Computer security

  Home  Basic Common  Computer security


“Computer security Interview Questions and Answers will guide you now that Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, so learn more about Computing Security,Information Security, NT security, Web Security and Network Security with the help of this Computer security Interview Questions with Answers guide”



89 Computer Security Questions And Answers

61⟩ What should I think about when using SNMP?

In other SNMP-enabled machines you can configure both an write and a read community name. On a Windows NT system you can only set one. Not having a community name does not disable the service, as one might expect. According to David LeBlanc, :

 122 views

62⟩ Guest account

As shipped, some older versions of Windows NT had a guest account that was easily used by outsiders. Newer versions of NT have their guest account closed as shipped from Microsoft. Anyway, you should check out your guest account and disable it as much as possible.

Some people remove the guest account from their system, but unfortunately, Microsoft ship some product that relies upon the usage of that account. For example, if you use Microsoft Internet Studio in combination with Microsoft SQL or Microsoft Access running on another computer than the one running Internet Studio.

 127 views

64⟩ What is AFTP, NVAlert and NVRunCmd?

When installing the complete SNA package, you will get at least three more services, AFTP, NVAlert and NVRunCmd.

* AFTP is like its TCP/IP counterpart FTP a tool to transfer files over the net. It might be used for anonymous logins as well.

* NVRunCmd is a service that lets someone running the NetView network monitoring tool send ordinary commands over the net that will be executed locally on the Windows NT machine.

Make sure that you have disabled these services if you want to run a more secure setup.

 140 views

65⟩ What ports must I enable to let NBT (NetBios over TCP/IP) through my firewall?

First of all, you should really, really reconsider if this is such a good idea to let NBT traffic through your firewall. Especially if the firewall is between your internal network and Internet.

The problem with NBT is that at once you open it up through the firewall, people will have potential access to all NetBios services, not just a selection of them, such as printing.

The following is a list of the ports used by NBT.

* netbios-ns 137/tcp NETBIOS Name Service

* netbios-ns 137/udp NETBIOS Name Service

* netbios-dgm 138/tcp NETBIOS Datagram Service

* netbios-dgm 138/udp NETBIOS Datagram Service

* netbios-ssn 139/tcp NETBIOS Session Service

* netbios-ssn 139/udp NETBIOS Session Service

 125 views

66⟩ What is Rollback.exe?

On the NT 4.0 CD-ROM there are a utility called rollback.exe that will corrupt your system if run. It is not intended for end-users, but someone slipped and the tool is now out on many users systems.

Without any sign of warning, rollback.exe will remove all system registry entries, which in turn will leave the system in a state where there are not easy way to recover. One have to grab the emergency repair disk and do a restore from the latest backup.

 135 views

67⟩ There are a number of things to do to get better security on remote connections

There are a number of things to do to get better security on remote connections

* Putting the RAS servers on one or more own interfaces in the firewall

* Be sure to turn on auditing for the RAS function

* Enable authentication

* Enable session encryption

* Enable dialback

* Specify which hours remote users are allowed

To turn on auditing for RAS, use the regedit utility to set the key

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesRasManParametersLogging

to 1, then restart RAS.

 125 views

69⟩ Securing New Systems questions

* When we acquire a new server or desktop computer, do we follow a defined set of procedures to set it up?

* How do we “lock down” a new system? Do we:

Turn on or install software firewalls? • And/or use a hardware firewall? o Turn off unnecessary services (e.g. FTP on a desktop computer that doesn’t need to support this protocol)? o Rename administrator user names as appropriate? Change default passwords? o Follow product-specific advice or expert checkists on how to secure new servers and applications? (For instance, software vendors and outside experts offer white papers or checklists on how to secure, for instance, a Windows XP workstation or a Linux server.)

* Do we test new systems for security using tools such as the Microsoft Baseline Security Analyzer, etc?

 128 views

71⟩ Anti-Virus questions

* Do we run anti-virus software? Which tool(s) do we use? o On all servers? On all critical desktops? o On all end user desktops?

