Comp Security- Week 6 Flashcards

1
Q

What is a backdoor/trap door?

A

A set of instructions designed to bypass the normal authentication mechanism and allow access to the system to anyone who knows it exists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Backdoors are classified in two..

A

Passive malicious: Intentionally left for testing
Active malicious: left for malicious purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is spyware?

A

A malicious program that collects users information without their knowledge
Installed by misleading or exploiting vulnerabilities
Can monitor key strokers, messages, websites visited, take screenshots etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is rootkits and what is the two main parts?

A
  1. A method for gaining unauthorized root/administration privligies on a machine usually done by exploiting some flaw in the system owner failed to correct
  2. A way to hide its own existence- stealth capabilities clean up log messages and modify commands like ls and ps
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is botnets

A

A malware that can cause distributed DOS
The attacker is called botmaster and control vulnerable devices called zombies/slaves. the idea isnt to harm your device but to use it as a zombie in the army of botnet
Use them with one command to launch an attack on a specific destination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Static analysis:

A

Tools that are useful to see API code that has thousands of lines of code and check for security flaws like buffer overflows and printf vulnerabilities
ex change strcopy to strncopy since n must be smaller than buffer size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

code review

A

have people other than the code author look at code and try to find flaws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

fuzz testing:

A

Supply completley random data to the object and if it crashes then we know this is a violation to availability and can indicate more serious underlying issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Reverse engineering:

A

To understand executable file and its functionalities
Gives overview of how it works
Have executable file to get to source file need reverse engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do we look for malware?

A

signature based protection
behavior based protection
checksum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Checksum

A

A way to validate integrity of file and detect change by comparing checksum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Signature based protection:

A

For each virus in list store some signature for it like the infection or payload code
To be able to find signature for malware you find it after malware succeeded but you make a signature to protect your device from future attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Behavior based protection

A

looks for suspicious patterns of behavior rather than specific code fragments
only useful post infection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

false negative and false positive

A

false neg; fail to identify a threat that is present
false pos; claim a threat is present when its not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

intrusion detection

A

monitoring the system or network by looking at events occurring and analyzing these events searching for intrusions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

intrusion detection system can be classified in two ways:

A

host based: detect instructions targeting system by analyzing system audit data
network based: detect intrusions on network by looking at transmitted packages