701 - Chapter 7 Flashcards
What is an attack from one attack against one Target? And what is an attack from two or more computers against a single target? And what is the goal of both of these attacks? What is an indicator of this attack?
Denial of service DOS… distributed
denial of service DDOS… resource exhaustion… A high amount of network traffic on the network interface card
What are the two major variants of a DDOS attack?
Reflected and amplified
Which variant of a DDOS attack involves using third-party servers to redirect traffic to the Target?
Reflected
Which variant of a DDOS attack involves combining reflection techniques with amplification to generate an even greater volume of traffic directed at the target?
Amplified
This common denial of service/distributed denial of service attack, disrupts the TCP handshake process and can prevent legitimate clients from connecting?
SYN Flood attack
How does a SYN flood attack work?
The attacker never completes the last step of the handshake process by sending the ACK packet and the attacker sends a barrage of SYN packets leaving the server with multiple half open connections
This attack occurs when an attack or creates a fake identity, certificate, file, or other object in an attempt to fool and unsuspecting user or system? And what is an example that occurs when one person or entity, impersonates or masquerades as someone or something else?
Forgery…spoofing
What are three common spoofing methods?
Email address, IP address, media access control MAC address
This attack is a form of active interception and modification or active monitoring. It uses a separate computer that accepts traffic from each party in a conversation and forward to the traffic between the two? And what is another name for this attack?
On – path attack… Man in the middle attack
What are two indicators of an on path attack?
A delay in the communication between the two computers due to having to go through the man in the middle and the computer certificates used to create to secure sessions, may not be issued by a trusted certificate authority. Therefore users will receive certificate warnings and can only continue if they ignore the warnings.
What other technology is susceptible to on path attacks if administrators ignore warnings regarding previously established keys were changed?
Secure shell sessions SSH
This attack changes, an encrypted hTTPS connection to an unencrypted HTTP connection? With this attack, when does the attack have to occur to be successful? And what is an indication of this attack?
SSL stripping… at the beginning of the TLS negotiation… If the browser URL indicates not secure or the URL includes http instead of https
What attack attempts to modify or corrupt DNS data that is stored on a DNS server? And what is an indicator of this attack?
DNS poisoning… When the user attempts to go to a known website, but as directed to a different one…
What what is another a type of attack that manipulates DNS and redirect users to different websites? What is the major difference between this attack and a DNS poisoning attack? And what is modified?
Pharming…pharming attacks corrupt DNS information on a user system… the hosts file
What attack is used to redirect traffic to a different page within a site internally or externally??
URL redirection
This attack changes, a domain name registration without permission from the owner?
Domain hijacking attack
What uses block lists of known malicious domain names and either refuses to provide IP addresses for those malicious sites or provide incorrect results for them?
DNS filtering
What enables a request to be intercepted and does not allow the request to reach the server or site requested?
A DNS sinkhole
What can be useful in identifying potentially malicious websites?
DNS log files
What attack captures data in a session to impersonate one of the parties in the session? This attack can occur on what types of network? And what is an effective countermeasure against this type of attack?
Replay attack…wired and wireless networks… Timestamps, sequence number, multifactor authentication
What protocol helps prevent replay attack by using time stamped tickets?
Kerberos
What is the practice for developers of checking data for validity before using it called?
Input validation
True or false improper input handling or the lack of input validation is one of the most common security issues with web-based application applications
True
What are the different types of attacks that can occur without input validation?
Buffer overflow, SQL injection, DLL injection, cross site scripting
What are four input validation checks that a developer can use on a webpage?
Verifying proper characters that should be in a field, blocking HTML code, preventing the use of certain characters, implementing bound or range checking
Where are the two locations that a developer can perform input validation? Of these two, which is the most secure? And why?
Client side and server side…server side… because it is possible to bypass client side validation techniques
What is another input validation technique? And how does it work?
HTML escaping or HTML and coding… It works by replacing HTML symbols with their ASCII replacement characters
When two or more modules of an application or two or more applications attempt to access a resource at the same time it can cause a conflict known as what?
A race condition
What is a specific type of race condition that can be exploited and what is another name for that?
A time of check to time of use TOCTOU… a state attack
What are the two important points about error reporting and handling?
Errors to users should be general, detailed information about the provides information to the attackers… detailed information regarding the error should be logged as this will provide the developers the info they need to fix the problem
What does error and exception handling do for the system?
It helped protects the operating systems, integrity, and controls the error shown to the user
What can be done to make code unclear or difficult to understand?
Code obfuscation
What can be used to mimic the use of multiple different core languages by including functions and modules used by several different languages?
