ISM quiz 1-3
Of the three dimensions of information security, which was/ were affected by Cablegate?
Of the three dimensions of information security, confidentiality was violated in Cablegate. Top secret memos were leaked and had the identifier "Cablegate". These memos obtained were obtained by a member of the US military who had access to their intranet networks, he downloaded the files and put them on wikileaks to share this information for the entire world to see which was embarrassing for the US States Department.
What is Active Directory? What role does it play in maintaining information security on Windows computers?
The server line for computers running Microsoft Windows includes a number of services for access control and user management that are not available for the desktop line, the most important one of these services being the active directory domain services. Active directory is a collection of technologies that provide centralized user management and access control across all computers that are members of the domain. Once someone is confirmed to have domain membership, group policies can be applied to domain users and computers to control user access to features on specific computers in the organization.
Define user management. How does user management impact information security?
User management, a key component of access control, is defining the rights of organizational members to information in the organization. This can be creating and removing users accounts but also includes updating records appropriately when users change roles. It is common to organize users into groups by their privileges because it is easier to manage a large number of users that way. This group could be used for granting access to certain resources on the website or as a mailing list for email discussions.
What would the owner of the .bashrc file have to do in order to be able to edit the file if its current permissions are 444?
444 means that the owner, group, and world can read the .basfrc file. In order to change this they would first have to change into super user privilege. Then they would have to use the cd command to go into the directory than contained the .bashrc file and then once there, use chmod 644 .bashrc this will add the capability of writing in the file so the owner now have write and read privilege. I would also recommend doing a ls -laF to make sure that it actually worked.
What is confidentiality?
A lot of people associate confidentiality with information security. Confidentiality can be defined as preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information. An easier definition to comprehend would be only authorized users and processes should be able to access or modify data.
What is a single point of failure? How do system administrators typically deal with single points of failure?
A single point of failure is a part of the system whose failure will stop the entire system from working properly. Single points of failures have availability implications because if something causes the system from working then no one will be able to use it. The most common solution to single points of failures are redundancy, which is surplus capability, which is maintained to improve the reliability of a system. An example of this is to have spare power supplies ready to be installed to minimize downtime of the system.
What is a system update? What are the challenges in keeping systems updated? Why is it important for information security?
A software update is the act of replacing defective software components with components in which the identified defects have been removed. Through both the use and monitoring of software, usually system administrators can see were vulnerabilities are and so they would use a system or software update to fix those vulnerabilities. This can sometimes be done through operating system updates which fix issues with the low-level components of the system software and are developed and released by the operating system vendor directly. Another type of software update is an application update which fix problems in individual applications. These typically involve much more work on the system administrator's part because applications are often customized with plugins from other vendors and sometimes by in-house developers.
Who is a system administrator
A system administrator is the person responsible for the day-to-day operation of a technology system. They provide the first line of defense to secure critical information systems. System administrators are extremely important because they verify the day-to-day operation of a technology system, so they often also hold the role of system security officer. A system security officer is the person who is responsible for writing, enforcing, and reviewing security-operating procedures. Starting in recent years, system administrators have deployed virtual machines to increase the efficiency of utilization of their computer hardware.
What are some benefits of virtualization?
A virtual machine runs exactly like the host machine that its on, however there is no risk to damaging computer hardware. They can be extremely useful to businesses, especially during peak usage time such as holidays because they can be run as web servers for customers to use, and then turned off when business dies down. A company gets access to virtual machines through their IaaS provider and combining IaaS and virtual machines is a lot let expensive than buying and maintaining enough servers to handle peak load, so they only pay more when they actually need to use the virtual machines.
What are access control lists? How are they used?
Access Control Lists (ACL) are usually passed over in favor of file permissions. This is used to control file permissions for all users who can/cannot have access to the file as well as what that they can do with the file.
Define access control. How can weak access controls impact information security?
Access control is limiting access to information system resources only to authorized users, programs, and other systems. Access controls main purpose is establishing what a user can and can't do on the system, specifically with certain files, access ports, or directories a user can read or access. Access controls can also be applied at the application level, such as limiting viewing rows and columns a user can view. A key component to access control is user management, which is defining the rights of organizational members to information in the organization
What is recursion in the context of file operations? How is it helpful? Why should you be especially careful when using recursion in file commands?
