properties sheet. Click the New button and name the GPO “Password Policy.”

5.
Click the Edit button.

6.
Expand the Computer Configuration node.

7.
Expand the Windows Settings node.

8.
Expand the Security Settings node.

9.
Expand the Account Policies node.

10.
Select the Password Policies node and double-click the Minimum Password Length row in the right pane.

11.
Change the minimum password length to 8 characters and click OK.

12.
Close the Group Policy Editor.

8.3. Understanding Unix File Permissions

In the “Unix Security Basics” section of this chapter, you learned how to interpret file permission strings. Match up the following permission strings with their descriptions.

Estimated Time: 10 minutes

Permission StringDescription
1. -rw-rw-rw-

  1. Group Members: read and write

    Owner: not specified

    Others: not specified

2. -rw-------

  1. Group Members: not specified

    Owner: read and write

    Others: not specified

3. -------rw-

  1. Group Members: read and write

    Owner: read and write

    Others: read and write

4. –rwx--x--x

  1. Group Members: not specified

    Owner: not specified

    Others: read and write

5. –---rw----

  1. Group Members: execute

    Owner: read, write and execute

    Others: execute


Review Questions

1:What are some of the tricks that hackers use to detect slightly manipulated passwords?
2:Why is a shadow password file useful?
3:What type of information does the syslog daemon record?
4:Why must setuid permissions be granted with extreme caution?
5:What types of users should be granted access to edit the Windows Registry?

Exam Questions

1:John is a system administrator with Insecure Technologies. He received a telephone call from a user seeking assistance with selection of a secure password. The user wants to choose from the passwords listed in the following list. Which one offers the greatest protection against crypto-graphic attacks?

  1. Server

  2. Revres

  3. Catd0g

  4. Arlina

2:Bill is concerned that some of the Microsoft Windows systems on his network might not have the most recent security patches issued by Microsoft. What tool can he use to scan all the workstations and servers on his network for security patches from a central location?

  1. Windows update

  2. HFNetChk

  3. Security toolkit

  4. MSD.exe

3:Sue is a security administrator with Wyuseus Technologies. After consulting with several of her colleagues, she determined that Wyuseus users rarely change their passwords. She wants to set a maximum validity period for each password. What type of password policy should she implement?

  1. Minimum length

  2. Password aging

  3. Password uniqueness

  4. Account lockout

4:What is the default password for the sa administrator account in Microsoft SQL Server 7.0?

  1. Password

  2. Secret

  3. Administrator

  4. None of the above

5:Ryan is a system administrator with a midsize advertising agency. The CIO recently asked him to spend one hour each day on activities that would enhance the firm's computer security. To date, the company has not dedicated any resources to security. What action could Ryan take that would have the biggest impact on his firm in the shortest amount of time?

  1. Run password-cracking algorithms

  2. Apply patches and service packs

  3. Check file permissions

  4. Develop a fire response plan

6:Beth is concerned that many end users installed unauthorized services on her network. She wants to use an automated tool to detect these services and develop a baseline for future analysis. What tool best suits Beth's needs?

  1. Satan

  2. Saint

  3. Nmap

  4. Ipchains

7:Renee worries that accounts on her network are vulnerable to brute-force password-guessing attacks. She wants to implement password controls that limit the effectiveness of those attacks. Which one of the following password policies best achieves that goal?

  1. Minimum length

  2. Password aging

  3. Password uniqueness

  4. Account lockout

8:What type of file security assigns a single password to each network resource?

  1. User-level security

  2. Network-level security

  3. File-level security

  4. Share-level security

9:Which of the following Unix accounts has system administrator privileges by default?

  1. Root

  2. Su

  3. Administrator

  4. Guest

10:Which of the following Windows accounts has system administrator privileges by default?

  1. Root

  2. Su

  3. Administrator

  4. Guest

11:John created a Unix file called secret that stores important company information. The permission string for that file reads -rw-rw-r--. Amanda is a user on the same system as John, but she is not a member of the same group. Assume that no one made changes to the file's ownership or group. What permissions does Amanda have on the secret file?

