JA7. File Security¶
1. Discuss the week’s activities and your observations¶
Describe what you learned¶
This week was the 7th week of this course; we learned about file security, file permissions, file ownership, and SELinux. We also learned about the importance of file security and how to protect our files and data.
The discussion asked us to talk about a recent operating systems vulnerability. I talked about PrintNightmare. It is a vulnerability in the Windows Print Spooler service that allows an attacker to execute arbitrary code on a vulnerable system.
Usually, the responses of the companies to such vulnerabilities are similar and start by advising people to disable the affected service, then doing more investigations and then releasing a patch, and arguing with users to install the new patched version of the software.
Did anything surprise you?¶
Looking at the discussion forum responses, I saw multiple people about the same vulnerability as mine; I was surprised that it is so popular, but I never heard about it before.
Did you face any challenges in this Unit? If so, how did you overcome them?¶
Understanding the absolute mode of assigning permissions was a bit challenging for me, but I overcame it by reading the book and watching videos online. And when I came to do the written assignment, the table attached there helped me a lot.
How were your peers’ assessments and feedback received?¶
I did not receive any noticeable feedback from my peers. However, the written assignment was a good exercise to practice the concepts of manipulating file permissions; where we created a file and then played with its permissions.
2. Discuss any tools or methods you use to protect your own data and files¶
I back up my data to the cloud regularly; I have an AWS s3 bucket that I use to store my data; The other half of my data is stored on a GitHub repository that I use to store code, images, pdf files, and other data. I also use a password manager to store my passwords and other sensitive data.
In theory, the cloud providers are the ones who are responsible for the physical protection of data that are stored on their servers -including my data- and the data of all of their customers. Including backup against disasters, and other security measures.
Have you ever lost your important data?¶
I once lost my phone (got stolen) and all the data on it. Luckily, I had a backup of my data on my Google account at that time which I was able to recover and log the person who stole my phone out from most of my accounts; but they still have a copy of the actual data on the phone; plus, everything that was not backed up was lost.
How is human error seen as one of the causes of data loss?¶
Humans, end-of-day, are the only responsible people for putting the backup plan and executing it to the best of their abilities; so humans are the only ones to blame for any data loss.
Assuming that the backup plan is perfect and that the backup is executed correctly; there are still some situations where humans contribute to data loss; here are some examples:
- Some employees save their passwords or copies of their credentials in plain text on their computers which could fall into the wrong hands.
- Some employees use unsecured channels to connect to the organization’s servers, like logging in to their work from public Wi-Fi networks.
- Some employees install unverified software on their computers which could be malicious and steal their data.
- Some employees do not follow the recommended security practices when surfing the internet, like clicking on suspicious links or downloading unverified files which could lead them to be phished or hacked.