Adding the -r (recursive) switch allows cp to work with directories as well as files (mv always works recursively). Recursion is the act of defining a function in terms of itself. This will allow all directories as well as file to be copied but the files shouldn't be affected just copied. The recursive switch (-r) can be used with rm to delete directories, however, using the recursive switch with rm is potentially much more dangerous. rm -r deletes each and every file in the directory, then deleting the directory itself which can be extremely detrimental to the user.
Provide an example of a violation of availability.
An example of a violation of availability would be when a Denial of Service attack occurs. A malicious actor is overwhelming the system with a high amount of traffic so the company can't keep their website up. This leaves both employees and consumers to not have access to their account when they usually would be able to access it.
Provide an example of a violation of confidentiality
An example of a violation of confidentiality could be an unauthorized user hacking into a highly secure computer system, such as a government agency, to steal information such as employee records, financial statements, etc.
Provide an example of a violation of integrity.
An example of a violation of integrity could be the Enron scandal where financial officers reported inaccurate numbers and caused the company to go bankrupt. Another made up example would be someone hacking into an organizations website to deface the website with inappropriate slang or pictures
What is availability?
Availability means ensuring timely and reliable access to and use of information. An easier definition would be that authorized users should be able to access data whenever they need to do so. An example of this would be logging in to your bank account every time you need to check your account
What are some of the benefits of using an IaaS provider?
Because an IaaS provider gives/sells the company hardware equipment such as processors, storage, and routers and they take responsibility for that hardware's installation and maintenance. Along with that, all operating system and application administration must be performed by the organization's system administrators. The pricing plan is set up to be good for both large and small companies because it is on a subscription basis and is based off of usage by the company.
What is the cd UNIX command used for? What are some useful arguments with the command?
CD is the change directory command that allows us to switch to another directory. The target folder name is specified as the argument to the command. For example, the command "cd /usr" takes you to the /usr folder. The parent directory, the directory directly about the current one in the hierarchy, is represented by two periods (..)
What are some of the strengths of information security as a career choice?
Employment rates for an Information Security professional are high (243,330 in 2010) and continuously rise each year. They have a great mean salary of $79,370 per year. The job demand for Information Security professionals is fueled by criticality of information for both individuals and organizations as well as the information already gathered by organizations that can be retrieved from a computer system. The value of information is extremely higher and its only expecting to go up, so there will always be a need for Information Security professionals. New devices such as smartphones, smart watches, smart TV's and much more are continuously being created so they need qualified professionals, such as information security specialists, to make sure their devices are secure. These professionals are seeing a majority of their work in the categories of regulatory issues, policy development, and managerial issues so they are non-technical in nature. Not only can you except great financial compensation for choosing this as a career, information security professionals have a very exciting job that gives them the satisfaction that they are helping millions of users stay protected from cyber-attacks, and you might be able to make your way into top management at an organizations with this career.
1. What are some of the most common ways in which the carelessness of end-users can lead to a loss of sensitive information?
End-users often aren't thinking in terms of security when they do majority of their activities on the internet. One of the most common mistakes that an end-user makes is using the same username/passwords for several accounts. This common mistake often leads to their accounts being hacked because once a hacker knows the password for one account, they know the password for several other accounts as well. Going along with having the same passwords, users also often chose for their computer to save their passwords, so it is quicker and easier to log into an account the next time. This is dangerous because if someone is able to gain access to their device they now have a list of every single password to each account the user has
What is the difference between cold spares and hot spares?
Extra parts, such as a spare power supply, are known as cold spares and are useful for minimizing the downtime of the system. However, this won't prevent the system from going down, just shortens the time that it is unavailable. Large computer servers usually utilize hot spares which are redundant components that are housed inside the server and can replace the failed component with no downtime of the system. Redundant components allow system administrators to handle external failures as well, such as battery backups allow system admins to deal with a potential power failure
How would you use the find command to search for the "messages" folder, which you know exists in the /var folder?
