(7) Infrastructure and Op Tech Flashcards
What are examples of Operational Technology (OT)?
OT are examples of Supervisory Control and Data Acquisition (SCADA) systems, Industrial Control Systems (ICs), and Internet of Things (IoT).
What are injection flaws?
Injection flaws happen when an attacker is able to send commands through a web server to a backend system, passing normal security and tricking the back end system to believing that the request came from the web server
What is a SQL injection attack?
SQL injection attack is when a web application is taken advantage of to send unauthorized commands to a backend database server
Name and describe the two best ways to protect against SQL injection attacks?
The two best ways are input validation and enforcement of least privilege restrictions on access to the database.
Input validation makes sure that users don’t provide unexpected text to the web server. It blocks input that could cause private information from being shared.
Least privilege limits the tables that the web server can access in order to keep that information from being shared over the Internet
Other than attacks on SQL databases, what other two attacks should security researchers be aware of?
Security professionals should also be aware of Extensible Markup Language (XML) and Lightweight Directory Access Protocol (LDAP) based attacks.
Once developers notice or detect that a SQL vulnerability has been detected, what should they do?
Developers should work closely with developers to get the vulnerability fixed
What is a cross-site scripting (XSS) attack?
XXS attacks are when an attacker puts scripting commands on a website that will be executed at a later time by an unsuspecting visitor accessing the site.
The main goal is to deceive the user into visiting a legit site and then to execute bad code that is put there by a bad third party
What are persistent cross site scripting XSS attacks?
Persistent XSS Attacks happen when the attacker can store the attack code on a server. The code stays on the server, awaiting for a user to get to the bad content. They are also known as stores XSS attacks
What are reflected Cross Site Scripting (XSS) attacks?
Reflected Cross Site Scripting attacks happen when the attacker tricks the user into sending the attack to the server as part of a normal query string, etc.
The server then sends the attack back to the person who sent it (reflecting it), forcing the code to run
What should security admins do if they discover a XSS vulnerability?
Security professionals should work with developers to figure out if this vulnerability actually exists and then put controls in place to keep this attack from happening, perhaps through input validation
What is a directory traversal attack? What causes these attacks to happen?
A directory traversal attack inserts a filesystem path into a query string, trying to navigate to a file in an area not normally authorized for access to the public.
These attacks happen if filenames are included in query strings such as if one types www.coolserver.net/documents/payroll?document=’payrolldatabase.pdf’
An attacker could use this type of attack to work through various directories, looking for specific high value information
What three types of controls can help avoid directory traversal attacks?
The three types of controls that can help avoid directory traversal attacks are:
Avoid using filenames in user-manipulatable fields
Input validation should prevent the use of special characters needed to pull this type of attack off
Access controls on storage servers should keep the web server from being able to access these types of files for public access
What is a file inclusion attack?
File inclusion attacks seek to trick the web server into executing arbitrary code
What are the two types of file inclusion attacks?
The two types of file inclusion attacks are
Local File Inclusion (LFI) attacks which try to run code stored in a file located on a web server somewhere. Similar to directory traversal attacks.
Remote File Inclusion (RFI) attacks let the attacker execute code that is stored on a server that is remote.
^^^RFI attacks are very dangerous because they allow the attacker to control the executed code without having to store a file on the server locally.
When attackers discover a file inclusion weakness, what do they normally like to do?
Attackers like to install a web shell when they discover a file inclusion weakness because it lets them run commands on the server and then they can look at them in a browser directly.
This lets the attacker use HTTP and HTTPS and avoid detection by security scanners.
The attacker may also fix the detected vulnerability in order to keep another attacker out and/or to keep the security team from figuring out what is going on.