Computer Security and OpenSSL

Questions and Answers

What is the primary goal of a denial-of-service attack?

• To install malware on a system
• To gain unauthorized access to a system
• To make a network or server unavailable (correct)
• To steal sensitive information

What is the purpose of the `getcifsacl` command?

• To display the ACL of a file system (correct)
• To set permissions on a file system
• To unmount a file system
• To mount a file system

What is the default timeout period for OpenVPN control packets?

• 10 seconds
• 2 seconds (correct)
• 1 second
• 5 seconds

What permission bit allows a user to modify a file?

Write (A)

What is the primary function of the rkhunter tool?

To detect rootkits and other security threats (C)

What is the purpose of a certificate chain?

To verify the authenticity of a digital certificate (C)

What iptables command changes the source IP address for all IPv4 packets going through the eth0 interface?

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11 (D)

What is the purpose of the ACL prefix 'OWNER' in the output of getcifsacl?

To specify the owner of a file system (C)

What is the primary function of the NSEC or NSEC3 records in a DNS zone?

To prevent zone enumeration (B)

What is the main purpose of a PTR record in a DNS zone?

To map an IP address to a hostname (B)

What is the primary function of a Certificate Revocation List (CRL)?

To list X.509 certificates that have been revoked (A)

What is the main purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone (C)

What is the primary goal of phishing attacks?

To steal sensitive information from a victim (A)

What is the main purpose of AIDE?

To detect intrusions and system changes (D)

What is the primary goal of social engineering attacks?

To trick victims into divulging sensitive information (C)

What is the primary function of host intrusion detection (HID) systems?

To monitor and detect potential security threats on a single computer or server (B)

What is the primary function of the chkrootkit tool?

To scan a Linux system for rootkits (D)

What happens when the getfattr command is run on a file with no extended attributes set?

No output is produced and it exits with a value of 0 (A)

What is the correct command to delete the second key of a LUKS device?

cryptsetup luksDelKey /dev/sda1 2 (C)

What is a characteristic of eCryptfs?

It does not support encryption of home directories for regular Linux users (B)

What command is used to disable automatic password expiry for a user?

chage --maxdays -1 username (A)

What is the purpose of OpenSCAP?

To monitor system processes for security compliance (B)

What is the function of the rpm command?

To verify the integrity of RPM packages (A)

What is a characteristic of a LUKS device?

It can have multiple keys (B)

What parameter in OpenSSL specifies the host name for TLS Server Name Indication?

-servername (A)

What type of extension is added to a certificate for the host names example.org and www.example.org?

X 509v3 Subject Alternative Name (A)

What is a buffer overflow?

A software vulnerability (A)

Which tool is used to manage the Linux Audit system?

auditd (B)

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner (C)

What is a valid AIDE rule?

!/var/run/.* (D)

What command in the Linux Audit system provides searching and filtering of the audit log?

ausearch (C)

What is the purpose of the TLS Server Name Indication extension?

To specify a host name for a TLS connection (A)

What is the primary purpose of a Certificate Revocation List?

To allow a server to provide proof of the revocation status of certificates (A)

What is the command to install and configure a new FreeIPA server?

ipa-server-install (A)

What is the OpenSSL command to generate a certificate signing request (CSR) using an existing private key?

openssl req –new –key private/keypair.pem –out req/csr.pem (B)

What is Cryptography?

The art of sending secret messages (D)

What type of activity does HID monitor for?

Unauthorized access attempts (C)

What is NOT a benefit of using HID?

Provides automatic removal of detected threats (B)

What is the term for the encrypted message?

Ciphertext (B)

What is the purpose of a Certificate Authority?

To issue certificates to servers (B)

Study Notes

OpenSSL Parameters

• -servername specifies the host name to use for TLS Server Name Indication.

OpenSSL Configuration

• The line subjectAltName = DNS: www.example.org, DNS:example.org adds an X.509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate.

Security Threats

• A buffer overflow is a type of software vulnerability.
• Phishing is a type of social engineering attack.

Linux File Permissions

• SetUID allows a file to be executed with the permissions of the file owner.
• SetGID allows a file to be executed with the permissions of the group owner.
• The permission bit Write allows a user to delete a file.

Linux Audit System

• The command auditd is used to manage the Linux Audit system.
• The command aureport provides searching and filtering of the audit log.

AIDE

• AIDE is used to detect intrusions and system changes.
• The command aide is used to manage system audits.

OpenVPN

• OpenVPN sends a control packet to its peer and expects an acknowledgement in 2 seconds by default.
• The option --tls-timeout 5 changes the timeout period to 5 seconds.

Certificate Management

• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

DNS and DNSSEC

• The DNS record PTR is used to map an IP address to a hostname.
• The DNS record DNSKEY is used to sign a DNS zone.

Host Intrusion Detection

• HID monitors for unauthorized access attempts.
• HID does not provide automatic removal of detected threats.

Cryptography

• Cryptography is the art of sending secret messages.
• A ciphertext is the encrypted message.

Disk Encryption

• The command cryptsetup is used to manage disk encryption.
• The command getfattr is used to check for extended attributes on a file.

eCryptfs

• eCryptfs is a system that encrypts files and directories.
• eCryptfs does not store the contents of all files in an archive file.
• eCryptfs can be used to encrypt only directories that are the home directory of a regular Linux user.

FreeIPA

• The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

Rootkit Detection

• The command chkrootkit is used to detect rootkits on a Linux system.
• The command rkhunter is used to detect rootkits and other security threats.

Description

This quiz covers various aspects of computer security, including OpenSSL parameters, configuration, and common security threats. It also touches on Linux file permissions.