Common Threats Flashcards
What types of software require protection beyond just applications?
Operating systems, utilities, drivers, and Application Program Interfaces (APIs).
Why is infrastructure security important for application security?
Applications run on hardware and networks, making their security dependent on the security of these underlying elements.
What infrastructure management areas are relevant to security?
Management of networks, storage, and database interfaces.
What challenge arises when dealing with older systems?
Integration with legacy systems.
Besides software, what other components need to be secure for system security?
Hardware, the network, databases, and physical security.
What is meant by the ‘attack surface’?
All the possible points or vectors through which software could be attacked or compromised.
List some examples of elements that make up a software’s attack surface.
Implementation methods, vendor/administrator accounts, networks, wireless communications, unused features, connected systems.
Can connecting to external services (like advertisers) create risks?
Yes, if the external service provider is compromised, it can lead to the compromise of systems connected to it.
What are the two broad categories used to classify threats?
Internal and external threats.
What are examples of internal threats?
Mistakes (user or admin), software bugs, software flaws, unhappy/malicious employees, system misconfigurations.
What is the difference between a software bug and a software flaw?
A bug is a syntactical problem (error in the code itself), while a flaw is a semantic problem (error in the logic of the software).
What common internal issue was cited as a major cause of past breaches?
Mistakes made by IT departments or administrators, such as misconfiguring systems or leaving accounts unprotected.
Who are some examples of external human attackers?
Hackers, criminals, agents engaged in espionage, and hacktivists.
What are common motivations for external attackers?
Financial gain (e.g., ransomware), ego/recognition, espionage, or advancing a specific ideology (hacktivism).
What is malware?
Software specifically written with the intention to do harm.
How does malware differ fundamentally from a software bug?
Malware is created with malicious intent, whereas a bug is an unintentional mistake in the code or logic.
Name several types of malware mentioned.
Viruses, worms, logic bombs, ransomware, Trojan horses, rootkits, Remote Access Trojans (RATs).
How does a Trojan horse typically work?
It disguises malicious code within seemingly legitimate or desirable software (like a game or utility) that a user downloads.
What is the primary goal of a rootkit?
To gain root-level (administrator or highest privilege) access to a system, allowing full control.
What is a botnet?
A network of robotically-controlled, compromised computers.
What are botnets commonly used for?
Launching denial-of-service attacks, distributing spam, and potentially other coordinated malicious activities.
What are examples of operational attack vectors mentioned?
Compromising tools used for remote meetings or learning systems; using social media to spread malicious links or spam.
What does APT stand for?
Advanced Persistent Threat.
What characterizes an APT?
Attackers are highly skilled, persistent (determined and don’t give up easily), and pose a significant threat.
Who typically perpetrates APTs?
Historically state-sponsored groups, but now also includes sophisticated criminal organizations.
What is the suggested approach for dealing with determined APTs?
Focus on containing and limiting damage, and monitoring systems to detect breaches quickly, as prevention might be impossible.
Are accidental events considered threats?
Yes, if they are unwanted actions that may result in harm to operations or systems.
