Domain 3: System Vulnerabilities Flashcards
Method that is used to pass info over a path that is not normally used for communication
Covert Channels
Shortcut in a system that allows a user to bypass security checks, such as username/password
Backdoor
Backdoor installed by developers to bypass normal system checks during development such as authentication
Maintenance hooks
- Virus written macro language
- i.e. Microsoft Office
Macro Virus
Virus that infects the boot sector of a PC, which ensures that the virus loads upon system startup
Boot Sector Virus
Virus that changes itself from the OS and other protective software i.e. antivirus software
Stealth Virus
Virus that changes its signature upon infection of a new system, attempting to evade signature based antivirus software
Polymorphic Virus
Virus that spreads via multiple vectors
Multipartite Virus
Malware that self-propagates
Worms
Malware disguised as a legitimate program
Trojans
Malware that replaces portions of the kernel and/or OS
Rootkits
- Neutral technology used to shrink the size of executables
- Often used in malware to evade signature-based malware detection
Packers
- Malware that is triggered when a logical condition is met
- i.e. after a set number of transactions, or on a specific data
Logic bombs
Antivirus that uses static signatures of known malware
Signature-based antivirus
Anomaly-based detection used to identify behavioral characteristics of malware
Heuristic-based antivirus
Attacks launched directly from an attacker (the client) to a listening service
Server-side attacks
Attack that initiates from the victim who downloads content from the attacker
Client-side attacks
- Small pieces of mobile code that are embedded on other software such as web browsers
- Programming languages Java and ActiveX
Applets
Applets that are in a sandbox which segregates the code from the OS
Java
- Applets that use digital certificates to provide security
- Only works on Windows OS
ActiveX
Provides consensus guidance on what are considered to be the 10 most significant application security risks
Open Web Application Security Project (OWASP) Top 10 Project
Language used to store application configuration and output from auditing tools
Extensible Markup Language (XML)
- Reduces application architecture down to a functional unit of service
- Service can be used and reused throughout an organization rather than built within each individual application
Service-Orientated Architecture (SOA)
- Allows two different objects to have the same name
- i.e. Two rows may have the same primary key, but different data
Polyinstantiation
- Happens when a user is able to use lower-level access to learn restricted information
- Requires clues (first word)
- Mathematical process (second word)
Inference and aggregation
Searches large amounts of data to determine patterns
Data Mining
Control that restricts the use of mobile devices via policy
Administrative controls
Controls installed on mobile devices to mitigate infections
Technical controls
- Access control vulnerability that involves theft of data by capturing electromagnetic leaks
- Mitigated by enclosing cable in metal shielding or conduit certain types of antennas are resistant also
Emanations
Program between the US and UK that mitigates electromagnetic leaks
TEMPEST
- Denial of Service (DoS) attack
- Attacker sends ICMP echo request packets with a spoofed source address.
- Every device that receives a ping request will send an ICMP echo reply to the spoofed source address, which can overwhelm the device at the source address
Smurf
- Denial of Service (DoS) attack
- Attacker sends UDP packets with a spoofed address to a directed broadcast address.
- Each device that receives an UDP broadcasts will send a response to the spoofed address, which can overwhelm the device at the source address
Fraggle
- Denial of Service (DoS) attack
- Attacker uses a malformed IP packet where the source, destination address, and the port are the same.
- When victim at the destination address receives the packet, it can become confused and crash
Local Area Network Denial (LAND)
- Denial of Service (DoS) attack
- Attacker uses several large overlapping IP fragments
- Victim system will attempt to assemble these packets, sometime causing system to crash
Teardrop
Name the three TEMPEST countermeasures used to protect against emanation attacks?
- Faraday cage
- White noise
- Control Zones
- A room, box or entire building with an external metal skin
- Prevents electromagnetic signals (emanations) from exiting or entering the area
- Mobile phones, radio stations television stations do not work inside this area
Faraday cage
- Broadcasts false traffic at all times to mask and hide the presence of real emanations
- Effective when used around the perimeter of an area, it is broadcast outward to protect the internal area where emanations may be needed for normal operations
White noise
Implementation of either a Faraday cage or white noise generation or both to protect a specific area in an environment
Control Zones
Sends oversized ping packets to the victim, causing the victim to freeze, crash, or reboot
Ping-of-death attacks
Use a command and control server to remotely control the zombies to launch attacks on other systems, or to send spam or phishing emails
Bot herders