Ch7: Protecting Against Advanced Attacks Flashcards
Spoofing attacks
typically change data to impersonate another system or person
ARP poisoning attacks
attempt to mislead systems about the actual MAC address of a system. Sometimes used in MITM attacks
DNS poisoning attacks
attempt to corrupt DNS data
Amplification attacks
A type of DDoS attack that increases the amount of traffic sent to or requested from a victim and can be used against a wide variety of systems, including individual hosts, DNS servers, and NTP servers
Brute force attacks
Attempt to guess passwords by trying every combination. Online attacks guess the password of an online system. Offline attacks guess the password stored in a file, such as a database
Dictionary attacks
use a file of words and common passwords to guess a password
These protect against brute force attacks
Account lockout policies
These can help prevent dictionary attacks
Complex passwords
Pass the hash attack
attempts to use an intercepted hash to access an account
Salting
adds random text to passwords before hashing them and thwarts many password attacks, including rainbow table attacks
Hash collision
occurs when the hashing algorithm creates the same hash from different passwords
Birthday attacks
exploit collisions in hashing algorithms
To defeat replay attacks, use
timestamps and sequence numbers
Typo squatting/URL hijacking
Attackers purchase similar domain names. Users visit the typo squatting domain when they enter the URL incorrectly with a common typo
Session hijacking attack
attacker utlizes the user’s session ID to impersonate the user
Domain hijacking attack
attacker changes the registration of a domain name without permission from the owner
Buffer overflows
occur when a program receives more data than it can handle, or receives unexpected data that exposes the system memory
Buffer overflow attacks often include
nop sleds followed by malicious code. Input validation helps prevent buffer overflow attacks
Input validation protects against
buffer overflow, SQL injection, command injection, and cross-site scripting attacks
Error and exception handling helps
protect the integrity of the OS and controls the errors shown to users
When errors occur, applications should…
show generic errors to the users but log detailed information
Static vs dynamic code analysis
Static analysis examines the code without running it and dynamic analysis checks the code while it is running
Fuzzing
sends random strings of data to applications looking for vulnerabilities
Stress testing
verifies an application can handle a load
Sandboxing
runs an application within an isolated environment to test it
Model verification
ensures that the application meets all specifications and fulfills its intended purpose
SDLC models
Software development life cycle models provide structure for software development
Secure DevOps
an agile-aligned methodology that stresses security throughout the lifetime of the project
Normalization
a process used to optimize databases. While there are several normal forms available, a database is considered normalized when it conforms to the first three normal forms
SQL injection attacks
used to pass queries to back-end databases through web servers. Many attacks use the phrase “ or ‘1’=’1’” to get access
XSS
Cross-site scripting attacks allow attackers to capture user information such as cookies. Input validation techniques at the server help prevent XSS attacks
XSRF
Cross-site request forgery scripting causes users to perform actions on web sites, such as making purchases, without their knowledge. In some cases, it allows attackers to steal cookies and harvest passwords