Introduction to OS Security and Worms
39 Questions
5 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What mechanism does a worm use to duplicate itself?

  • Cloning
  • Spawn (correct)
  • Rebooting
  • Copying
  • The Morris Worm was designed to have a slow reproduction rate.

    False

    What programming language was used to create the grappling hook program of the Morris Worm?

    C

    A worm can significantly affect a computer network by __________ itself among systems.

    <p>reproducing</p> Signup and view all the answers

    Match the following components of the Morris Worm with their descriptions:

    <p>Grappling hook = 99 lines of C code that connects to infected machines Main program = Searches for other machines to infect rsh = Utility for easy remote task execution Finger = A UNIX utility for querying user information</p> Signup and view all the answers

    Which of the following systems did the Morris Worm target primarily?

    <p>Sun Microsystems’ Sun 3 workstations</p> Signup and view all the answers

    The Morris Worm utilized flaws in the UNIX operating system’s security routines to propagate.

    <p>True</p> Signup and view all the answers

    In what year did the Morris Worm spread across the Internet?

    <p>1988</p> Signup and view all the answers

    The Morris Worm was a process that could potentially __________ an entire network.

    <p>shut down</p> Signup and view all the answers

    What type of computer threats does the Morris Worm represent?

    <p>Malware</p> Signup and view all the answers

    What does the finger utility primarily function as?

    <p>An electronic telephone directory</p> Signup and view all the answers

    The Morris worm targeted the finger utility by employing a buffer-overflow attack.

    <p>True</p> Signup and view all the answers

    What happens when the finger daemon is successfully exploited by the worm?

    <p>It executes /bin/sh, giving the worm a remote shell.</p> Signup and view all the answers

    The special files that allow users to omit entering a password contain host–login name pairs known as __________.

    <p>trust files</p> Signup and view all the answers

    Match the following utilities with their primary function:

    <p>Finger = Provides user information Sendmail = Handles email communication SSH = Secure shell access HTTP = Web protocol</p> Signup and view all the answers

    What was the size of the string the worm queried to the finger utility?

    <p>536 bytes</p> Signup and view all the answers

    Sendmail does not have any debugging capabilities.

    <p>False</p> Signup and view all the answers

    What type of code was included in the sendmail part of the attack?

    <p>Debugging code.</p> Signup and view all the answers

    The finger daemon was modified to return to a __________ within the invading string.

    <p>procedure</p> Signup and view all the answers

    What is the first step the worm takes when it successfully establishes a remote shell?

    <p>It begins executing the worm program anew.</p> Signup and view all the answers

    What is the primary purpose of port scanning?

    <p>To detect a system’s vulnerabilities</p> Signup and view all the answers

    Nmap is designed to exploit known bugs in systems.

    <p>False</p> Signup and view all the answers

    What methodology is used by the worm to gain access to user accounts?

    <p>A three-stage password-cracking algorithm</p> Signup and view all the answers

    Port scanning is typically an automated process involving a tool that attempts to create a TCP/IP connection to a specific ______.

    <p>port</p> Signup and view all the answers

    Match the following tools or concepts with their descriptions:

    <p>Nmap = Tool used to discover hosts and services Sendmail = Service that can have known vulnerabilities Port scanning = Technique to detect system vulnerabilities Cracker = Individual attempting to exploit system vulnerabilities</p> Signup and view all the answers

    What might a cracker do after successfully connecting to a service through port scanning?

    <p>Determine the service version and bugs</p> Signup and view all the answers

    The main function of a password-cracking algorithm is to protect user accounts.

    <p>False</p> Signup and view all the answers

    What operation system can Nmap be installed on?

    <p>Any operating system</p> Signup and view all the answers

    A cracker could use port scanning to try to connect to port ______ of a system to check vulnerabilities in sendmail.

    <p>25</p> Signup and view all the answers

    What is a consequence of discovering a buffer overflow vulnerability?

    <p>Creation of a privileged command shell</p> Signup and view all the answers

    What does the command nmap -sP 10.7.1.0/24 do?

    <p>Determines if a system is live</p> Signup and view all the answers

    Denial-of-service attacks aim to gain access to confidential information.

    <p>False</p> Signup and view all the answers

    What will the command sudo nmap -sT -p 80,443 10.7.1.0/24 check for?

