Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Chapter 03

I.

Define the following key terms: (12 points)

I.

VLAN hopping,
VLAN hopping act of gaining access to traffic on other VLANs that would not normally
be accessible by jumping from one VLAN to another.
(Page 478)

II.

Cloud computing,
Cloud computing, a way of offering on-demand services that extend the capabilities of a
persons computer or an organizations network.
(Page 465)

III.

Software as a service (SaaS),

Software as a service (SaaS), the most commonly used and recognized of the three
categories, SaaS is when users access applications over the Internet that are provided by a
third party. The applications need not be installed on the local computer. In many cases
these applications are run within a web browser; in other cases, the user connects with
screen sharing programs or remote desktop programs. A common example of this is
webmail.
(Page 136)

IV.

Infrastructure as a service (IaaS),

Infrastructure as a service (IaaS): A service that offers computer networking, storage, load
balancing, routing, and VM hosting. More and more organizations are seeing the benefits
of offloading some of their networking infrastructure to the cloud.
(Page 136)

V.

Platform as a service (PaaS),

Platform as a service (PaaS): A service that provides various software solutions to
organizations, especially the ability to develop applications in a virtual environment
without the cost or administration of a physical platform. PaaS is used for easy-toconfigure operating systems and on-demand computing. Often, this utilizes IaaS as well
for an underlying infrastructure to the platform.
(Page 137)

VI.

Hardening
Hardening of the Operating System is the act of configuring an OS securely, updating it,
creating rules and policies to help govern the system in a secure manner, and removing
unnecessary applications and services. This is done to minimize OS exposure to threats
and to mitigate possible risk. Although it is impossible to reduce risk to zero, Ill show
some tips and tricks that can enable you to diminish current and future risk to an
acceptable level.

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

(Page 57)
VII.

Application Blacklisting
Application blacklisting is when individual applications are disallowed. This can be a
more useful (and more efficient) solution if your end users work with, and frequently add,
a lot of applications. In this scenario, an individual application (say a social media or chat
program) is disabled across the network.
(Page 59)

VIII.

Trivial File Transfer Protocol (TFTP)

Trivial File Transfer Protocol (TFTP). By disabling services such as this one, we can
reduce the risk of attacker access to the computer and we trim the amount of resources
used.
(Prowse 60)

IX.

Service Pack (SP)

A service pack (SP) is a Microsoft-centric group of updates, bug fixes, updated drivers,
and security fixes installed from one downloadable package or from one disc. When the
number of patches for an OS reaches a certain limit, they are gathered together into an SP.
This might take one to several months after the OS is released.
(Page 63)

X.

Trusted Operating System (TOS)

Trusted Operating System (TOS)
A system that adheres to criteria for multilevel
security and meets government regulations.
(Page 478)

XI.

Critical Updates
Critical updates and SPs: Include the latest SP and other security and stability updates.
Some updates must be installed individually; others can be installed as a group.
(Page 65)

XII.

Service Packs
A service pack (SP) is a Microsoft-centric group of updates, bug fixes, updated drivers,
and security fixes installed from one downloadable package or from one disc. When the
number of patches for an OS reaches a certain limit, they are gathered together into an SP.
This might take one to several months after the OS is released.
(Page 63)

XIII.

Windows Updates
Windows updates: Recommended updates to fix noncritical problems certain users might
encounter; also adds features and updates to features bundled into Windows.
(Page 65)

XIV.

Driver Updates

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Driver updates: Updated device drivers for installed hardware.

(Page 65)
XV.

Hotfix
Hotfix Originally, a hotfix was defined as a single problem fixing patch to an individual
OS or application that was installed live while the system was up and running, and
without a reboot necessary. However, this term has changed over time and varies from
vendor to vendor.
(Page 468)

XVI.

Patches
Patch is an update to a system. Patches generally carry the connotation of a small fix in
the mind of the user or system administrator, so larger patches often are referred to as
software updates, service packs, or something similar.
(Page 472)

XVII.

Patch Management
Patch management
(Page 472)

The planning, testing, implementing, and auditing of patches.

XVIII.

Planning
Planning: Before actually doing anything, a plan should be set into motion. The first thing
that needs to be decided is whether the patch is necessary and whether it is compatible
with other systems. Microsoft Baseline Security Analyzer (MBSA) is one example of a
program that can identify security misconfigurations on the computers in your network,
letting you know whether patching is needed. If the patch is deemed necessary, the plan
should consist of a way to test the patch in a clean network on clean systems, how and
when the patch will be implemented, and how the patch will be checked after it is
installed.
(Page 68)

XIX.

Testing
Testing: Before automating the deployment of a patch among a thousand computers, it
makes sense to test it on a single system or small group of systems first. These systems
should be reserved for testing purposes only and should not be used by civilians or
regular users on the network. I know this is asking a lot, especially given the amount of
resources some companies have. But the more you can push for at least a single testing
system that is not a part of the main network, the less you will be to blame if a failure
occurs!
(Page 68)

XX.

Implementing
If the test is successful, the patch should be deployed to all the necessary systems. In
many cases this is done in the evening or over the weekend for larger updates. Patches

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

can be deployed automatically using software such as Microsofts System Center

Configuration Manager (SCCM) or the older Systems Management Server (SMS).
(Page 68)
XXI.

Auditing
Auditing: When the implementation is complete, the systems (or at least a sample of
systems) should be audited; first, to make sure the patch has taken hold properly, and
second, to check for any changes or failures due to the patch. SCCM, SMS, and other
third-party tools can be used in this endeavor.
(Page 68)

XXII.