  1. Read only

  2. Read and write

  3. Read, write, and execute

  4. No permissions

12:What character is used in a Unix file permission string to represent programs that execute under a UID other than that of the current user?

  1. D

  2. C

  3. X

  4. S

13:Katie is concerned that Internet users have unrestricted access to her Unix Web server. She wants to limit access to users coming from specific hosts. What utility should she use?

  1. Chmod

  2. Nmap

  3. Tcpwrappers

  4. Postgres

14:What priority of a syslog message normally results in a broadcast to all users of a Unix system?

  1. Crit

  2. Emerg

  3. Alert

  4. Info

15:Travis is unable to change his current working directory to a particular directory on a Unix system. What character represents the permission he needs?

  1. R

  2. W

  3. X

  4. D

Answers

Exercise 8.3

  1. C

  2. B

  3. D

  4. E

  5. A

Answers to Review Questions

A1: Some techniques include reversing the letters of a word, adding a digit to the end of a word, and substituting for the number one the letter l and the letter 0 for the number zero. These are a few of the techniques identified in the “Password Policies”section of this chapter.
A2: The use of a shadow password file hides encrypted passwords from the prying eyes of hackers and lessens the likelihood of a dictionary attack against a system. See the Note “The Shadow Knows.”
A3: The syslog daemon captures event data from a variety of Unix services, including the authentication daemon, printer service, mail service, the system kernel, and the cron daemon. See the section “Logging and Syslog.”
A4: Setuid privileges allow a program to run as a user other than the current user. Administrators often use setuid to grant a utility root privileges. If used incorrectly, these permissions could have a disastrous impact on the system. See the section “Setuid.”
A5: Administrators should grant Registry access only to highly qualified technical personnel with a need to alter or view the Registry. Normally, this is limited to other administrators, technical support personnel, and software developers. See the section “Securing the Registry.”

Answers to Exam Questions

A1: D. Arlina is the only password in the list that is neither a dictionary word nor a variation that violates one of the rules listed in the “Password Policies” section.
A2: B. HFNetChk (the Microsoft Network Security Hotfix Checker) automatically scans an entire network for appropriate security patches. See the section “Patches, Service Packs, and Hot Fixes.”
A3: B. Password-aging policies set a maximum validity period for user passwords. When the password expires, the operating system prompts the user to change his or her password. See the section “Password Policies.”
A4: D. Microsoft SQL Server version 7.0 (and earlier) contained a major security vulnerability—the sa administrator account had no password by default. See the section “Known User Accounts.”
A5: B. Applying the latest vendor patches, service packs, and hot fixes ensures that systems contain the most recent vendor-released security fixes. See the section “Patches, Service Packs, and Hot Fixes.”
A6: C. Nmap is a Unix utility that scans an entire network and reports the services running on each system. See the section “Disabling Unused Services.”
A7: D. Account lockout policies limit the number of unsuccessful password-guessing attempts on a per-account basis. See the section “Password Policies.”
A8: D. Share-level security assigns a single password to each network resource. Share- and user-level security is discussed in the section “File/Folder Sharing.”
A9: A. The root account is the default administrator (or superuser) account on Unix systems. Su is the command used to gain root access to a system, but it is not an account in and of itself. See the section “Unix Security Basics.”
A10: C. The administrator account is the default privileged account on Microsoft Windows-based systems. See the section “Windows Security Basics.”
A11: A. Amanda is not the file owner or a member of the file's group. Therefore, the third set of access permissions, r-- (or read only), governs her permissions on the file. See the section “Unix Security Basics.”
A12: D. Setuid programs have an “S” as the first character of their permission strings. See the section “Setuid.”
A13: C. Tcpwrappers allows the specification of host-level access restrictions on a system. See the section “Tcpwrappers.”
A14: A. Crit (or critical) events are immediately broadcast to all users of a system. See the section “Syslog.”
A15: C. The Execute permission governs the ability to change the working directory on a Unix system. See the section “Unix Security Basics.”
Suggested Readings and Resources

1. Practical Internet and Unix Security, Simson Garfinkel and Gene Spafford .

2. Windows 2000 Security, Roberta Bragg .

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset