19021 Block 2

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

2b) Windows feats contribute to confid, integrity, availabil: Methods

-Anonymous: user does not supply credentials -Basic: user supplies creds in plaintext -Digest: same as basic but hashed -Integrated (Windows): NTLM and Kerberos

2b) NT LAN Manager (NTLM)

-Applies to versions prior to 2000 -Challenge/response based authentication protocol -Username and password are hashed before sent across network

1c) Windows Key Boot Files: OS Initialization

-Kernel: Subphase starts when by Winload.exe starts (invokes) the kernel (ntroskrnl.exe) -Session: initialization subphase is managed by the session manager process Smss.exe -Winlogon: Execution of Winlogon.exe begins the Winlogon initialization subphase -Explorer: Initialization subphase begins when Explorer.exe starts

1c) Windows Key Boot Files: BIOS

-Power On: power supply tests circuitry for proper voltage -POST: Power-on Self-Test sends commands to devices to perform checks -MBR: Master Boot Record is a small bit of file system boot code that scans partition table for system partition -Bootmgr: Primary job of bootmgr is to load winload.exe

4a) Benefits of virtualization

-Reduce capital and operating costs -Minimize or eliminate downtime -Enable business continuity/disaster recovery --Migration: process of moving a virtual machine from one host/storage location to another --Cloning: copy of an existing virtual machine

1c) Windows Key Boot Files: OS Loader

-Winload.exe: readies system to load the operating system kernel by loading into memory -Hal.dll: Winload.exe loads Hal.dll to implement the HAL -System Registry: Winload.exe loads System Registry hive -Drivers: Winload.exe loads drivers

3d) Explain relationship between /etc/passwd and /etc/shadow

/etc/passwd -Text file of accounts (except password) -Two account types: System and User -Read permission for all user categories ("root" user also has write) /etc/shadow -Text file of password info (password is encrypted) -Only root can read/open

1a) Windows OS Components: Hardware Abstraction Layer (HAL) (kernel mode)

Abstracts low-level hardware details from rest of OS -Different types of hardware look the same to kernel (MAKES KERNEL's LIFE EASIER) -Contains routines to give a program access to the hardware resources -Delivers support for symmetric multiprocessing (SMP)

4d) Live Migration (Microsoft) and vMotion (VMware)

Affinity -VM/VM: Ensure certain VMs are always running on same host (ex. application and database servers) -Host/VM: Ensure certain VMs stay on certain hosts (not migrated) due to possible licensing requirements -Anti-affinity: Ensure certain VMs never reside on same host for availability (ex. domain controllers)

4d) Virtualization tech: Failover Priorities

Allows admin to define the startup order of VMs running on that cluster in case of system failure -Most important VMs start first

4d) Virtualization tech to enhance security: Snapshots

Known good state that can be used as baseline for patching/network changes -Backup of OS, not of the data

4a) Define virtualization

Process of creating a software-based (virtual) representation os something rather than a physical one -Host: System that is installed first and then "hosts" or "contains" the virtual machines

4e) Identify constraints to editing VM configuration: Permissions

Based on user and group roles, policies -Can prevent other user from seeing VMs -Allow full administration of VM

4d) Virtualization tech to enhance security: Sandboxing

Creates logically seperate test environment -Used to test patches or system upgrades

4d) Virtualization tech to enhance security: Information Security

Process of keeping computers and networks protected from theft, corruption, unwanted publication, tampering/nat disasters, while keeping info and property accessible and productive to intended users

4a) Types of hypervisors: Open Source

Provided at no cost and delivers same ability as proprietary hypervisor to run multiple VMs

4e) Identify constraints to editing VM configuration: VM Infrastructure

Cannot fully virtualize some devices (ie. Cisco) -Use basic virtual switch but does not have all functions

4d) Explain virtualization tech used to enhance security: NIC Teaming

Capability of making many physical NICs appear as if they are one -Bandwidth aggregation, better throughput; makes fat connection out of multiple connections

1a) Windows OS Components: Services (user mode)

Computer program that operates in background and provides functionality to applications -May be required for: --Normal operation (system service) --Networking (network service) -Services can: --Be started by user (manually) --Auto start at system boot --By app that uses service functions SERVICES RUN IN THE BACKGROUND

1a) Windows OS Components: Applications (user mode)

Computer program written to run in Windows 10 -Require user intervention -May have one or more associated processes

2b) Kerberos

Consists of 3 players: client, server, KDC -KDC: Authentication Service(AS)- issues TGTs for connection to TG service in own or trusted domain --*TGService: issues tickets for connection to computers in its own domain -Standard after 2000

1d) HKEY_LOCAL_MACHINE (HKLM)

Contains all data for a system's non-user configurations (devices and programs)

1a) Windows OS Components: Executive (kernel mode)

Contains base OS services: I/O manager, file system cache, object manager, plug and play manager -*Executive takes load off of kernel (in terms of processes; like "Lt Kernel")

1a) Windows OS Components: Environment Subsystems (user mode)

Layer in user mode allowing Windows to run apps written for different operating systems -Subsystems include: --POSIX: Portable OS Interface, IEEE standard, Unix --OS/2: OS created by IBM to provide alternative to Windows (1987) --WIN32: 32-bit Windows application

1d) HKEY_CURRENT_USER (HKCU)

Like HKU but contains the personalized information of the current (active) user

1d) HKEY_CLASSES_ROOT (HKCR)

Defines standard class objects used by Windows -Combination of HKCU and HKLM ("legacy" = HKCR)

4a) Types of hypervisors: Proprietary

Developed and licensed under exclusive legal right of copyright (ex. Microsoft's Hyper-V)

4a) Virtual switches

Device that controls how network traffic flows between VMs and host and how network traffic flows b/w VM and other network devices

2b) Authentication Factors

Factor: something you know/have/are -Single/multiple fac authen -Single sign-on: no reauthentication with each network resource

1a) Windows OS Components: Windows and graphics (kernel mode)

Handles GUI windowing functions -Windows component mgmnt Graphics Device Interface (GDI): draws lines and curves, renders fonts. Transmits objects to output devices

4e) Identify constraints to editing VM configuration: Add or remove devices

Hardware devices can usually be safely changed after VM creation and guest OS installation -Be wary of changing: # of CPUs, virtual hard disk, memory allocated

1d) HKEY_CURRENT_CONFIG (HKCC)

Hardware profile info used at system startup when multiple options exist in HKLM

1a) Windows OS Components: Kernel (kernel mode)

Heart (core of OS) -Manages/responsible for: Thread scheduling, process switching, communicate with hardware (user and kernel mode processes dont have direct access to hardware, must use HAL functions) memory management, multiprocessor synchronization

2a) Windows server roles: DNS

Hierarchical distributed database - Provides a service that resolves a hostname to an IP address

3e) 3 categories of vulnerabilites

High risk: Remote Code Execution (RCE), Denial of Service (DoS) Medium risk: Privilege Escalation (PE) - horizontal/vertical, Security Bypass (SB) Low risk: Information Disclosure (ID) -Attack vector: path by which adversary gains access to perform malicious activities; delivers payload (worms, Trojan horses, spyware...etc)

4a) Virtual Machine (Guest)

Machine that emulates a physical computer and is managed by a hypervisor for access to actual physical resources -VM resources --Virtual disks/storage virtualization --Virtual NICs --Virtual switches --Memory

4d) 3 connection methods of network virtualization

Microsoft (VMware) -Private(Host-only): VM/VM only; VMs cannot communicate any other way -Internal(NAT): Allows VM/VM communication and comm to host -External(Bridged): Allows VMs to comm with other VMs, host and rest of phys network (most common)

4e) Explain virtualization as it applies to available physical resources

Min reqs needed for VMs: -Server hosting, VM name -Guest OS, hostname for guest OS -File locations, storage allocation -# of processors, amt of RAM -Peripheral devices (USB, etc) --Specify hardware requirements Type 2 hv - typically cant specify more resources than host has available Type 1 hv - can overprovision storage, oversubscribe CPU cores and RAM

3e) Methods of Linux Hardening

Physical security Control user access Remove unneeded services/software Install updates Manage system logs Implement firewalls

1a) Explain facts about Windows OS Components: System Processes (user mode)

Process - Instance of running an executable (.exe) -Includes services not provided as part of kernel: -Logon Process (WINLOGON) Collects logon credentials from user. Loads user profile on logon. Lock computer -Session Manager Subsystem (SMSS) Creates environment variables. Handles Windows File Protection. Creates logon sessions via WINLOGON -Local Security Authentication Server (LSASS) Enforces security policy on system. Verifies users logging on to computer. Creates security tokens -Service Control Manager (SCM) Responsible for managing Windows services (start, stop, pause, resume)

3d) Differentiate b/w root user and administrator

Root user: has access to all commands and files on system(unlim priv/rights), more power than admin, only use when necessary, mistakes can be catastrophic (no undo)

4a) Types of hypervisors: Type 1 (Baremetal)

Runs on hosts hardware -loaded as OS -enterprise solutions -better performance than T2

4a) Types of hypervisors: Type 2 (Hosted)

Runs on hosts' OS as application -better for playing around at home -takes performance hit

2a) Server Tools: System Center Ops Manager (SCOM)

SCOM: single interface showing state, health, and performance of object (large network structures) -Generates alerts based on availability, performance, config, security -Green (healthy) Yellow (warning) Red (Possible critical issue)

2a) Server Tools: Best Practices Analyzer (BPA)

Scans server role against predefined best practices and reports findings as: Noncompliant, Compliant, Warning -Meas roles effectiveness, trustworthiness, reliability

How does Windows use Security Identfiers (SIDs)?

Security descriptors - identify the owner of an object and primary group Access control entries - identify the trustee for whom access is allowed, denied, or audited Access tokens - identify user and groups to which the user belongs

2a) Active Directory Domain Services (ADDS)

Server role allowing admins to manage and store info about resources from network and application data in database -Domain: security/admin boundary -Tree: hierarchical grouping of domains within same namespace -Forest - grouping of trees (domains) joined together -Organizational Unit (OU): container within a domain

2a) Identify Windows server roles

Set of software programs that lets computer perform specific function for multiple users or other computers within network -ADDS, DNS, DHCP, IIS

4a) Virtual NICs

Software component made up of software drivers that mimic a physical NIC -Can be configured just like a physical NIC from within the VM

1a) Windows OS Components: Device drivers (kernel mode)

Software component that lets OS communicate with hardware -Reduces kernel's memory footprint -Allows support for variety of hardware from diff vendors

4c) Describe thick(fixed) and thin(dynamic) provisioning

Thick (VMware) / Fixed (Microsoft) -Fixed amount of storage space -Reserved space Thin / Dynamic -Allocating dynamic storage space -Combined VM allocated space may exceed actual storage space --Overprovisioning --Requires monitoring

3e) Threat, vulnerability, risk

Threat: anything that can or may want to cause harm to our info/systems Vulnerability: flaw in computer system, op procedure, installed software, network config Risk: Area when threat and vulnerabil overlap

4a) Server Virtualization

Use of hypervisor to convert one physical server into multiple VM servers. Each VM acts like unique physical device capable of running its own OS -Benefits: --Consolidation: consolidate several machines into one server running multiple virtual environments --Redundancy: Running same app on multiple servers on diff hosts in case one crashes --Isolated and independent systems: create virtual server independent to all others to run/test software --Migration and Load Balancing: moving server environment from one place to another to balance the load on a host to increase network efficiency

4a) OS Virtualization

Use of software (hypervisor) to allow system hardware to run multiple instances of similar/different OSs concurrently -Purpose: Useful for apps requiring specific OS to run

4d) Explain Network Virtualization

Utilizes virtual NICs to send/receive data b/w clients and servers -Virtual switches est connection b/w virtual and phys network

4a) Memory

VMs memory can be changed as needed to support requirements

4a) Virtual disks and storage virtualization

Virtual disk is a file that represents a physical disk to the VM -Storage virtualization is place to store virtual disks

1d) HKEY_USERS (HKU)

Windows designed to support more than one user on same system -HKU stores personalized info such as desktop colors and contents for each user

3e) Linux Hardening

processes/defensive mechanisms used to eliminate as many attack vectors (security risks) as possible -Never ending process: mechanisms used today may not work tomorrow -Continuous monitoring/updates


Set pelajaran terkait

Chapter 34: The Child with Neuromuscular or Muscular Dysfunction

View Set

NUR334: PrepU Review Chapters 11, 12, 13, 18, 19, 20

View Set

Practice Quiz 4 - Non Current Assets

View Set

FIN 125: Exam 1 Study Questions (Chapter 3)

View Set