Chapter 5 Securing Individual Systems Flashcards
Malware
Software that is detrimental to the operation of a host or system, causing harm or disruption.
Virus
A type of malware that replicates itself by attaching to other executable files or programs and activates to perform malicious actions.
Ransomware
A form of malware that encrypts a victim’s files or system, demanding a ransom payment to restore access or decrypt the data.
Worm
A self-replicating type of malware that spreads through networks or the internet without requiring user interaction, often utilizing email or other communication channels.
Trojan
A type of malware that disguises itself as legitimate software or files, tricking users into executing them, allowing unauthorized access or control of the system.
Remote Access Trojan (RAT)
A type of Trojan that enables remote control and administration of a victim’s computer or system, providing unauthorized access to the attacker.
Backdoor
A hidden entry point or vulnerability intentionally created by a developer or attacker to bypass security measures and gain unauthorized access to a system.
Keylogger
A type of malware that records and captures keystrokes made by a user, allowing an attacker to monitor and collect sensitive information such as passwords or credit card details.
Rootkit
A type of malware designed to gain privileged access and control over a computer or system by concealing its presence and evading detection, often installed at the root level of the operating system.
Logic Bomb
A type of malware that remains dormant until triggered by a specific event or condition, such as a certain date, time, or action. Upon activation, it executes a malicious action, potentially causing damage or disruption to the system or data.
Botnet
A network of computers or devices that have been infected with malware, allowing a remote attacker to control and commandeer them for malicious activities, such as distributed denial-of-service (DDoS) attacks or sending spam emails.
Potentially Unwanted Programs (PUP)
Software programs that are typically installed without the user’s full knowledge or consent and may exhibit behaviors that users find undesirable or annoying, such as displaying intrusive advertisements or changing browser settings. While not necessarily malicious, PUPs are often considered unwanted and can impact system performance or user experience.
What are some examples of weak configurations?
Open Wi-Fi networks, default configurations, guest user accounts, inadequate intruder lockout settings, excessive permissions, improper use of the root account, insecure cryptographic solutions, unnecessary open ports, default installation locations, failure to change default admin credentials.
Why are open Wi-Fi networks a security concern?
Open Wi-Fi networks lack authentication and encryption, making them vulnerable to unauthorized access and data interception.
What is the risk associated with default configurations?
Default configurations in devices like routers or baby monitors prioritize convenience over security, potentially allowing unauthorized access if default settings are not changed.
Why should guest user accounts be disabled if not necessary?
Disabling guest accounts reduces the risk of unauthorized access and helps maintain tighter control over user privileges.
: How can inadequate intruder lockout settings pose a security risk?
Without proper monitoring and limits on failed login attempts, attackers can launch brute force or dictionary-based attacks more easily, potentially compromising user accounts.
What is the principle of least privilege and why is it important?
The principle of least privilege advocates for granting users only the minimum access privileges required to perform their tasks, reducing the risk of unauthorized access or accidental data breaches.
Why is the improper use of the root account a security concern?
The root account in Linux provides full administrative privileges, but its unrestricted use increases the likelihood of mistakes, accidental file deletions, and potential compromise if the account is targeted.
Why are insecure cryptographic solutions a problem?
Outdated or insecure cryptographic algorithms can compromise the security of network communications, potentially leading to unauthorized access or data breaches.
What is the risk associated with unnecessary open ports?
Unnecessary open ports provide potential entry points for attackers, increasing the surface area for potential attacks. Closing or disabling such ports reduces the attack surface and mitigates the risk.
Why should default installation locations be avoided?
Installing software or web servers in default locations can make it easier for attackers to locate and exploit vulnerabilities, potentially leading to unauthorized access or data compromise.
Why is it important to change default admin credentials?
Failure to change default admin usernames and passwords on devices like IoT devices or wireless routers increases the risk of unauthorized access, as default credentials are widely known and easily exploited.
What is a zero day attack?
A zero day attack is an exploit that takes advantage of a vulnerability in software or hardware that is unknown to the vendor or manufacturer, giving them zero days to fix the issue before it is exploited.
What is the Zero Day Initiative (ZDI)?
The Zero Day Initiative is a program that promotes the responsible disclosure of discovered vulnerabilities to benefit the internet community. It also offers monetary rewards to security researchers for disclosing such vulnerabilities.
What are bug bounty programs?
Bug bounty programs are initiatives offered by companies, such as Intel, Yahoo!, Snapchat, Cisco, Dropbox, Apple, and Facebook, where individuals can receive financial rewards for responsibly disclosing vulnerabilities in their software or systems.
What is a DNS sinkhole attack?
A DNS sinkhole attack involves modifying DNS results to redirect users to malicious websites or servers, leading to potential security risks and data compromise.
What is privilege escalation?
Privilege escalation refers to the process of gaining higher levels of access or privileges on a compromised system or network, often achieved through cracking passwords or exploiting vulnerabilities.
What are replay attacks?
Replay attacks involve capturing and manipulating network conversations or secure cookies to deceive systems or gain unauthorized access to secure networks or websites.
How can pointer and object referencing be exploited?
Attackers can manipulate memory pointer locations, potentially leading to the disclosure of sensitive information or causing denial of service attacks by writing to improper memory locations.