Chapter 7 Protecting Against Advanced Attacks Flashcards

1
Q

A DoS attack is an attack launched from a single system and attempts to disrupt services.

A

DDoS attacks are DoS attacks from multiple computers. DDoS attacks typically include sustained, abnormally high network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Spoofing attacks attempt to impersonate another system. MAC address spoofing changes the source MAC address and IP spoofing changes the source IP address.

A

ARP poisoning attacks attempt to mislead computers or switches about the actual MAC address of a system. They can be used to launch a man-in-the-middle attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DNS poisoning attacks modify DNS data and can redirect users to malicious sites. Many DNS servers use DNSSEC to protect DNS records and prevent DNS poisoning attacks.

A

Amplification attacks send increased traffic to, or request additional traffic from, a victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Password attacks attempt to discover passwords. A brute force attack attempts to guess all possible character combinations and a dictionary attack uses all the words and character combinations stored in a file. Account lockout policies thwart online brute force attacks and complex passwords thwart offline password attacks.

A

Passwords are often stored as a hash. Weak hashing algorithms are susceptible to collisions, which allow different passwords to create the same hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In a pass the hash attack, the attacker discovers the hash of the user’s password and then uses it to log on to the system as the user.

A

In a birthday attack, an attacker is able to create a password that produces the same hash as the user’s actual password. This is also known as a hash collision.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A hash collision occurs when the hashing algorithm creates the same hash from different passwords.

A

Password salting adds additional characters to passwords before hashing them and prevents many types of attacks, including dictionary, brute force, and rainbow table attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Replay attacks capture data in a session with the intent of using information to impersonate one of the parties. Timestamps and sequence numbers thwart replay attacks.

A

A known plaintext attack is possible if an attacker has both the plaintext and the ciphertext created by encrypting the plaintext. It makes it easier to decrypt other data using a similar method.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Attackers buy domain names with minor typographical errors in typo squatting (also called URL hijacking) attacks. The goal is to attract traffic when users enter incorrect URLs. Attackers can configure the sites with malware to infect visitors or configure the site to generate ad revenue for the attacker.

A

Clickjacking tricks users into clicking something other than what they think they’re clicking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Attackers utilize the user’s session ID to impersonate the user in a session ID attack.

A

Domain hijacking attacks allow an attacker to change the registration of a domain name without permission from the owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A man-in-the-browser is a proxy Trojan horse that exploits vulnerable web browsers. When successful, it allows attacks to capture keystrokes and all data sent to and from the browser.

A

A driver shim is additional code that can be run instead of the original driver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Attackers exploiting unknown or undocumented vulnerabilities are taking advantage of zero-day vulnerabilities. The vulnerability is no longer a zero-day vulnerability after the vendor releases a patch to fix it.

A

Buffer overflows occur when an application receives more data, or unexpected data, than it can handle and exposes access to system memory. Integer overflow attacks attempt to use or create a numeric value bigger than the application can handle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Buffer overflow attacks exploit buffer overflow vulnerabilities. A common method uses NOP instructions or NOP sleds such as a string of x90 commands. Two primary protection methods against buffer overflow attacks are input validation and keeping a system up to date.

A

Compiled code has been optimized by an application and converted into an executable file. Runtime code is code that is evaluated, interpreted, and executed when the code is run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A common coding error in web-based applications is the lack of input validation.

A

Input validation checks the data before passing it to the application and prevents many types of attacks, including buffer overflow, SQL injection, command injection, and cross-site scripting attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Server-side input validation is the most secure. Attackers can bypass client-side input validation, but not server-side input validation.

A

Race conditions allow two processes to access the same data at the same time, causing inconsistent results. Problems can be avoided by locking data before accessing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Error-handling routines within applications can prevent application failures and protect the integrity of the operating systems. Error messages shown to users should be generic, but the application should log detailed information on the error.

A

Code signing uses a digital signature within a certificate to authenticate and validate software code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Code quality and testing techniques include static code analysis, dynamic analysis (such as fuzzing), stress testing, sandboxing, and model verification.

A

Software development life cycle (SDLC) models provide structure for software development projects. Waterfall uses multiple stages with each stage feeding the next stage. Agile is a more flexible model and it emphasizes interaction with all players in a project.

17
Q

Secure DevOps is an agile-aligned methodology. It stresses security throughout the lifetime of the project.

A

Common web servers are Apache (running on Linux) and Internet Information Services (running on Microsoft servers).

18
Q

Databases are optimized using a process called normalization. A database is considered normalized when it conforms to the first three normal forms.

A

SQL injection attacks provide information about a database and can allow an attacker to read and modify data within a database. Input validation and stored procedures provide the best protection against SQL injection attacks.

19
Q

Cross-site scripting (XSS) allows an attacker to redirect users to malicious web sites and steal cookies. It uses HTML and JavaScript tags with < and > characters.

A

Cross-site request forgery (XSRF) causes users to perform actions on web sites without their knowledge and allows attackers to steal cookies and harvest passwords.

20
Q

XSS and XSRF attacks are mitigated with input validation techniques.

A

Frameworks are references that provide a foundation. Cybersecurity frameworks typically use a structure of basic concepts and provide guidance on how to implement security.

21
Q

Regulatory frameworks are based on relevant laws and regulations. A non-regulatory framework is not required by any law.

A

Some frameworks are used within a single country (and referred to as national frameworks), while others are used internationally.

22
Q

Some frameworks only apply to certain industries. As an example, organizations that handle credit cards typically comply with the Payment Card Industry Data Security Standard (PCI DSS).

A

Vendor-specific guides should be used when configuring specific systems.