Attacks Flashcards

1
Q

How does a brute force attack work?

A

Try every combination to break into a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can a brute force attack be made easier for the attacker

A

Humans are predictable and therefore many passwords follow a pattern

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can we defend from a brute force attack

A

Timeouts - only allow for x attempts per min
Limit number of attemps
Captchas - should stop bots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a man in the middle attack?

A

When a bad actor intercepts data, and forwards it to the intended recipient after reading it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is one type of cookie theft?

A

Session fixation - An attacker sets a user’s session id to one that they have set up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is another type of cookie theft?

A

Malware can be used to steal cookie files from the victim’s computer so that they can be impersonated on websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is cross site scripting?

A

Exploits flaws in the client or server to trick the computer into running outside code as if it were trustworthy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can we defend against cookie theft?

A

Authentication and tamper detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a DDos attack?

A

Distributed denial of service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does a DDos attack work?

A

A botnet is created by infecting lots of computers

These then send thousands of requests to a server(s) at once

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can servers defend from DDos attacks?

A

Traffic filtering - IP rep. lists, deep packet inspection, black/whitelisting, rate limiting
Load balancing - Move traffic to other servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a vertical privilege escalation attack?

A

When a lower privilege user gets access to content reserved for higher access users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a horizontal privilege escalation attack?

A

When a user accesses content reserved for other users on the same access level (if a bank user a gets access to user b’s bank account)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an SQL injection attack?

A

When attackers concatenate strings in input to gain access to the database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can we protect from SQL injection attacks?

A

Sanitizing data: Control what the user is allowed to input
Configure error reports: These can often tell attackers lots about a system
Type checks: If the input is supposed to be an int, make it an int

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a buffer overflow attack?

A

When lots of data is sent to a system, in order to fill up the buffer. It is then possible to write to places where it wouldn’t usually be able to.

17
Q

How can we protect from buffer overflow attacks?

A
  • Defensive coding
  • Separation of code and data
  • Heap manager sanity checks and code execution analysis tools
18
Q

What is phishing?

A

When people try to impersonate institutions such as banks, amazon etc.

19
Q

How do phishing attacks work?

A

They use alarmist and/ or enticing phrasing to try to panic the user.