Find /var -name messages
What are group policies? How do group policies assist system administrators in maintaining information security?
Group policies are an infrastructure that allows you to implement specific configurations for users and computers within a domain. They are often used to restrict certain actions that could lead to security risks or issues such as not allowing users to download executable files or deny access to certain programs.
If your identity is compromised, what damage is possible to your personal life?
If someone has your social security number, they can do serious damage to your credit score and really cause some trouble in your life. Just as we saw in the example this can be used to take out loans, apply for credit cards, access your bank account, and much more. Unless the person whose identity was stolen realizes it, they can take a significant amount of money from them as well as rack up credit that will need to be payed off. This can completely ruin someone's credit score and prevent them from getting future loans and credit cards
What is the setfacl command used for?
If you have multiple people that need to have differing levels of access to a file, you can use access control lists to do so. using the setfacl command you can easily assign a group of users privileges for a file or directory.
head/tail
If you only need to see a few lines from the beginning or end of a file, use head and tail. The -n switch controls the number of lines the program displays - the default is 10 lines.
What would be a useful way to use the tail command to view log files?
If you use the tail command, it will only show you the last few lines from the end of a particular file. The default amount of lines is 10 but this can be changed using the -n function.
What were some of the immediate factors that led to the creation of the US Cyber Command?
In 2009, It was reported by the Wall Street journal that intruders broke into the computer networks of defense contractors that were actively developing the Joint Strike Fighter (F-35 Lightning II), a $300 billion project by the Department of Defense. This project was the DoD's most expensive weapons project ever which used over 7.5. million lines of code. The intruders stole terabytes of data related to the aircraft's design and electronics and it was believed that enemies would use this to create their own version of the aircraft. It was reported in the same month by the Wall Street Journal that the US electricity grid had been penetrated by spies from China, Russia, and other countries and they had injected computer software into the grid, which could be used by remote control to cause damage. This sparked the creation of the US Cyber Command to defend US military networks.
What is a software package? What are some common formats in which software packages are distributed?
In linux, applications are often called packages, so a software package would just be a software application either on the computer or waiting to be installed or it could just include software updates. Linux and most of the other UNIX-based operating systems distribute operating system and application updates as software packages. Instead of packaging all of the files needed by an application into a single file, applications are split into smaller components that could be reused by other applications. These components are then turned into software packages.66
Which in your opinion is the most important of the three components of information security? Why?
In my opinion, confidentiality is the most important of the three components of information security. This is because when people typically think of an internet attack, they are usually referring to a violation of confidentiality such as being hacked on twitter or having their information stolen from an attack on a huge company such as a bank. It ensures that people who aren't authorized by a company can't see your secure information while making sure that there are employees that can see it so that they can support you if anything goes wrong with your account. In simpler terms, it keeps the bad guys out and the good guys in.
Define Infrastructure as a Service (IaaS).
In response to the complexity of system administration, SaaS and IaaS emerged to help with this issue. Infrastructure as a Service, also known as IaaS, is a business model in which an organization uses hardware equipment such as processors, storage, and routers from the IaaS provider. IaaS is also considered a form of cloud computing. IaaS provider provides only the hardware and takes responsibility for just the hardware installation and maintenance. All operating system and application administration must be performed by the organization's system administrators
Provide a brief description of the OVA file format
In the lab, we will install a CentOS onto virtual box, a Linux based operating system. This will allow us to perform several activities and have hands on experience with how to provide good information security to a system. An OVA file is a virtual appliance that is used by virtualization applications, in this case VirtualBox. It provides files to describe a virtual machine so that it can be run on the virtualization application.
What is information security?
Information security can be defined as protecting information and information systems from unauthorizes use, access, disruption, disclosure, modification, or destruction in order to provide confidentiality, integrity, and availability. This definition is from the code of law in the United States but is said to be consistent across the industry.
What are some of the common professional responsibilities of information security professionals?
