Comp Security- Week 6

Question 1

What is a backdoor/trap door?

Answer 1

A set of instructions designed to bypass the normal authentication mechanism and allow access to the system to anyone who knows it exists

Question 2

Backdoors are classified in two..

Answer 2

Passive malicious: Intentionally left for testing
Active malicious: left for malicious purposes

Question 3

What is spyware?

Answer 3

A malicious program that collects users information without their knowledge
Installed by misleading or exploiting vulnerabilities
Can monitor key strokers, messages, websites visited, take screenshots etc.

Question 4

What is rootkits and what is the two main parts?

Answer 4

1. A method for gaining unauthorized root/administration privligies on a machine usually done by exploiting some flaw in the system owner failed to correct
2. A way to hide its own existence- stealth capabilities clean up log messages and modify commands like ls and ps

Question 5

What is botnets

Answer 5

A malware that can cause distributed DOS
The attacker is called botmaster and control vulnerable devices called zombies/slaves. the idea isnt to harm your device but to use it as a zombie in the army of botnet
Use them with one command to launch an attack on a specific destination

Question 6

Static analysis:

Answer 6

Tools that are useful to see API code that has thousands of lines of code and check for security flaws like buffer overflows and printf vulnerabilities
ex change strcopy to strncopy since n must be smaller than buffer size

Question 7

code review

Answer 7

have people other than the code author look at code and try to find flaws

Question 8

fuzz testing:

Answer 8

Supply completley random data to the object and if it crashes then we know this is a violation to availability and can indicate more serious underlying issues

Question 9

Reverse engineering:

Answer 9

To understand executable file and its functionalities
Gives overview of how it works
Have executable file to get to source file need reverse engineering

Question 10

How do we look for malware?

Answer 10

signature based protection
behavior based protection
checksum

Question 11

Checksum

Answer 11

A way to validate integrity of file and detect change by comparing checksum

Question 12

Signature based protection:

Answer 12

For each virus in list store some signature for it like the infection or payload code
To be able to find signature for malware you find it after malware succeeded but you make a signature to protect your device from future attacks

Question 13

Behavior based protection

Answer 13

looks for suspicious patterns of behavior rather than specific code fragments
only useful post infection

Question 14

false negative and false positive

Answer 14

false neg; fail to identify a threat that is present
false pos; claim a threat is present when its not

Question 15

intrusion detection

Answer 15

monitoring the system or network by looking at events occurring and analyzing these events searching for intrusions

Question 16

intrusion detection system can be classified in two ways:

Answer 16

host based: detect instructions targeting system by analyzing system audit data
network based: detect intrusions on network by looking at transmitted packages