Group Policy
A Group Policy is used in Microsoft and other computing environments to govern user
and computer accounts through a set of rules. Built-in or administrator-designed security
templates can be applied to these to configure many rules at one time. Afterward,
configuration baselines should be created and used to measure server and network
activity.
(Page 68)

XXIII.

Security Template
Security template is a Groups of policies that can be loaded in one procedure.
(Page 475)

XXIV.

Baselining
Baselining is the process of measuring changes in networking, hardware, software, and so
on."
(Page 463)

XXV.

Virtual Machine (VM)

Virtual machine (VM) created by virtual software; VMs are images of operating systems
or individual applications.
(Page 478)

XXVI.

System VM
System virtual machine is a complete platform meant to take the place of an entire
computer, enabling you to run an entire OS virtually.
(Page 74)

XXVII.

Process VM
Process virtual machine: Designed to run a single application, such as a virtual web
browser.
(Page 74)

XXVIII.

Hypervisor (HV)

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Hypervisor
The portion of virtual machine software that allows multiple virtual
operating systems (guests) to run at the same time on a single computer.
(Page 469)
XXIX.

Native HV
The native hypervisor runs directly on the host computers hardware. Because of this it is
also known as bare metal. Examples of this include VMware vCenter and vSphere,
Citrix XenServer, and Microsoft Hyper-V. Hyper-V can be installed as a standalone
product, known as Microsoft Hyper-V Server, or it can be installed as a role within a
standard installa- tion of Windows Server 2008 (R2) or higher. Either way, the hypervisor
runs independently and accesses hardware directly, making both versions of Windows
Server Hyper-V Type 1 hypervisors.
(Page 75)

XXX.

Hosted HV
The hosted hypervisor runs directly on the host computers hardware. Because of this it is
also known as bare metal. Examples of this include VMware vCenter and vSphere,
Citrix XenServer, and Microsoft Hyper-V. Hyper-V can be installed as a standalone
product, known as Microsoft Hyper-V Server, or it can be installed as a role within a
standard installa- tion of Windows Server 2008 (R2) or higher. Either way, the hypervisor
runs independently and accesses hardware directly, making both versions of Windows
Server Hyper-V Type 1 hypervisors.
(Page 75)

II. Short Answer Section (8)

1. Why is Network Address Translation (NAT) important?
Network address translation (NAT) is the process of changing an IP address while it is in
transit across a router. This is usually implemented so that one larger address space
(private) can be remapped to another address space, or single IP address (public). In this
case it is known as net- work masquerading, or IP masquerading, and was originally
implemented to alleviate the problem of IPv4 address exhaustion. Today, NAT provides a
level of protection in IPv4 networks by hiding a persons private internal IPv4 address
known as the firewall effect. Basic routers only allow for basic NAT, which is IPv4
address-translation-only. But more advanced routers allow for PAT, or port address
translation, which translates both IPv4 addresses and port numbers. Commonly, a NAT
implementation on a firewall hides an entire private network of IPv4 addresses (for
example, the 192.168.1.0 network) behind a single publicly displayed IPv4 address.
Many SOHO routers, servers, and more advanced routers offer this technology to protect
a companys computers on the LAN. Generally, when an individual computer attempts to
communicate through the router, static NAT is employed, meaning that the single private

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

IPv4 address will translate to a single public IPv4 address. This is also called one-to-one
mapping.
It is also important to know the difference between private and public addresses. A
private address is one not displayed directly to the Internet and is normally behind a
firewall (or NAT-enabled device). Typically, these are addresses that a SOHO router or
DHCP server would assign automatically to clients."
2. Identify the three types of NAT?
There are three main types of NAT exist. In order of complexity (from simple to
complex), they are:
Static NAT--With this type of NAT, a NAT router maintains a table that associates each
internal IP address with a corresponding external allocated (i.e., registered) Internet IP
address. With static NAT, you must register an IP address for every machine that connects
to the Internet. This approach isn't used very often because it doesn't save on registering
IP addresses. However, static NAT can be useful for making devices accessible from the
Internet--the external IP address will always point to the internal address stored on the
NAT router.
Dynamic NAT--With dynamic NAT, a NAT router maintains a list of registered Internet
IP addresses. Every time an internal client tries to access the Internet, the router maps it
to one of the registered IP addresses that isn't currently in use. As a result, you need
registered IP addresses only for the number of concurrent Internet users.
Single-Address NAT/Overloading/Masquerading/Network Address Port Translation
(NAPT)--With this type of NAT, a NAT router has only one registered IP address. The
NAT router maps each internal client that needs to communicate with the Internet to a
different port from the registered IP address. The router writes the address request in the
form x.x.x.x:y--for example, 10.0.0.1:100 would be IP address 10.0.0.1, port 100.
Responses from the Internet include the originating port so that the router knows which
internal IP address to map the response to.
The figure below illustrates the use of single-address NAT. The NAT router in the figure
maintains a translation table that specifies the port that each internal IP address uses for
external communication, as follows:
Internal Address
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4

External Address
14.1.23.5:62450
14.1.23.5:62451
14.1.23.5:62452
14.1.23.5:62453

This type of NAT is the most popular form used.

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

3. What is the difference between NAT & Bridged?

NAT: Just like your home network with a wireless router, the VM will be assigned in a
separate subnet, like 192.168.6.1 is your host computer, and VM is 192.168.6.3, then
your VM can access outside network like your host, but no outside access to your VM
directly, it's protected.
Bridged: Your VM will be in the same network as your host, if your host IP is
172.16.120.45 then your VM will be like 172.16.120.50. It can be accessed by all
computers in your host.