The flashcards below were created by user
wathy64
on FreezingBlue Flashcards.
-
IPL
Initial Program Load - loading the operating system's kernel into the computer's main memory.
-
System reboot
System shuts itself down in a controlled manner in response to a kernel (trusted computing base) failure
-
emergency system restart
system failure in an uncontrolled manner. Failure caused by a lower-privileged user - ex. attempting to access restricted memory segments
-
system cold start
An unexpected kernel or media failure happens and the regular recovery procedure cannot recover system to a more consistent state. Important that the system does not enter in an insecure state.
-
Operations - Steps after a system crash
- 1. enter into single mode - system will automatically boot up to a "single user mode" or must be manually booted to a "Recovery Console" These modes do not start services for users on the network. The administrator must be physically at the console or have a dial-in modem attached.
- 2. Fix Issue, Recover file - the system administrator will attempt to identify the cause of the shutdown. May need to roll-back or roll-forward a database. May be automatic or manual actions that need to occur before applications and services return to normal state.
- 3. Investigation of the problem suggest corruption (attack, user reconfiguration, hardware or software failure) - administrator needs to ensure that system files, and configuration files are consistent with their expected state. Administrator could look at cryptographic checksums of files (tripwire) or validate settings with documentation.
-
Security Concerns of system shutdown
- Bootup sequence - only allow authorized users to change boot sequence - don't want an attacker to boot from CD etc.
- Bypass System logs - attacker would be able to change configuration and remove tracks in logs
- System forced shutdown - should be limited to administrators
- Diagnostics messages and logs - should not be able to be re-routed. Access to messages should be restricted to authorized users.
|
|