Information security professionals are most commonly known for planning, implementing, upgrading, and monitoring security measures of computer networks and information. They can also ensure that the appropriate security controls are set in place that will safeguard digital files as well as important electronic infrastructure. Although an information security specialist do perform these tasks, the most common responsibilities include researching new technologies, internal/political issues, making sure that they are meeting regulatory compliance, and also developing internal security policies, standards, and procedures. They also are anticipating information related problems and are working to minimize their impact
What is integrity?
Integrity means guarding improper information modification or destruction and includes ensuring information non-repudiation and authenticity. An easier definition would be that data should be maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously. This means that the information should not be changed unless it was authorized to change to something specific.
What is Linux? Why is it popular? What are some of the most popular distributions of Linux?
Linux is a Unix-like operating system that does not contain any source code from earlier Unix operating systems that provides an environment with a lot of tools and features as you could find in Unix servers. It was released as an open source software which is a software in which anyone is able to modify the source code and distribute his or her changes to the world. It was made like this so that developers could share their innovations with the world without being limited by restrictions imposed by operating systems. This makes it so they have thousands of developers actively looking to improve Linux at all times. Everyone is free to make their own Linux distribution and there are thousands out there already to use. The most common Linux distribution in a business setting is Red Hat Enterprise Linux (RHEL) which freely provides the source code for the entire operating system. CentOS is also used for examples throughout the book.
Provide a brief description (2-3 sentences max) of the information security features of the latest version of Microsoft's System Center or comparable product
Microsoft's System Center Configuration Manager (SCCM) provides the system center a way for system administrators to manage the installation process of Windows applications on hundreds of servers from just one console, they can also manage the services and software to be installed. There is also a monitoring system called System Center Operations Manager which does the job of alerting the system administrators of hardware failures or other issues affecting the availability of data so they can actively look for a patch or solution to it
What is monitoring? How does it help information security?
Monitoring can be defined as listening and/or recording the activities of a system to maintain performance and security. The system administration tasks in monitoring come in two varieties: reactive monitoring and proactive testing. Proactive testing is testing a system for specific issues before they occur so they can find any vulnerabilities before someone else does. Reactive monitoring is the act of detecting and analyzing failures after they have occurred.
What was operation Aurora?
Operation Aurora Googles chief legal officer posted on his blog in 2010 that the company had detected an attempt to steal its intellectual property originating from China. Operation Aurora was basically an attempt to steal code base, an unencrypted version control system, and access emails of Chinese human-rights activists. The attacks were traced back to two educational institutes in china. China called the attacks and attempt by students to refine their skills
What is proactive testing? What are some common proactive testing methods?
Proactive testing is testing a system for specific issues before they occur so they can find any vulnerabilities before someone else does. A common practice is to use vulnerability scanners to access a company's systems and look for potential vulnerabilities so that they can be resolved quickly before someone outside of the company could use it against them. Companies can also hire a professional security firm to do penetration testing, which is actively exploiting vulnerabilities found and assessing the level of access that is gained from them.
What is reactive monitoring? What are some common reactive monitoring methods
Reactive monitoring is the act of detecting and analyzing failures after they have occurred. System administrators can use automated monitoring tools to see how healthy or secure their network is that could detect an information security failure. Also, log management tools collect and analyze the system logs from all of the servers across a network and correlate events between servers. These monitoring tools assist system administrators in finding unusual events which could mean a security compromise in the system that they would need to fix.
What is software configuration?
Software Configuration is selecting one among several possible combinations of features of a system. A system administrator has to be careful about how complex they chose to make a system. This is because complex configurations can create vulnerabilities due to the interactions among components and the inability of system administrators to fully comprehend the implications of these interactions. Also, it's important to note that many of the desirable software components are not well maintained which creates security issues.
Briefly describe the outage that affected the Sony PlayStation network in 2011
Sony announced that there had been an external intrusion that compromised its PlayStation Network and Qriocity service. The hackers were also able to steal personal information on the networks 70 million subscribers, which could have included credit card information. The company decided that it was best to take the network offline following the attack and it stayed down all summer, letting millions of kids on summer break down. The impact of the network being offline had a huge impact on families all around the world. Sony tried to fix the systems weakness and put the network back online, but then realized that it wasn't fully fixed, so they immediately took it back offline until the problem was completely solved and the system was fully secure again.
