Computer security and malware

Question 1

Exploit

Answer 1

An exploit is software, code, or technique that takes advantage of a vulnerability in a system, application, or network to compromise its security.

Question 2

Zero-day Vulnerability

Answer 2

A zero-day vulnerability is a software flaw or security weakness that is previously unknown to the software vendor or developer and has not been patched or fixed.

Question 3

Exploiting Unauthorized Access

Answer 3

Exploiting unauthorized access is the act of taking advantage of unauthorized entry into a system to gain privileges or perform malicious activities. It often results from weak passwords or software vulnerabilities. Attackers exploit this access to steal data, disrupt services, or cause harm.

Question 4

Ransomware Attack

Answer 4

Ransomware encrypts files or locks systems, demanding payment for decryption. Spread via phishing emails or malicious links, it renders files unusable until a ransom is paid, typically in cryptocurrency.

Question 5

Rootkit Attack

Answer 5

Rootkits exploit system vulnerabilities to gain unauthorized access. They hide from detection, providing attackers with privileged control to execute commands, steal data, or carry out malicious activities.

Question 6

Patient’s data confidentiality

Answer 6

Encrypting Patient Records
Protect patient data using encryption mechanisms. Only authorized personnel can access sensitive information.

Question 7

Patient’s data integrity

Answer 7

Digital Signatures for Medical Reports
Ensure the integrity of medical records with digital signatures. Documents cannot be altered without detection.

Question 8

Patient’s data availability

Answer 8

Redundant Data Backup Systems
Maintain access to patient data with redundant backups. Minimize downtime in case of system failures.

Question 9

Salted hashing

Answer 9

1. Salt Generation: Generate unique salts for each user.
2. Password Hashing: Hash passwords with salts using a strong algorithm.
3. Storage: Store hashed passwords and salts in the database.
4. Verification: Combine entered passwords with salts, hash, and compare

Question 10

State the source and target of the four main attacks that can happen in a containerised system.

Answer 10

Container Escape Attack:
Source: Malicious code within a container
Target: Host operating system

Privilege Escalation Attack:
Source: Container runtime or container orchestrator.
Target: Compromise other containers.

Denial-of-Service (DoS) Attack:
Source: Outside traffic
Target: Containers or the entire containerized environment.

Container Breakout Attack:
Source: Container runtime
Target: Host operating system

Question 11

Password Decryption Attacks

Answer 11

Bute Force Attack:
Tries every possible combination of characters.
Effective against weak keys or short passwords.
Time-consuming process.

Dictionary Attack:
Uses pre-generated lists of common passwords.
More efficient than brute force.
Successful against weak or commonly used passwords.

Rainbow Table Attack:
Utilizes precomputed tables to map encrypted passwords.
Quickly finds matches if encryption algorithm is known.
Efficient with knowledge of encryption parameters.

Question 12

Application Layer Vulnerabilities

Answer 12

SQL Injection:
Malicious SQL queries injected.
Exploit database weaknesses.

Cross-Site Scripting (XSS):
Malicious scripts injected into web pages.
Exploit input validation flaws.

Question 13

Secure Against Application Layer Vulnerabilities

Answer 13

Validate and sanitize user input.
Use parameterized queries for SQLi protection.
Encode or sanitize input to prevent XSS.
Train developers on secure coding.

Question 14

Security in SDLC

Answer 14

• Identify security requirements.
• Threat modeling and risk assessments
• Integrate security controls and principles into architecture such as authentication and encryption.
• Secure coding practices.
• Code reviews and static analysis.
• Security testing (DAST, SAST).

Question 15

Native vs Web in terms of Confidentiality, Integrity & Accessibility

Answer 15

Fully Native Application:
Confidentiality: Local storage offers better confidentiality but risks unauthorized access if the device is lost.
Integrity: Local data storage provides better integrity but may be compromised if the device is compromised.
Accessibility: Offers offline access but limited accessibility if the device is lost or inaccessible.

Web-Based Application:
Confidentiality: Centralized storage on the server may be more secure, but requires continuous internet connectivity.
Integrity: Relies on server-side security measures, vulnerable to server breaches but less susceptible to local compromises.
Accessibility: Provides ubiquitous access but requires constant internet connection, limiting access in offline environments.