Common Security Threats Flashcards

1
Q

3 major categories of attacks

A
  1. Reconnaissance Attacks
  2. Access attacks
  3. DoS attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Reconnaissance Attacks

A
  • known as information gathering
  • think of thief scouting neighbourhood for vulnerable houses
  • hackers use recon attacks to do unauthorized discovery and mapping of systems, services, or vulnerabilities
  • recon attacks precede access attacks or DoS attacks and often employ the use of widely available tools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Steps of a Reconnaissance Attack

A
  1. Perform an information query of a target
  2. Initiate a ping sweep of the target network
  3. initiate a port scan of active IP addresses
  4. run vulnerability scanners
  5. run exploitation tools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Attacks

A

Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 reasons hackers would use access attacks

A
  1. to retrieve data
  2. to gain access
  3. to escalate access privileges
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Types of Access attacks

A
  1. password attack
  2. Trust exploitation
  3. port redirection
  4. MITM
  5. Buffer overflow
  6. IP, MAC, DHCP spoofing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IP, MAC, and DHCP spoofing attacks

A

Spoofing attacks are attacks in which one device attempts to pose as another by falsifying data. There are multiple types of spoofing attacks. For example, MAC address spoofing occurs when one computer accepts data packets based on the MAC address of another computer. ​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Buffer Overflow

A

This is when a hacker exploits the buffer memory and overwhelms it with unexpected values. This usually renders the system inoperable, creating a DoS attack. It is estimated that one third of malicious attacks are the result of buffer overflows.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

MITM Man-In-The-Middle Attack

A

The hacker is positioned in between two legitimate entities in order to read or modify the data that passes between the two parties. ​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Port Redirection

A

This is when a hacker uses a compromised system as a base for attacks against other targets. ​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Trust Exploitation

A

A hacker uses unauthorized privileges to gain access to a system, possibly compromising the target. ​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Password Attack

A

Hackers attempt to discover critical system passwords using various methods, such as social engineering, dictionary attacks, brute-force attacks, or network sniffing. Brute-force password attacks involve repeated attempts using tools such as Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, and Medusa. ​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Social Engineering

A
  • Social engineering is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information. ​
  • Let’s say a hacker calls an authorized employee with an urgent problem that requires immediate network access. The hacker could appeal to the employee’s vanity, invoke authority using name-dropping techniques, or appeal to the employee’s greed.​
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Social Engineering attacks

A
  • Pretexting
  • Phishing
  • Spear Phishing
  • Spam
  • Tailgating
  • somthing for somthing (quid pro quo)
  • Baiting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Phishing

A

Phishing is when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source. The message intends to trick the recipient into installing malware on their device, or into sharing personal or financial information.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Pretexting

A

This is when a hacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Social Engineering Toolkit​

A

The Social Engineering Toolkit (SET) was designed to help white hat hackers and other network security professionals create social engineering attacks to test their own networks.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Baiting

A

This is when a hacker leaves a malware-infected physical device, such as a USB flash drive in a public location such as a corporate washroom. The finder finds the device and loads it onto their computer, unintentionally installing the malware.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Something for Something​

(Quid pro quo)​

A

This is when a hacker requests personal information from a party in exchange for something like a free gift.​

20
Q

Tailgating

A

This is when a hacker quickly follows an authorized person into a secure location. The hacker then has access to a secure area.​

21
Q

SPAM

A

Hackers may use spam email to trick a user to click an infected link or download an infected file.​

22
Q

Spear Phishing

A

This is a targeted phishing attack tailored for a specific individual or organization. ​

23
Q

Denial of Service Attacks

A

A DoS attack results in some sort of interruption of service to users, devices, or applications

there are 2 major sources of DoS attacks:

  • Maliciously formatted packets
  • Overwhelming Quantity of Traffic
24
Q

DoS: Overwhelming Quantity of Traffic

A

This is when a network, host, or application is unable to handle an enormous quantity of data, causing the system to crash or become extremely slow.

25
Q

DoS: Maliciously Formatted Packets

A

This is when a maliciously formatted packet is forwarded to a host or application and the receiver is unable to handle an unexpected condition

An example of this would be a hacker forwards packets containing errors that cannot be identified by the application, or forwards improperly formatted packets. This causes the receiving device to crash or run very slowly

26
Q

DoS: TCP SYN Flood Attack

A

In this type of attack, a hacker sends many TCP SYN session request packets with a spoofed source IP address to an intended target. ​

The target device replies with a TCP SYN-ACK packet to the spoofed IP address and waits for a TCP ACK packet.

However, the responses never arrive, and the target hosts are overwhelmed with TCP half-open connections.​

27
Q

Distributed Denial of Service attack (DDoS)

A

similar in intent to a DoS attack, except that a DDoS attack increases in magnitude because it originates from multiple, coordinated sources. ​

DDoS attacks also introduced new terms such as botnet, handler systems, and zombie computers.​

The most common DDoS attack right now is going through HTTP (about 80% of current DDoS attacks). Whether it is using SSL to attack or using hashing attacks, it seem that HTTP is the protocol being picked on. ​

28
Q

DDoS: Sloworis

A
  • Kali linux does support this
  • Sloworis allows you to send a very slow pace of attack that’s designed to keep the tables full and so you start eating up a lot of information processing power. ​
29
Q

DDoS: Collision hashing

A

This type of attack is telling these HTTP web servers that they got a hash problem and they need to recompute and figure out where all these problems are happening and start redoing these hashes.