1. What are some of the ways in which stolen information can be used for profit?
Stolen information such as login credentials are extremely profitable to cyber criminals who are looking to commit crimes for various reasons, but especially monetary gains. If a cybercriminal has an idea of someone's most common usernames and passwords, they can use this information to log onto several of the victim's accounts, such as a bank, and steal more information or even just taking the money in your account. They can find your social security number from your financial institution and create new bank accounts, credit cards, and much more in your name and they won't be held responsible for the charges that they make unless they get caught.
Briefly describe the most important skills that information security professionals are expected to possess to succeed in their job.
Successful information security professionals are expected to have expertise in systems analysis and design. This is very important because they identify possible vulnerabilities entering homegrown applications, system administration skills to examine systems and identify traces left behind by hackers (forensics), and risk management.
What is system administration
System administration is a set of functions that provides support services, ensures reliable operations, promotes efficient use of the system, and ensures that prescribed service-quality objectives are met. This position entails the installation, configuration, and maintenance of network equipment, and computer systems. Depending on the complexity and size of the systems involved, these services could take up a small portion of an IT workers time per week or on the other extreme, it could take an entire team of system administrators, programmers, and support personnel.
Why is system administration important to information security
System administration is the first line of defense for the CIA triad. System administration is extremely important because a flaw that could hurt or bring down the company's network system is extremely harmful to a company's reputation and profit. Every minute that a critical business system is off-line could mean thousands, or even millions, of dollars of lost revenue. This is the reason why system administrators are so important to the information security industry. It is the responsibility of the system administrator to anticipate upcoming issues and use appropriate methods to prevent the hardware failure from affecting end users.
What is the role of a system administrator in maintaining information security in an organization?
System administration is the first line of defense for the CIA triad: confidentiality, integrity, and availability which are all extremely important in information security. If any breaches of security where to happen, such as not being able to see your grades, or a stolen transcript were to happen it would be because there was a system administration failure. It is a system administrators' job to anticipate security issues and use appropriate precautions to make sure they won't actually happen. All roles of a system administrator has is related to information security and most technical aspects of information security are addressed by system administrators.
Based on the case, identify the failures in execution of the common system administration tasks at T J Maxx at the time of the case.
System administrators failed to do a lot of tasks that could have prevented the incident from occurring. They could have implemented group policies to restrict their cashiers to only have access to basic materials and not corporate files that lead to security risks in having access to credit card logs and databases. They could've performed proactive testing to see that it would be easy to access the credit card database or even hired a company to see the worst-case scenario what a hacker could do to the system to see that it was weak. I think that because of the incident, TJ Maxx and its system administrators definitely learned their lesson that access control should be actively monitored, and they should set it up better.
What is a virtual server?
System administrators have started using virtual machines to increase the efficiency of utilization of their computer hardware. Virtual machines are a software container into which an operating system and applications can be installed, and they act exactly like their PC that they are using but without the risk of damaging the real computers hardware. They can be started and stopped on demand, so the company can choose to run virtual machines as web servers during peak business time. A company gets access to virtual machines through their IaaS provider and combining IaaS and virtual machines is a lot let expensive than buying and maintaining enough servers to handle peak load, so they only pay more when they actually need to use the virtual machines
How does software configuration impact information security?
System administrators have to be careful about how they chose to configure a system. Overly complex configurations can create vulnerabilities due to the interactions among components and the inability of system administrators to fully comprehend the implications of these interactions. But they also have to add a lot of configurations so you can perform necessary features on a system. Also, it's important to note that many of the desirable software components are not well maintained which creates security issues. The general recommendation among professional system administrators regarding configuration is "when in doubt, do not install" an update
Briefly describe the Morris Worm. What are some of the factors that make it a landmark in the evolution of information security?