Software diversity
What are four potential vulnerabilities to outsourcing development?
Ensure that the code works as expected, Vulnerable code if best practices are not used, malicious code can be inserted, lack of future updates
What can be done in an application to protect unencrypted data in use?
Flush the memory buffers
What are three HTTP headers that are recommended as best practice to be used?
HTRP strict transport security…content security policy…X frame options
What is a cookie that has the secure attribute set? And what does this do? And how does it help against an attack?
A secure cookie… it insures that the cookie is only transmitted over secure encrypted channels such as HTTPS… Protect the confidentiality of the cookies, contents and prevent attackers from reading them
What are two benefits of codes signing?
The certificate identifies the author… the hash verifies The code has not been modified.
What form of code review and testing examines the code without executing it? What can assist with this effort?
Static code analysis… Automated tools
What form of code review and testing goes through the code line by line? And who does this?
Manual code review… someone other than the programmer who wrote the code
What form of code review and testing check the code while it is running?
Dynamic code analysis
What form of testing sends random strings of data to applications looking for vulnerabilities?
Fuzz testing
What is an isolated area specifically created for testing called?
Sandboxing
True or false it is not important to monitor the use of shared code packages throughout your organization
False… the shared packages can be used in multiple programs and each one can be impacted anytime a change is made or a vulnerability is found
What tracks the version of software, as it is updated, including, who made the update and when it was made?
Software version control
What are the different stages in a secure development environment?
Development, testing, staging, production, quality assurance
What do attackers use to pass queries or to backend databases through web servers?
SQL injection attacks
What code snippet is common in a sequel injection attack to trick the database server into providing information?
‘ or 1=1
What can be done to help prevent SQL injection attacks?
Input validation techniques and stored procedures
What is a bug in an application that causes the application to consume more and more memory the longer and runs and can an extreme cases cause the system to crash?
Memory leak
What occurs when an application receives more input than it expects? And what is the result?
Buffer overflow… an error that exposes system memory that would otherwise be protected and inaccessible
When attackers identify a buffer overflow, they can exploit it and overwrite memory locations with their own code, what is this called? What is the best defense against buffer overload?
Memory injection… keep the system updated with current patches and input validation
What is it when an attacker attaches a malicious DLL to a running process?
DLL injection
What is the best defense against an LDAP or XML injection attack?
Validating the input
What type of attack attempts to access a file by including the full directory path or moving around the directory structure on a computer? How do you defend against this attack?
Directory traversal… disabling directory traversal
What is the vulnerability that allows attackers to inject scripts into webpages? What are the two types? How do you defend against this attack?
Cross site scripting… reflected, or non-persistent and stored or persistent… with sophisticated input validation techniques
What cross scripting attack is often placed within a fishing email, but can also be placed on a public website, and retrieves the malicious URL via a click?
Reflected or non-persistent
What cross site scripting attack has the malicious code stored in a database or other location trusted by the web application?
Stored or persistent
This automation and scripting use case automates the process of creating updating a route and removing accounts and permissions?
User provisioning
This automation and scripting use case creates configures and decommissions resources such as virtual machines storage and networks, and helps maintain the standard eye secure environment?
Resource provisioning
This automation and scripting use case enforces security policies, and ensure that security best practices are consistently followed?
Guard rails
This automation and scripting use case ensures that access controls are consistently applied to network resources and that they are updated as needed to address changes in the threat landscape?
Security groups
This automation scripting use case can be used to streamline incident response processes and ensures that issues are quickly reported and assigned to the appropriate teams?
Ticket creation
This automation and scripting use case can be used to escalate security incidents or vents to the appropriate personnel or teams based on predetermined criteria. This improves response time and reduces the potential impact of security threats.
Escalation
This automation and scripting use case can be employed to enable or disable services and access based on various criteria such as user role, security policies or risk assessments it helps maintain a secure environment by limiting unnecessary access and reducing potential services?
Enabling and disabling services and access
This automation and scripting use case ensures that code is consistently reviewed, tested and employed and secure manner and can help prevent the introduction of sec, security vulnerabilities, and maintain compliance with security standards?
Continuous integration and testing
This automation and scripting use case can be used to integrate various security tools and platforms, allowing them to work together more effectively and share information in real time? APIs can be employed to enable those integrations.
Integrations and APIs
What are the seven benefits of automation and scripting?
Efficiency and time saving, enforcing baselines, standard infrastructure configurations, scaling in a secure manner, employee retention, reaction time, workforce multiplier
What are some of the potential drawbacks and challenges with automation and scripting?
Complexity, cost, single point of failure, technical debt, ongoing supportability