* • Are our virus definitions current?

o How often are the definitions updated? (At least twice weekly is advised; many experts suggest daily updates.)

* • Do we run spyware detection software on our servers and on end user computers?

* • How are servers and end-user computers given new antivirus definitions? (From the vendor’s Web site, from a local server, or otherwise?)

* • Have we enabled automatic scanning for virus definition updates on servers and end-user computers?

* Do we scan incoming and outgoing email for viruses (as well as other modes of transmission)?

* Do we educate our users about virus avoidance (e.g. be wary of attachments in general, don’t run .EXE files sent via email, etc.)

* computers to install new software, so as to limit the capacity of viruses to install themselves? o E.g. using Microsoft’s Group Policy Option?

 122 views

72⟩ Web server security

There are a number of problems with web servers. Bugs in the server, stupid CGI scripts, erroneous configurations, strange other services (e.g. data base connections) are just a few things that might be used to damage your security.

You might want to look at the WWW Security FAQ to get some general security information on WWW.

If you install an Windows NT machine as a web server or a firewall, you should tighten up the security on that box more that you should do to ordinary machines on your internal network since a machine accessible from the Internet are more vulnerable and more likely to be attacked. Securing the machine gives you a bastion host. Some of the things you should do include

* Remove all protocol stacks except TCP/IP, since IP is the only protocol that runs on the Internet

* Remove some network bindings

* Disable all unnecessary accounts, like guest

* Remove share permissions and default shares

* Remove network access for everyone (User Manger -> Policies -> User rights, "Access this computer from the network")

* Disable unnecessary services (FTP, etc)

* Enable audit logging

* Track the audit information

 132 views

73⟩ Backups questions

* • How often do we back up our servers? How often do we back up the desktop computers that we use for departmental business functions

o A common practice is weekly backups of all data, and daily backups of files or data that have changed.

* • What backup media do we use? Is hardware to read that media commonly available?

* • When did we last test our backup procedures to make sure data can be restored? <

* Are our backups in “image” format (requiring identical hardware or software to restore)? Could we load our backups into another system if need be?

* • Do we take backup tapes offsite? Where? How often?

* • How often do we back up end user desktops? Or is this the responsibility of end users

 135 views

74⟩ Network Security questions

* Do we use hardware firewalls to protect critical servers and desktop computers?

o How often do we examine event logs and real-time displays to see if we are under attack?

o Do we use software firewalls to protect end-user computers (e.g. laptops that may spend time away from protection of the departmental hardware firewall)?

* Do we monitor the network for security exposures using auditing tools such as ISS, or Nessus?

* Do we monitor the network for unusual patterns of traffic? (E.g. a server or an end user computer suddenly begins emitting huge amounts of traffic.)

* Do we ensure that all critical business transactions take place using encrypted transmission? (E.g. SSL for Web or email transactions, SSH or VPN for remote login, encrypted file transfers)?

 127 views

75⟩ Data Security questions

* What confidential personal information (e.g., Social Security numbers) do we store on our servers? Do we minimize use of SSNs to the extent feasible? Could we use another identifier, such as MSU PID numbers instead?

o If we do need to store confidential data such as SSNs locally, how secure are the servers that house the information?

* Instead of storing personal confidential information locally, could we do business in some other way? Could we eliminate those confidential data elements from our local databases? Could we instead routinely access data as needed from University data services (thus obviating the need for the local copies)?

* Have all personnel within the unit been adequately trained in University data security requirements and applicable state or federal laws and regulations (e.g. FERPA, HIPAA, Gramm-Leach-Bliley Act)?

 139 views

76⟩ Disaster Recovery Planning questions

* Do we have a written disaster recovery plan?

o Are copies in possession of departmental management? At their homes?

* • When was our plan last updated?

* Does our plan include:

o A list of who in the department is empowered to declare a disaster? A list of critical personnel who will need to respond to a disaster?

--------- Telephone numbers (home, cell) for all critical personnel?

o An inventory of all our critical business functions?

o An inventory of the computer systems that support those functions?