The Morris worm was a 99-line self-replicating program that was intended to measure the size of the internet. As a result of the way the program was designed, it brought down many systems infected with the program and achieved several landmarks in the process. It is considered the first internet worm that is estimated to have brough down 10% of the internet, the largest fraction of the internet down that was ever seen. It was also the first conviction under the Computer Fraud and Abuse Act. It also prompted the US government to establish CERT coordination center at Carnegie Mellon University as a point to coordinate industry-government response to internet emergencies in the future
What are some of the important day-to-day activities performed by system administrators?
Tasks of a system administrator include installation and configuration of the system so it can be used by employees or customers, access control and user management so users can find what they need without causing damage to the system, continuous monitoring of the system to ensure all components are operating as expected, and very importantly, applying updates when monitoring reveals performance or security-related issues. Installation is the process of writing necessary data in the appropriate locations on a computer's hard drive for running a software program. Software Configuration is selecting one among several possible combinations of features of a system. Access control is limiting access to information system resources only to authorized users, programs, and other systems. A key component to access control is user management, which is defining the rights of organizational members to information in the organization. Once a system administrator has installed a program to run, it must be monitored: listening and/or recording the activities of a system to maintain performance and security. This can be done through proactive testing, which is testing a system for specific issues before they occur so they can find any vulnerabilities before someone else does. Once a vulnerability is uncovered, it is best to install a software update to fix the issue. A software update is the act of replacing defective software components with components in which the identified defects have been removed. This can sometimes be done through operating system updates which fix issues with the low-level components of the system software and are developed and released by the operating system vendor directly
How does HIPAA (the Health Insurance Portability and Accountability Act) affect the profession of information security?
The Health Insurance Portability and Accountability Act also had very important information security implications. The act pushed for electronic health records and because information security was being recognized as a great concern, the law made sure that provisions to make sure organizations were held responsible for maintaining the confidentiality of patient records. Healthcare companies are still working on digitalizing patient records, so this is still a major concern today
What are the provisions in the Sarbanes-Oxley act that are related to information security?
The Sarbanes-Oxley Act focused on making the key executives personally accountable for the correctness of the financial reports filed by their publicly traded company. The act had the major provisions, one of which has a major impact on information security professionals. Section 404 of the act had a major impact on the information security profession because it requires that the certification in section 202 of the act (requires the CEO and CFO of firms to sign a declaration of personal knowledge of all the information in annual filings) be based on formal internal controls. This has led to a significant in investments in internal controls over financial reporting in publicly traded firms.
Provide a brief description of the US Cyber Command and its activities.
The US Cyber Command was created to defend US military computer networks against attacks from adversaries. They also respond to incidents in cyberspace when it is deemed necessary. When it was created, here were concerns that the initiative might impose unnecessary restrictions on the civilian Internet in order to ensure full defense and be prepared for potential attacks.
Given the ls output above, how can you use the chmod command to give write permissions to all members of "accounting_grp" to the "accounting" folder?
The chmod command is used to change the permissions on a file or directory. Most of these commands must be run with super user privilege (done with the su - command) but this can be a bad thing because a simple mistake can be disastrous when using the super-user account. You can add the write permissions by using this command: chmod 771 accounting.
How did the development of inexpensive computer networking technology (TCP/ IP) affect information security?
The development of the core internet technologies, TCP and IP, had a notable impact on the creation of information security, although it wasn't a concern at the time in 1981 when it was created. When the core technologies of the internet was finalized there was no mention of security in this technology because the new growing technology world was not concerned with information security because there had been no major issues in stealing information over technology up to that point.
What is a domain controller?
The domain controller for a specific domain is the server that implements the active directory rules within a domain. It maintains information on user accounts, authenticates users on the domain based on this information, and authorizes these users to access resources on the domain based on the group policy from the group that they were assigned to by system administrators.
Briefly describe the activities of the gang of 414's.
The gang of 414's was a group of six teenagers that found it exciting to hack into systems that they weren't supposed to have access to. They used home computers, phone lines, and default password to break into about 60 high-profile computer systems, including Memorial Sloan-Kettering Cancer Center in New York and Los Alamos Laboratories. The teenagers did no harm to the systems that they got into; it was just rather alarming that they were able to get into them at all
What is the getfacl command used for?