Anytime you do any type of crypto or any type of calculations like that, it eats up a ton of resources.

30
Q

Attack Methods Summary​

A

Reconnaissance​

Access​

Social Engineering​

Privilege Escalation​

Back Doors​

Code Execution​

Covert Channel​

Trust Exploitation​

Brute Force Attacks (Password Guessing)​

Botnets​

DoS and DDoS​

31
Q

Primary Vulnerabilities for end device attacks

A

Viruses
Worms
Trojan Horse attacks

32
Q

Viruses

A
  • A virus is malicious code that is attached to executable files which are often legitimate programs. ​
  • Viruses normally require end user activation, which means that they can lay dormant for an extended period and then activate at a specific time or date. ​
  • Viruses can be harmless, such as those that display a picture on the screen, or they can be destructive, such as those that modify or delete files on the hard drive. Viruses can also be programmed to mutate to avoid detection.​
  • Most viruses are now spread by USB memory drives, CDs, DVDs, network shares, and email. Email viruses are now the most common type of virus.​
33
Q

Worms

A
  • Worms replicate themselves by independently exploiting vulnerabilities in networks.
  • While a virus requires a host program to run, worms can run by themselves. Once the device has been infected, the worm no longer requires user participation and the worm is able to spread very quickly over the network.
  • Notable worm attacks: Code red worm (2001) 658 servers to over 300k in 19 hours,
34
Q

SQL Slammer Worm

A

aka the worm that ate the internet

  • DoS attack that exploited a buffer overflow bug in MS SQL server
  • at its peak it infected 250k + hosts, doubled every 8.5 seconds
  • patch that fixed this vulnerability was deployed 6 months earlier, servers that were attacked did not update in time
35
Q

Trojan Horse

A

A Trojan horse is malware that carries out malicious ​operations under the guise of a desired function.

  • exploits the privileges of the user that runs it
  • It can cause immediate damage, provide remote access to the system, or access through a back door. It can also perform actions as instructed remotely, such as “send me the password file once per week.”
36
Q

Trojan Horse Classifications

A
  • Remote-access Trojan Horse - enables unauthorized remote access
  • Data-sending Trojan horse - sends data to attackers, passwords etc
  • Destructive trojan horse - corrupts or deletes files
  • Proxy Trojan Horse - uses victims computer as source for illegal activities
  • FTP trojan horse - enables unauthorized file transfer
  • Security software disabler trojan Horse - This stops antivirus programs or firewalls
  • DoS trojan - slows or halts network activity
37
Q

Rootkit

A

This malware is installed on a compromised system. After it is installed, it continues to hide its intrusion and maintain privileged access to the hacker. ​

38
Q

Scareware

A

This malware includes scam software which uses social engineering to shock or induce anxiety by creating the perception of a threat. It is generally directed at an unsuspecting user. ​

39
Q

Adware

A

This malware typically displays annoying pop-ups to generate revenue for its author. The malware may analyze user interests by tracking the websites visited. It can then send pop-up advertising pertinent to those sites. ​

40
Q

Spyware

A

This malware is used to gather information about a user and send the information to another entity, without the user’s consent. Spyware can be classified as a system monitor, Trojan horse, Adware, Tracking cookies, and key loggers.​

41
Q

Ransomware

A

This malware denies access to the infected computer system. The ransomware then demands a paid ransom for the restriction to be removed. ​

42
Q

12 Domains of Network Security

A
Risk Assessment
security Policy
Organization of information security
Asset Management
Human resources security
physical environment security
communications and operations management
information systems acquisition, development, and maintenance
access control
information security incident management
business continuity management
compliance
43
Q

Mitigating Trojans and Viruses

A
  • end user based
  • Use and antivirus and keep it up to date
  • Keep employees educated about security and phishing etc
44
Q

Mitigating worms

A
  • network based
  • Containment if it happens need to contain the incident: segregate parts of the network to stop or slow the worm’s spread
  • quarantine: find which systems are infected and quarantine/remove them from the network
  • inoculation: happens same time or before quarantine: remove non infected systems and patch them immediately
  • treatment: remove the software the worm uses or fully wipe and reinstall the device
45
Q

Mitigating Reconnaissance attacks

A
  • Implement authentication to ensure proper access
  • use encryption to render packet sniffer attacks useless
  • use anti-sniffer tools to detect packet sniffer attacks
  • implement a switched infrastructure
  • use a firewall and IPS

These attacks can be detercted by preconfigured alarms or notifications: such as the number if icmp requests per second

46
Q

Network Foundation Protection

A
systematically breaking down the infrastructure into smaller components and then systematically focusing on how to secure each of those components.​
3 planes or functionalities: 
 - management plane
 - control plane
 - data plane