Chapter 8 Securing Public Servers Flashcards
What is a Distributed Denial of Service (DDoS) attack?
A DDoS attack floods a network or host with excessive traffic, rendering it unavailable to legitimate users. Attackers use a botnet, a collection of infected computers, to launch these attacks.
How can DDoS attacks be mitigated?
DDoS attacks can be mitigated through techniques such as throttling (slowing down excessive traffic) and black hole routing (routing malicious traffic to a null destination).
What is DNS hijacking?
DNS hijacking occurs when attackers redirect DNS queries, leading users to fake websites or altering search results. It can be mitigated by hardening DNS servers and implementing secure DNS protocols.
What is typo squatting?
Typo squatting is a form of URL hijacking where attackers create fake websites with similar names to popular ones, exploiting users’ typing mistakes to deceive them. User awareness and careful verification of URLs can help mitigate this.
What is session hijacking?
Session hijacking involves attackers gaining unauthorized access to an authenticated user’s session. Mitigation involves implementing secure web application practices, such as setting the “HTTP Only” flag for cookies.
What is a pass-the-hash attack?
A pass-the-hash attack exploits password hashes stored in memory to gain unauthorized access to network resources. Mitigation involves using updated operating systems that prevent the retrieval of password hashes from memory.
What is a Managed Security Service Provider (MSP)?
An MSP is a third-party provider that offers outsourced cybersecurity services, including 24/7 security monitoring, vulnerability scans, and penetration testing to mitigate attacks and enhance overall security.
What is a monolithic app?
A monolithic app is a large program that is not broken down into smaller components. It is not how modern software development is done.
What are containers?
Containers are lightweight, isolated environments that contain application files and dependencies. They run on a host operating system and do not require a separate operating system like virtual machines.
What is Docker?
Docker is a popular containerization engine that allows the management and deployment of containers. It enables developers to package their applications and dependencies into containers.
How do containers differ from virtual machines (VMs)?
Containers only contain application files and dependencies, while VMs contain an entire operating system. Containers start up quickly as they utilize the underlying host OS, unlike VMs that require the OS to start.
How can containers be managed in Linux?
In Linux, Docker is installed as the container engine. Containers can be pulled from Docker Hub and run using the “docker run” command. They provide an isolated environment for running applications.
What is software-defined networking (SDN)?
SDN is an approach that abstracts network configuration and management from physical network devices. It allows users to configure network settings easily through a GUI or command line without needing detailed knowledge of underlying network equipment.
What are the benefits of using containers?
Containers provide portability, scalability, and rapid deployment of applications. They enable efficient utilization of resources, simplify application management, and improve software development workflows.
How does understanding containers help with security?
Understanding containers is crucial for securing environments. Containers can run services and applications that might not be visible when scanning the host OS. It is essential to have awareness of containerized services to properly secure the environment.
How are containers used in cloud computing?
Containers can be deployed in cloud-based virtual networks. This allows for easy creation and management of network components without needing in-depth knowledge of the underlying infrastructure. Software-defined networking interfaces facilitate this process.
What is a hypervisor?
A hypervisor is an operating system that manages virtual machine guests. It supports the execution and management of multiple virtual machines on a single physical server.
What are the two main types of hypervisors?
The two main types of hypervisors are type one (bare metal) and type two. Type one hypervisors run directly on the host’s hardware, while type two hypervisors run as an application on top of an existing operating system.