Chapter 11 Secure Protocols and Applications Flashcards

1
Q

What is DNS and why is it important to use DNSSEC?

A

DNS (Domain Name System) is a protocol that translates domain names into IP addresses. DNSSEC (DNS Security Extensions) is important to ensure the integrity and authenticity of DNS data. It uses digital signatures to prevent DNS spoofing and other attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the security risks associated with DNS?

A

DNS is susceptible to domain hijacking, URL redirection, and cache poisoning attacks. These can lead to unauthorized control of domains, redirecting users to malicious websites, and manipulating cached DNS data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is SNMP and why is version 3 recommended for use?

A

SNMP (Simple Network Management Protocol) is used for network management and monitoring. SNMP version 3 is recommended because it provides encryption and authentication, ensuring secure communication between management systems and network devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What protocol replaced Telnet for secure terminal communication?

A

SSH (Secure Shell) replaced Telnet for secure terminal communication. Telnet had no encryption, while SSH provides secure encrypted communication and runs on TCP Port 22.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the secure alternatives to FTP?

A

The secure alternatives to FTP (File Transfer Protocol) are FTPS (FTP over SSL) and SFTP (SSH File Transfer Protocol). FTPS runs through an SSL tunnel on TCP Port 990, while SFTP runs through SSH on TCP Port 22.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is SRTP and what is its purpose?

A

SRTP (Secure Real-Time Transport Protocol) is used for securing voice over IP (VoIP) communications. It provides encryption and authentication to protect the privacy and integrity of voice data. SRTP runs on UDP Port 5004.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is plain FTP vulnerable?

A

Plain FTP (File Transfer Protocol) is vulnerable because when authenticating, the username and password are sent over the network in plain text, making it susceptible to network sniffing attacks. If an attacker captures the network traffic, they can obtain the credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you capture and analyze FTP traffic using Wireshark?

A

In Wireshark, you can capture and analyze FTP traffic by applying a filter for the FTP protocol. Simply enter “FTP” in the filter bar and press enter to display only FTP-related packets. Wireshark provides detailed information about the FTP headers and the transmitted data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What measures can be taken to protect FTP traffic?

A

Using secure versions of FTP, Limiting network access to trusted entities to minimize the risk of unauthorized interception. Implementing IPsec (IP Security) on the internal LAN to encrypt the communication between endpoints.Enforcing strong passwords and implementing user authentication mechanisms to prevent unauthorized access to FTP servers.Implementing network monitoring and intrusion detection systems to detect any suspicious activity on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can you hide the true identity of a web server host?

A

By using techniques like load balancing, reverse proxy, and network address translation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the recommended protocol for securing web applications?

A

HTTPS (HTTP over SSL/TLS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What should be used to enable HTTPS on a web server?

A

A certificate issued to the server, which is used to configure the HTTPS binding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What should be the minimum version of TLS used for securing web applications?

A

TLS 1.2 or higher.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is LDAPS?

A

LDAPS (LDAP over SSL/TLS) is a secure version of the Lightweight Directory Access Protocol, which utilizes SSL/TLS for encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which port does LDAPS typically operate on?

A

Port 636.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is S/MIME used for in the context of email?

A

S/MIME (Secure/Multipurpose Internet Mail Extensions) is used for email encryption and digital signatures.

17
Q

What are some common mail protocols that can be secured with certificates?

A

SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol), and IMAP (Internet Message Access Protocol).

18
Q

What is domain reputation in the context of email security?

A

Domain reputation refers to the practice of subscribing to external lists of known spamming domain names to block or allow incoming email based on reputation.

19
Q

What should be avoided due to known vulnerabilities?

A

Older protocols like SSL and lower versions of TLS.

20
Q

What is a Cross-Site Request Forgery (CSRF)?

A

It is an attack where an attacker tricks a victim into making a malicious request on their behalf.

21
Q

How does CSRF attack work on the client-side?

A

The attacker gains access to the victim’s session tokens and uses them to send malicious requests without the victim’s knowledge.

22
Q

What are the potential consequences of a successful CSRF attack?

A

The attacker can perform unauthorized actions on behalf of the victim, such as transferring funds or making changes to their account.

23
Q

What is a server-side CSRF attack?

A

It is an attack where the attacker compromises a web server to make requests on other servers.

24
Q

How can CSRF attacks be prevented?

A

Hardening client devices, using Web Application Firewalls (WAF), and implementing anti-CSRF tokens or mechanisms in the web application.

