(7) Vulnerabilities, Overflows, Escalation Flashcards
Describe security patches, what should security analysts be aware of?
Security patches need to be a very high priority in any security program. Be sure to install security patches as soon as you can verify that it won’t disrupt operations on other systems
What is a buffer overflow attack?
A buffer overflow attack happens when an attacker manipulates a program into putting more data into memory than that program should reasonably use. The goal is to overwrite information in memory with instructions that may be acted on by a different process running on the system.
What is an integer overflow?
An integer overflow is a type of buffer overflow where the result of a mathematic operation tries to put an integer in place that is too big to fit in the specified buffer
What types of memory do buffer overflows target?
Buffer overflows could target two types of memory.
Stack overflows go after the stack, which stores variable values and is managed by the OS
Heap overflows target the heap, which puts objects created by code and must be handled by application developers
What is a rootkit?
A rootkit is a hacking tool that is used to automate privilege escalation attacks. A rootkit is normally used to exploit a vulnerability and perform a privilege escalation attack, trying to gain admin rights on a system.
What is a code execution vulnerability?
Code execution vulnerabilities allow an attacker to run software of their choice on the target computer
What is remote code execution?
Remote code execution is a very dangerous vulnerability where the attacker can take advantage of a vulnerability over a network connection without physical or logical access to a system
What should system admins do about debug mode?
System admins should make sure that debug mode is turned off or severely limited on all systems to avoid giving out information to hackers
What do security admins need to remember about SSL/TLS
SSL is outdated and should not be used as it is not secure, TLS Should be used instead
What do the SSL and TLS protocols describe?
SSL And TLS protocols describe how cryptographic ciphers can be used in secure network communications.
They allow admins to designate the cryptographic ciphers that can be put in place with those protocols on a system by system basis.
They exchange a list of ciphers that each system supports and agree on the best one
What do SSL And TLS rely on?
SSL and TLS rely on the use of digital certificates to check the identity of servers and provide cryptographic keys between each other.
What certificate errors can vulnerability scanners find?
Common certificate errors might include:
Mismatch between the Name on the certificate and the name of the server (serious error because it could involve the use of a certificate taken from a different site. Sort of a “fake ID” exploit.)
Expiration of the digital certificate
Unknown certificate authority (CA)
Describe what happens with Internal IP Disclosure
Internal IP disclosure happens when a server is not properly configured to conceal its internal IP address. If Network Address Translation is being used, then server will indeed have its own public IP to use to connect to the greater Internet, but the internal IP needs to be kept a secret by not allowing the server to include its private IP address in an HTTP request header.