------.. Including not only servers but critical desktop computers (e.g. departmental secretaries’ computers)?

o A rank-ordered list of which business functions we would restore first in event of a disaster?

* Suppose we had to evacuate the building due to a major disaster (fire, flood, chemical or biological event renders building inaccessible). Suppose all our systems are offline. How long would it take to restore basic departmental business functions and data from our offsite backup tapes?

 138 views

77⟩ Security interview questions for network admin questions

1. What is a firewall?

2. Describe, genrally, how to manage a firewall

3. What is a Denial of Service attack?

v 4. What is a “spoofed” packet?

5. What is a SYN Flood?

6. What do you do if you are a victim of a DoS?

7. What is GPG/PGP?

8. What is SSH?

9. What is SSL? How do you create certificates?

10. What would you do if you discovered a UNIX or Network device on your network has been compromised?

11. What would you do if you discovered a Windows system on your network has been comrpromised?

12. What is DNS Hijacking?

13. What is a log host?

14. What is IDS or IDP, and can you give me an example of one?

15. Why are proxy servers useful?

16. What is web-caching?

 129 views

78⟩ Exactly what security risks are we talking about?

There are basically three overlapping types of risk:

1. Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:

* Steal confidential documents not intended for their eyes.

* Execute commands on the server host machine, allowing them to modify the system.

* Gain information about the Web server's host machine that will allow them to break into the system.

* Launch denial-of-service attacks, rendering the machine temporarily unusable.

2. Browser-side risks, including:

* Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.

* The misuse of personal information knowingly or unkowingly provided by the end-user. 3. Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server including:

* The network on the browser's side of the connection.

* The network on the server's side of the connection (including intranets).

* The end-user's Internet service provider (ISP).

* The server's ISP.

* Either ISPs' regional access provider.

It's important to realize that "secure" browsers and servers are only designed to protect confidential information against network eavesdropping. Without system security on both browser and server sides, confidential documents are vulnerable to interception.

Protecting against network eavesdropping and system security are the subject of sections 1 to 5 of this document. Client-side security is covered in sections 6 and 7. Section 8 deals with security alerts for specific Web servers.

 130 views

79⟩ Are some Web server software programs more secure than others?

Again, the answer is yes, although it would be foolhardy to give specific recommendations on this point. As a rule of thumb, the more features a server offers, the more likely it is to contain security holes. Simple servers that do little more than make static files available for requests are probably safer than complex servers that offer such features as on-the-fly directory listings, CGI script execution, server-side include processing, and scripted error handling.

Version 1.3 of NCSA's Unix server contains a serious known security hole. Discovered in March of 1995, this hole allows outsiders to execute arbitrary commands on the server host. If you have a version 1.3 httpd binary whose creation date is earlier than March 1995 don't use it! Replace it with the patched 1.3 server or with version 1.4 or higher (available at the same site). The Apache plug-in replacement for NCSA is also free of this bug.

Servers also vary in their ability to restrict browser access to individual documents or portions of the document tree. Some servers provide no restriction at all, while others allow you to restrict access to directories based on the IP address of the browser or to users who can provide the correct password. A few servers, primarily commercial ones (e.g. Netsite Commerce Server, Open Market), provide data encryption as well.

The WN server, by John Franks, deserves special mention in this regard because its design is distinctively different from other Web servers. While most servers take a permissive attitude to file distribution, allowing any document in the document root to be transferred unless it is specifically forbidden, WN takes a restrictive stance. The server will not transfer a file unless it has been explicitly placed on a list of allowed documents. On-the-fly directory listings and other "promiscuous" features are also disallowed.

 126 views

80⟩ Are server-side includes insecure?

Server side includes, snippets of server directives embedded in HTML documents, are another potential hole. A subset of the directives available in server-side includes instruct the server to execute arbitrary system commands and CGI scripts. Unless the author is aware of the potential problems it's easy to introduce unintentional side effects. Unfortunately, HTML files containing dangerous server-side includes are seductively easy to write.

Some servers, including Apache and NCSA, allow the Web master to selectively disable the types of includes that can execute arbitrary commands.

 143 views