25
Q

What is a Cross-Site Scripting (XSS) attack?

A

It is an attack where an attacker injects malicious code (usually JavaScript) into a vulnerable website, which is then executed by unsuspecting users.

26
Q

How does XSS attack work?

A

Attackers exploit web applications that do not properly validate or sanitize user input, allowing them to inject malicious code into the website. When other users view the infected page, the injected code executes on their browsers.

27
Q

What is the difference between client-side and server-side XSS attacks?

A

Client-side XSS attacks involve injecting and executing malicious code on the client’s web browser. Server-side XSS attacks involve injecting and executing code on the server-side, which can affect multiple clients.

28
Q

How can XSS attacks be prevented?

A

Secure coding practices should be followed, where all user input is treated as untrusted and properly validated or sanitized. Input validation and output encoding can help prevent XSS attacks. Regular vulnerability scanning and the use of web application firewalls (WAFs) can also provide additional protection.

29
Q

What is the OWASP Top 10?

A

The OWASP Top 10 is a list of the ten most common web application security risks published by the Open Web Application Security Project (OWASP), a nonprofit organization. It helps identify and prioritize the most critical security vulnerabilities in web applications.

30
Q

What are some examples of the OWASP Top 10 vulnerabilities?

A

Some examples include injection attacks (such as SQL injection and OS command injection), broken authentication, sensitive data exposure, XML external entity (XXE) attacks, broken access control, security misconfigurations, cross-site scripting (XSS), insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring.

31
Q

What are some techniques to mitigate web application vulnerabilities?

A

Secure coding practices should be followed, including input validation and output encoding to prevent injection attacks. Web application firewalls (WAFs) can help detect and prevent attacks. Other measures include implementing proper authentication and authorization mechanisms, encrypting sensitive data at rest and in transit, regular vulnerability scanning, and conducting thorough security testing, such as static code reviews and dynamic runtime testing (fuzzing).

32
Q

: What is the role of software developers in web application security?

A

Software developers have a crucial role in ensuring web application security. They need to adhere to secure coding practices, validate and sanitize user input, implement proper authentication and authorization mechanisms, and use trusted components and APIs. Security should be considered throughout the software development lifecycle (SDLC), and continuous integration and continuous delivery (CI/CD) practices can help automate security checks and ensure secure code deployment.

33
Q

What is the role of administrators in web application security?

A

Administrators are responsible for managing the servers where web applications are hosted. They need to implement security measures such as secure configurations, access controls, regular updates and patching, monitoring and logging, and intrusion detection systems. Administrators should also ensure secure deployment and configuration of infrastructure resources, such as virtual machine templates and cloud resources.

34
Q

What is OWASP ZAP?

A

OWASP ZAP (Zed Attack Proxy) is a free and open-source web application security testing tool. It is designed to help identify vulnerabilities in web applications by performing automated scans and tests.

35
Q

How can OWASP ZAP be used to assess web application security?

A

OWASP ZAP can be used to scan web applications for vulnerabilities by intercepting and analyzing HTTP requests and responses. It crawls through the application, identifies links, files, and scripts, and performs various security tests such as injection attacks, broken authentication, sensitive data exposure, and more. The tool provides detailed reports on the identified vulnerabilities and helps in understanding and remediating them.

36
Q

How to download and install OWASP ZAP?

A

OWASP ZAP can be downloaded from the OWASP ZAP website (https://www.zaproxy.org/download/). Select the appropriate version for your platform (e.g., Windows 64-bit installer) and ensure that you have Java Runtime Environment (JRE) installed on your machine. Once downloaded, run the installer and follow the installation instructions.

37
Q

How does OWASP ZAP work?

A

OWASP ZAP acts as a proxy between the user’s browser and the web application. It intercepts and analyzes the HTTP traffic, allowing it to identify vulnerabilities and security issues. The tool performs automated scans, analyzes the application’s responses, and provides reports on the identified vulnerabilities. It can also be used for manual testing, exploring and modifying requests, and observing application behavior.

38
Q

What are the benefits of using OWASP ZAP for web application security?

A

OWASP ZAP provides a comprehensive set of features for web application security testing. It helps identify common vulnerabilities, such as injection attacks, broken authentication, insecure configurations, and more. By using the tool, developers and administrators can gain insights into the security weaknesses of their applications, prioritize fixes, and take appropriate measures to enhance the overall security posture.