Assuming all features are supported, on a *NIX system, what is the best way to protect an existing $file on an Extended Filesystem (ext#) partition from any changes and set maximum access restriction? (Prompts: $ = non-root user; # = root user.)

Assuming all features are supported, on a *NIX system, what is the best way to protect an existing $file on an Extended Filesystem (ext#) partition from any changes and set maximum access restriction? (Prompts: $ = non-root user; # = root user.)

• $ chmod 000 $file && chown root:root $file
• $ chmod 1744 $file && chown root:root $file
• # chown root:root $file && chmod 1000 $file && chattr +iu $file
• # chmod 400 $file && chown root:root $file && chattr +i $file 

 

EXPLANATION

chown root:root $file sets the user and group "root" as the owner of the file. chmod 1000 $file sets the sticky bit to 1, which means that only the owner can delete the file, and the zeroes mean that the owner, group, and world (other), respectively, have no access permissions on the file.
A component of the e2fsprogs package, chattr +iu sets the file to immutable (+i), so even root cannot change it, and sets the file to undeletable (+u) so that it cannot be deleted.
This answer assumes 1) that the user has permissions to set all flags & 2) that the +u flag in chattr is supported by the Linux kernel and the filesystem on which the file is written.
For documentation, see:
https://docs.oracle.com/cd/E19683-01/816-4883/secfile-69/index.html
http://permissions-calculator.org/
Note: for more realistic (real-world) command-line options, one would allow root to read the file with chmod 1400; and since chattr +i sets the file to immutable, it will not be deletable, so chattr +u is unnecessary.

Read More

The Betamax was to VHS, as

The Betamax was to VHS, as

• Terminate and Stay Resident is to Internal OS Commands
• Switching is to Routing
• Token-Ring is to Ethernet
•  DASD is to SAN

EXPLANATION

One one time in the 1980s Ethernet and Token-Ring were very competitive, vying for the same customers and networks,
replacing Arcnet (similar to Token-Ring) an older network topology.  Speed and reliability of Ethernet versus Token-Ring was the difference maker, and eventually Token-Ring is no longer used nor supported.

SOURCE

http://www.eweek.com/networking/30-years-ago-networking-in-the-1980s-meant-ethernet-vs.-token-ring

Read More

In terms of Internet Security, what is CEO Fraud?

In terms of Internet Security, what is CEO Fraud?

• A Phishing email directed at a CEO or executive within a CEO's office
• When a CEO embezzles from their company
• A criminal who impersonates a supervisor or other high ranking individual in a phishing attempt
• A CEO who impersonates someone to attain private information 

EXPLANATION

Cyber criminals have developed a new attack called CEO Fraud, also known as Business Email Compromise (BEC).
In these attacks, a cyber criminal pretends to be a CEO or other senior executive from your organization. The criminals send an email to staff members like yourself that try to trick you into doing something you should not do. These types of attacks are extremely effective because the cyber criminals do their research. They search your organization’s website for information, such as where it is located, who your executives are, and other organizations you work with. The cyber criminals then learn everything they can about your coworkers on sites like LinkedIn, Facebook, or Twitter. Once they know your organization’s structure, they begin to research and target specific employees.

SOURCE

https://securingthehuman.sans.org/resources/national-cyber-security-awareness-month

Read More

What does this PowerShell command do: Get-Service *spool* | Restart-Service

What does this PowerShell command do: Get-Service *spool* | Restart-Service

• Restarts any service that has "spool" in its name
• Restarts the print spooler on the computer [No Custom Service This would be correct]
• Restarts all services on the computer
• Restarts the print spooler on the print server 

EXPLANATION

PS C:\Windows\system32> Get-Service *spool*

Status   Name               DisplayName
------   ----               -----------
Running  Spooler            Print Spooler
 

PS C:\Windows\system32> Get-Service *spool* | Restart-Service

Read More

What did .msi originally stand for?

What did .msi originally stand for?

• Multi-Stacked Interface
• Microsoft Installer
• Multi-Segmented Installer
• Multi-Socketed Icon 

EXPLANATION

MSI is an installer package file format used by Windows. Its name comes from the program's original title, Microsoft Installer, which has since changed to Windows Installer. MSI files are used for installation, storage, and removal of programs.

 

Read More