Chapter 3 Flashcards
Buffer overflows
A programming error relating the range of an array where the reference is out of bounds of the array.
Attackers first cause a system crash and then a controlled failure to bypass security.
Buffer overflow countermeasures
Staying within bounds:
Check lengths before writing
Double check the boundary condition:
This is to catch off by one errors
Programming controls:
Code reviews
Independent testing
Code analysers:
Tools that inspect the code for errors
Mediation
Mediation is checking. Refers to checking an actors authorisation before taking an intended action.
Verifying an actor is authorised to perform the operation on the object
Incomplete mediation
The system allows incorrect input to be captured without checking the data
Time-of-check to time-of-use-errors
Data is changed between access and use. There is a time lag between the two
Undocumented access point
Access is created for development but should be removed before production. A backdoor into the system
Off by one errors
Programmers exceed the array size by one because of incorrect checks on array size
Module testing
Same as component testing
Component testing
Done after unit testing. The subject is tested independently of other components.
Integration testing
Testing of multiple components integrating with each other. A combined testing of components
Functional testing
Tests if the system performs the functions as described by the requirements specification
Performance testing
Tests the system under load for reliability, stability and availability
Acceptance testing
End to end testing of the system against the requirements specification
Installation testing
Tests the system once it has been installed to verify it functions as it should
Malicious code
AKA malware - malicious software. Programs planted to cause undesired or unanticipated effects
Virus
A program that can replicate itself by modifying other non-malicious programs. It spreads through any medium
Worm
A program that spreads through a network
Trojan horse
Malicious code, that in addition to its primary effect has another malicious effect
Virus transmission
Setup and installed programs
Attached file to e-mails
Document virus embedded within a document or spreadsheet
Autorun used to execute virus code at startup or even with USB
Resident virus
Locates itself in memory
Rabbit
Code that replicates itself without limit to exhaust resources
Script attack
Normally JavaScript. Code that is executed when displaying a web page
RAT
Remote access trojan. Trojan horse that once planted gives remote access to the host
Spyware
This is a program that once planted communicates data about the user and their activity
Bot
Semi-autonomous agents running under the control of a remote herder. They are not always malicious
Zombie
Code or a whole computer running under the control of a remote program
Browser hijacker
Changes browser settings. Denies access to specific sites or redirects access to other sites
Rootkit
Code installed on the root or most privileged part of the OS. Difficult to detect
Toolkit
Contains a set of programs or tests that can be used to identify vulnerabilities. Not dangerous in itself
Scareware
This is not code, but a false warning of malicious attack
Virus countermeasures
Use commercial software acquired from established vendors
Test all new software on an isolated computer
Only open attachments if you know them to be safe
Install software and other executable code only when you know them to be safe
Recognise that any website could be infected
Make a recoverable system image and store it safely
Make and retain backups of executable files
Make use of an anti-virus program
