Chapter 3Security Part I: Auditing Operating Systems and NetworksReview Questions1.

What are the five control objectives of

an operating system?
Response:a. The operating system must protect itself from users. b. The operating system must protect users from
each other.c. The operating system must protect users from themselves.d. The operating system must be protected
from itself.e. The operating system must be protected from its environment.
2. What are the three main tasks the operating system performs?
Response:a. Translates high-level languages into the machine-level language the computercan execute. b. Allocates
computer resources to users.c. Manages the tasks of job scheduling and multiprogramming.
3. What is the purpose of an access control list?
Response: An access control list is assigned to each computer resource such asdirectories, files, programs, and
printers. These lists contain information that defines theaccess privileges for all valid users of the resource. When a
user attempts to access aresource, the system compares his or her ID and privileges contained in the access
tokenwith those contained in the access control list. If there is a match, the user is grantedaccess.
4. What are the four techniques that a virus could use to infect a system?
Response: The virus program can attach itself toa. an .EXE or .COM file, b. an OVL (overlay) program file,c. the
boot sector of a disk, ord. a device driver program.
5. What is an access token?
Response: At login, the operating system creates an access token that containskey information about the user,
including user ID, password, user group, and privilegesgranted to the user. The information in the access token is
used to approve all actionsattempted by the user during the session.
6. Explain discretionary access privileges.
Response: In distributed systems, end users may control (own) resources.Resource owners in this setting may be
granted discretionary access control, whichallows them to grant access privileges to other users. For example, the
controller, who isthe owner of the general ledger, may grant read-only privileges to a manager in the
budgeting department. The accounts payable manager, however, may be granted bothread and write permissions to
the ledger. Any attempt the budgeting manager makes toadd, delete, or change the general ledger will be denied.
Discretionary access controlneeds to be closely supervised to prevent security breaches resulting from too liberal
use.
7. What is event monitoring?
Response: Event monitoring is an audit log that summarizes key activities relatedto users, applications, and system
resources. Event logs typically record the IDs of allusers accessing the sys
tem; the time and duration of a users session; programs that were
executed during a session; and the files, databases, printers, and other resources accessed.
8. What is keystroke monitoring?
Response: Keystroke monitoring is the computer equivalent of a telephone
wiretap. It is a log that records both the users keystrokes and the systems responses to
them. This form of log may be used after the fact to reconstruct the details of an event oras a real-time control to
monitor or prevent unauthorized intrusion.
9. What is a vaccine and what are its limitations?
Response: Avaccine anti-virus program detects and removes viruses from theinfected programs or data files. Most
antiviral programs run in the background on thehost computer and automatically test all files that are uploaded to the
host. Its limitationis that it works only on known viruses and versions of the virus.
10. What are the risks from subversive threats?
Response: The risks from subversive threats include: a computer criminalintercepting a message transmitted
between the sender and the receiver, a computer
hacker gaining unauthorized access to the organizations network, and a denial
-of-serviceattack from a remote location of the Internet.
11. What are the risks from equipment failure?
Response: The risks from equipment failure include the fact that they can causetransmissions between senders and
receivers can be disrupted, destroyed, or corrupted.Equipment failure can also result in the loss of databases and
programs stored on thenetwork server.
12. What is a firewall?

Response:A firewall is a system that enforces access control between two networks. Firewalls can be used to
authenticate an outside user of the network, verify his or her level of accessauthority, and then direct the user to
the program, data, or service requested. In addition
to insulating the organizations network from external networks, firewalls can also beused to insulate portions of the
organizations intranet from internal access.
13. Distinguish between network-level and application-level firewalls.
Response: A network-level firewall accepts or denies access requests based onfiltering rules, and then directs the
incoming calls to the correct internal receiving node.