The getfacl command lists the ACLs that have been set on a file. In other words it will show who can access the file and what functions they can perform with the file.
Briefly describe the impact of the gang of 414's on information security
The incident received a lot of publicity including a Newsweek cover story titled "Beware: Hackers at play" which is believed to be the first time the term "hacker" was used in mainstream media in the context of computer systems and security. The teenagers did no actual harm to the systems other than getting into them, but it was a big wake up call to the computer security industry that the simple technique that the kids did could be replicated by others who could do actual damage. The US congress as a result of the incident held hearings based on computer security and after more incidents occurred, they passed the Computer Fraud and Abuse Act of 1986, which made it a crime to break into federal or commercial computer systems.
What is the function of the kernel?
The kernel is the software which provides controls for hardware devices, manages memory, executes code on the computer's CPU, and hides the details of the underlying physical hardware from user applications. This allows application developers to ignore the details of the underlying hardware when developing applications, greatly simplifying application development.
What is a path? What is the difference between a relative and absolute path?
The location of a file or directory in the hierarchy is referred to as its path. Absolute paths are the exact location of the file that is being referenced. They include each directory above the current one up to the filesystem root. Relative paths give the location of the file in relation to the current directory.
What is the shell? What shell program is present in all versions of UNIX? What is a shell prompt?
The shell is a text-based program that allows the user to interact directly with the kernel. Common operations performed using the shell include starting and stopping programs, controlling the execution of programs, and starting or stopping the computer. The shell hides the complexity of the kernel from the user so that the user can enter commands in plain English and rely on the shell to translate these commands into the binary code necessary for the kernel to execute them. While graphical operating systems such as Windows keep the shell hidden, Unix-based operating systems like Linux or Mac OSX automatically start a shell on start-up. This shell runs behind the scenes, starting and stopping programs in response to GUI operations. The shell is also accessible directly as a terminal. Bourne-again Shell (Bash or .sh) is present in all mac and most Linux systems.
What is the top of a filesystem hierarchy called? How is it represented in UNIX systems?
The top of the hierarchy is referred to as the filesystem root and is represented as a single slash (/). Each directory can contain files or sub-directories, or a combination of both.
How can you search for all installed software packages on your system?
The yum list command will display all of the packages that are available and yum search allows you to search for packages whose title and/or description contain your search terms.
How can you use the yum command to update all the software on your system?
The yum package manager assists the system administrator in the tasks of installing new packages, tracking dependencies, and updating packages. Yum works by building a database of the currently installed RPM packages on the system and then com- paring them to online package repositories, HTTP or FTP sites that contain all of the packages that have been released. The yum update command provides a simple way to scan all of the packages installed on a system, compare their versions to the latest available and report on the ones that need to be updated.
Why is working knowledge of the vi editor important for IT administrators?
There is only one file editor that is included with all Unix-based systems. That editor is vi. vi has been rewritten to work on every major operating system released since its intitial debut on BSD Unix systems. Because it exists on so many systems, vi is the de facto standard for text editing.
change ownership
To change the owner and group of a file, you will use the chown and chgrp commands, respec- tively. In this example, we will change the ownership of /home/share/README to the user dave and group library_grp
Provide a brief overview (2-3 sentences max) of the capabilities of Puppet, the IT automation software used by many system administrators.
To create an automated operating a systems administrator creates a file that contains instructions on how to configure network devices, hard drives and other common hardware, and a list of software packages that should be installed and includes post-install programs that will have to run to complete the configuration process. Puppet provides a cross-platform support for configuring software after an operating system installation that is used by major companies such as Google and Twitter. A system administrator can create a "puppet manifest" which lists the software to be installed and the desired configuration that can then be sent to one or more remote servers and install the software regardless of the underlying operating system.
What is the rm UNIX command used for? What are some useful options with the command?
