Deck 9: Embedded Operating Systems: the Hidden Threat

What is Samba used for?

Samba is an open-source implementation of CIFS; with Samba,*nix servers can share resources with Windows clients,and Windows clients can access a *nix resource without realizing that the resource is on a *nix computer.Samba has been ported to non-*nix systems,too,including OpenVMS,NetWare,and AmigaOS.Samba is very useful because many companies have a mixed environment of Windows and *nix systems.

Why should a systems administrator disable unused services and filtering ports?

Disabling unneeded services and deleting unnecessary applications or scripts make sense because they give intruders a potential point of entry into a network.If you have a Windows Server 2016 system acting as a file server,you certainly don't need DNS services running on it; doing so leaves port 53 TCP/UDP open and vulnerable to attack.Open only what needs to be open,and close everything else.

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
Amount of code a computer system exposes to unauthenticated outsiders

Why is NetBIOS still used in Windows Operating Systems?

Why should you review logs regularly,and how should you manage this task?

What should a password policy include?

What is Server Message Block (SMB)used for in Windows and can a hacker still damage a network using SMB?

What is the Common Internet File System (CIFS)protocol?

What is the purpose of a file system?

In Windows Server 2003 and 2008,how does a domain controller locate resources in a domain?

What functions do most Trojan programs perform?

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
An interprocess communication mechanism that allows a program running on one host to run code on a remote host

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
An open-source implementation of CIFS

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
An OS security mechanism that enforces access rules based on privileges for interactions between processes,files,and users

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
A standardized protocol that replaced SMB in Windows 2000 Server and later

List at least four best practices for protecting embedded OSs.

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
A fast and efficient protocol that requires little configuration and allows transmitting NetBIOS packets over TCP/IP

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
Microsoft's standard for managing Windows security patches on multiple computers in a network between 1994 and 2005

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
A Windows client/server technology introduced in 2005 used to manage patching and updating system software from the network

Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have.

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
Used to share files and usually runs on top of NetBIOS,NetBEUI,or TCP/IP

Match each item with a statement below.a.attack surface
b.Windows Software Update Services
c.Systems Management Server
d.Server Message Block
e.NetBEUI
f.Mandatory Access Control
g.Common Internet File System
h.System Center Configuration Manager
i.Remote Procedure Call
j.Samba
In 2007 became Windows new standard to deploy and manage servers alongside updated patch-management functionality

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
A cryptographic firmware boot-check processor installed on many new computer systems

What principle can be used to help reduce insider threats to an organization?

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
An OS microkernel extension developed for Linux

Explain the BIOS-level rootkit SubVirt that was co-developed by Microsoft and the University of Michigan?

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
Any computer system that is not a general-purpose PC or server

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
A specialized embedded OS used in devices such as programmable thermostats,appliance controls,and even spacecraft

Why is it critical to protect SCADA systems from all types of unauthorized attacks?

What types of embedded systems are found in a typical corporate building?

Why are there problems with patching electronics such as heart rate monitors and MRI machines that run embedded Windows OSs?

Why might attackers use social engineering techniques to masquerade as support technicians?

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
Systems used for equipment monitoring in large industries,such as public works and utilities,power generators and dams

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
An open-source embedded OS used in space systems because it supports processors designed specifically to operate in space

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
Software residing on a chip

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
An embedded OS certified to run multiple levels of classification on the same CPU without leakage between levels

Why do many people dismiss the topic of embedded device security?

What types of specific systems use VxWorks embedded real-time OS?

What critical consumer product did the botnet worm psyb0t or the Network Bluepill target?

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
Devices on an organization's network performing more than one function,such as printers,scanners,and copiers

Match each item with a statement below.a.Trusted Platform Module
b.MILS
c.RTLinux
d.RTOS
e.RTEMS
f.embedded system
g.firmware
h.multifunction devices
i.SCADA
j.embedded operating system
A small program developed specifically for use with embedded systems