    <p>Open ports 80 and 443</p> Signup and view all the answers

    A denial-of-service attack can disrupt the ______ of a system.

    <p>legitimate use</p> Signup and view all the answers

    Which command would provide information about the operating system version of a device?

    <p>sudo nmap -O 10.7.1.226</p> Signup and view all the answers

    Using incorrect attempts to access accounts can lead to a lock on authentication mechanisms.

    <p>True</p> Signup and view all the answers

    What is the purpose of the command sudo nmap -A 10.7.1.226?

    <p>To gather detailed information about the device</p> Signup and view all the answers

    A TCP connection disruption can result in ______ sessions if the connection setup is incomplete.

    <p>partially started</p> Signup and view all the answers

    Match the Nmap command with its purpose:

    <p>nmap -sT -p 80,443 = Check for web server ports nmap -O = Identify the operating system nmap -A = Gather detailed device information nmap -sP = Identify live hosts</p> Signup and view all the answers

    Study Notes

    Introduction to OS Security

    • Goal of OS security: Protecting valuable resources
    • Security goals: Confidentiality, integrity, availability
    • Threats to OS security:
      • Software: Trojan horses, buffer overflow attacks, viruses
      • Network: Worms

    Worms

    • Self-replicating processes that duplicate themselves
    • Consume system resources and potentially lock out other processes
    • Particularly potent on networks as they can spread and shut down entire networks

    Morris Worm

    • Created by a Cornell graduate student
    • Targeted Sun Microsystems workstations and VAX computers running BSD UNIX
    • Spread rapidly across the internet, consuming system resources and causing infected machines to crash

    Morris Worm Design and Implementation

    • Designed for rapid reproduction and distribution
    • Exploited vulnerabilities in the UNIX operating system's security routines
    • Utilized network utilities (rsh, finger, sendmail) to gain unauthorized access

    Morris Worm Programs

    • Consists of two programs: a grappling hook program and the main program
    • Grappling hook program: downloaded onto a machine and used to connect back to the origin machine, uploading the main worm
    • Main program: searched for other machines to establish connections and spread the worm

    Morris Worm - Exploiting Utilities

    • rsh: Exploited the feature for remote task execution without passwords to establish connections
    • finger: Used a buffer overflow attack to exploit a vulnerability and gained access to a remote shell
    • sendmail: Exploited debugging code within the utility to send and execute the grappling hook program, and systematically attempted to discover user passwords

    Port Scanning

    • Not an attack, but a method for detecting vulnerabilities
    • Automated process that uses tools for connecting to specific ports or ranges of ports
    • Used to detect vulnerabilities like known bugs in software, especially buffer overflows, which allow for the creation of privileged command shells

    Nmap

    • A tool for discovering hosts and services on a network
    • Sends packets and analyzes responses to determine system information
    • Can be installed on various operating systems
    • Can identify live hosts, open ports, host operating systems, and provide information about network security

    Distributed Denial of Service (DDoS)

    • Aim is to disrupt legitimate use of a system or facility, not to obtain information or resources
    • Categorized into two types: resource exhaustion attacks and network disruption attacks
    • Resource Exhaustion:* Uses vast amounts of system resources, hindering functionality, such as downloading a CPU-intensive applet or pop-up windows.
    • Network Disruption: Exploits TCP/IP protocol functionalities by interrupting network connections, like interrupting ongoing TCP sessions or overloading the system with false connection attempts.

    Denial of Service (DoS)

    • Can overload authentication mechanisms by repeatedly attempting incorrect logins
    • Can manipulate firewalls to block traffic unnecessarily

    Operating System Architectural and Hardenings

    • Not discussed in the provided text but is a key concept in OS security. It involves understanding how to protect system architecture and apply security controls.

    Reference

    • The presentation was based on the book "Operating System Concepts" by Peterson and Silberschatz.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Explore the fundamental concepts of operating system security, including its goals of confidentiality, integrity, and availability. Learn about significant threats to security, such as the Morris Worm, and its design, implementation, and impact on network systems.

    More Like This

    Operating System Security Measures
    10 questions
    Operating System Security
    24 questions
    Operating System Security
    18 questions
    Use Quizgecko on...
    Browser
    Browser