To delete a file, a user can use the rm command to delete that file. The user just needs to go to that directory and then use rm (file name) and it will be deleted.
rm
To delete a file, use the rm command. rm text.txt
vitumor
To help first time users of vi, a short tutorial program (vimtutor) was developed. It takes you through all of the basic vi func- tions and introduces you to some of features that make vi an indispensible tool even 35 years after its initial developmen
1. What are wildcards (file name expansions)? Provide an example of how you may use one.
To simplify command entry, the Bash shell offers some wildcards, as listed in Table 3.3. The , [..], ?, and * characters are wildcards. Bash expands words containing these characters by replacing the word with a list of files or directories that match the filter created by the wildcard. For example you can do ls he?p.txt will return both heap.txt and help.txt
Provide a brief description of VirtualBox and its uses.
VirtualBox is a virtualization environment and an open source computer application that can be downloaded by practically anyone as long as they have the required operating systems (Intel or AMD processor) to create a virtual environment. VirtualBox allows a guest operating system to be installed so that you can run several operating systems on the same computer
What was the impact of Windows 95/ 98 on information security
When Microsoft released Windows 95 the operating system had a graphical interface and was designed to run on relatively inexpensive machinery and within a short time of its release it became the most successful operating system ever produces and ran other systems out of the market. It was designed primarily as a stand-alone single- user desktop operating system and therefore had almost no security precautions on top of majority of the users not having a password on their system with applications that ran on administrator mode. These flaws allowed information security breaches to happen often, some even day this terrible incident is what started information security careers
sticky bit
When a directory has this attribute set, any user with write access can create files in the directory, but only the owner can move or delete them.
Provide a brief description of the activities on which information security professionals spend most of their time.
While Information Security professionals do a wide variety of security related tasks, they spend most of their time working on regulatory issues, policy development, and managerial issues constitute the bulk of information security work. This includes researching new technologies, working with internal or political issues, meeting regulatory compliance, and developing internal security policies, standards, and procedures
What is the ls UNIX command used for? What are some useful options with the command?
You can use ls to list the contents of the current directory. switch, that can be passed to ls that prints results in a more standardized format: -F. This will add a slash to any directory in the system. This will make it easy for a user to differentiate between files and directories
List two commands you could use to change back to your home directory.
cd /home/alice or cd ~ can be used to change back to the home directory. (If you follow the tilde with a username, Bash expands it to the location of that user's home directory. As long as that user has granted you permission to do so)
yum install
downloads the requested package(s) and any package dependencies from a package repository. As an example, let's install the gnome-games package, which includes a few games such as Solitaire and Sudoku.
Octal notation: 1
execute only
find command example
find /etc -name httpd.conf
creating and deleting directories
mkdir and rmdir are used to create and remove directories.
What is the mkdir UNIX command used for? What are some useful options with the command?
mkdir is used to create directories in a system. It will create a new empty directory that the user can use or add files to if wanted
Octal notation: 0
no permissions
What is the pwd UNIX command used for? What are some useful options with the command?
pwd stands for "print working directory" and returns the absolute path of the directory you are currently in. When you login to a UNIX system or open a terminal window, you will normally be placed in your home directory.
Octal notation: 5
read and execute
Octal notation: 6
read and write
Octal notation: 4
read only
Octal notation: 7
read write and execute
rm -r
rm -r works by first deleting each and every file in the directory, then deleting the directory itself. The potential for disaster here should be obvious. Always check and recheck the path that you enter when using rm -r
Describe how a setuid executable file behaves when running
setuid of using the permissions of the user executing the file, this file will "run as" the owner.
setuid/setgid
setuid/setgid - Instead of using the permissions of the user executing the file, this file will "run as" the owner (setuid) or group (setgid) specified here.
changing into superuser
su (password: thisisasecret)
1. Given the following ls -l output, what do you know about the ownership and access permissions for the accounting folder? drwxr-xr-x. 2 root accounting_grp 4096 Jan 28 19:07 accounting/
the owner of the file can read write and execute the folder, accounting_grp can execute and read it, and outside people outside the accounting group, or the world, can only execute the folder. There are 2 filesystem hard links in the folder, it is a root user ownership, the accounting_grp has group ownership, the directory size is 4096 bits, it was last modified on January 28th at 7:07 PM and the directory name is accounting
Octal notation: 3
write and execute
Octal notation: 2
write only