ELEC 377 Flashcards
What are the 4 security levels
1) Physical
2) Human
3) Network
4) OS
Which two security levels are outside of OS control
1) Physical
2) Human
What are 3 methods to implement physical security
1) Bios Password
2) Drive encryption (Can be device level or OS level)
3) Limit who has access to hardware
What are some common Human Security attacks
Password Resets
Phishing
Baiting (Free hardware or software that contains viruses)
Tech Support callbacks
Fake services
What is the CIA of system security
C - Confidentiality
I - Integrity
A - Availability
What are confidentiality issues in system security
Issues that stem from data problems, such as unauthorized disclosure of data, personal information, corporate R&D, financials or government information
What are integrity issues in system security
Modification of data such as balances on a credit card, or system modification, such as backdoor servers or software
What are availability issues in system security
Unauthorized use (leads to loss of CPU cycles)
Denial of service, or a change of password
Describe: Encryption at rest
Data in long term memory ie on a disk or hard drive is encrypted, and only decrypted when in use.
What is application security
Security regarding applications a user installs. Applications may be vulnerable, or may be malicious. These attacks can be prevented by encryption at rest
Security is?
Pervasive. Needs to be taken seriously by entire organization, or vulnerabilities will arise.
What is a stack overflow attack
Binary code is written into a buffer, overwriting the return address to point to the buffer, executing that code
What is the two types of Call/Return
intel/PPC/ZOS - Push return address to stack
ARM/NIOS - store return address in link register. If there are nested calls then push return address to stack
What is a real life example of Stack Overflow attack mentioned in class
BMP attack - stack overflow attack on images
How can we protect against stack overflow
Address Randomization - Logical address of data segment and stack segment change each time the process runs
Executability - Make stack pages not executable
Canary Values - Insert values into stack. If those values have been modified when exiting code we know an error is caused and terminate process
Canary Values
Usually compiler generated. Random value is provided by OS and read into a global value during process startup
What does the Device Driver Interface do?
It presents the devices connected to the programs. Devices are usually abstracted into different class such as SATA or SCSI drives.
What are the two main types of devices discussed in class
1) Character Devices - Move data 1 byte at a time. Mouse, keyboard Modems
2) Block devices - Devices where the minimum unit of transfer is a block. Discs, tapes, network interfaces
What does the /dev directory do
The /dev directory stores device files. Device files can only be created by root. Note that in unix everything is masked as a file
How are files in /dev setup
inode attributes specify the device. There are no data blocks. Major and minor numbers are used to specify drivers and specific devices respectively.
How do Character Device Drivers work
Major numbers connect the device to the driver. There can be multiple files with the same major number and the same or different minors. A process reads and writes to/from the device by reading & writing to/from the device file.
What is the concept of informational security
Informational security is the idea that individual pieces of information reveal nothing, but collectively they reveal private information.
What are some ways informational attacks take place
1) Carefully crafted queries. Asking a specific question that seems harmless but reveals information that may be important.
2) Traffic analysis
What is authentication as discussed in class.
The question of ensuring the person trying to access information or a system is the person they are saying they are.
What are the 3 authentication factors
1) Something you know like a password
2) Something you have like a security fob
3) Something you are like biometrics
What are some specifications of the 2003 NIST password guidlines
1) Use special characters/numbers
2) Periodically change your password
What are some problems with periodic password changes and what is the common time limit on password
4 months. Due to often changing passwords, people will use variants of their old password. This leads to easier password cracking attempts
What were amendments made to the NIST guidelines in 2017
Organizations SHOULD not required arbitrary changes. They SHALL forces a change if there is evidence of a compromise.
They SHOULD not impose composition rules.
They SHALL compare to a list of common words and SHALL reject if the password is deemed weak.
SHOULD permit the paste functionality to facilitate the use of password managers
What are some common problems with passwords and passphrases
1) People use common substitutions that can be easily guessed.
2) People use common words or phrases or significant words/phrases that password crackers can find.
What is the general rule for password guidelines
THE ONLY THING THAT MATTERS IS LENGTH!!!
thats what she said (;
What are some common password vulnerabilities not related to their composition
1) Packet sniffing - unencrypted network protocols can be compromised
2) Account sharing
3) Masquerade - A program that looks like a login screen and steals information.
4) Shoulder Surfing
5) ATM skimming
What are some issues with biometric security
1) External devices can be logged/tracked
2) Biometrics lead to a false sense of security
3) Organizations can make uneducated decisions, or use biometrics for selfish reasons ie recording shoppers in a store.
4) Fake fingers - silicone or gelatin fingers that can mimic the attributes of skin
5) Face masks with photos - can be used to fool bad surveillance systems
6) Biometric systems can reduce anonymity - everyone has photos of everyone else
What is the most recent changes made to the NIST guidelines in 2024
The recommendations from 2017 are not requirements. More multi factor and risk based authentication information is included.
What are some ways websites can verify passwords when logging in, and prevent attacks
1) Store passwords in a secure encrypted
2) rate limiting - do not allow user to enter incorrect password many times in a row
Linux password manger
?
What is the difference between program threats and system threats
Program threats are types of vulnerabilities in programs that may lead to an incident or breach. System threats are the same but apply to systems
What is a common threat implemented
Back Door attack. A hole left by the programmer to allow for an attack. Usually a hard coded number, password or identifier.
How do SUID program attacks work
An SUID program is one that runs with administrator. A security check is made before doing an action then the action is done. The attack switches the action between check and do so the functionality the attacker wants is run with admin privilege.
Why is parameter checking important to prevent program threats
Parameters need to be checked to prevent attackers from passing harmful code through bash scripts, web parameters or SQL injections
Name a few system threats
1) Key loggers - track inputs and sometimes hardware decisions
2) Trojan Horse - program that pretends to do one thing while doing a different thing on the side.
3) Masquerade - Special type of trojan horse. Common examples are login or web site masquerades.
What is the difference between a Virus or Worms
Viruses are sophisticated attacks that usually us a trojan horse to begin their attack. Worms are similar to viruses but they break into other systems and copy themselves onto that system. Viruses need human action to spread
Why is the term metamorphic sometimes used to refer to Viruses and worms
Metamorphic viruses and worms constanly rewrite themselves, by changing lines such as mov eax, 0 to xor eax, eax. This allows them to hide from malware detectors which are signature based.
Describe the process of a smurf attack
Ping packets are sent between systems. An attacker will lie about their IP address and send a global ping packet which will illicit many responses which are returned to the fake IP address which is actually the address of the target. This overwhelms the target system.
What is the difference between a fraggle attack and a smurf attack
A fraggle attack uses echo responses instead of ping responses.
What is Eavesdropping and what is an attempt to prevent it
Eavesdropping is listening in on another users internet traffic. Internet switches are supposed to prevent this however ARP poisoning is a problem
What are 4 types of Network attacks that deny service
1) Smurf
2) Fraggle
3) ICMP
4) XMas tree
What does ARP stand for and what is ARP poisoning.
ARP stands for address resolution protocol, and is man in the middle attack in switched environments. A user can change their MAC address to receive another users messages then pass them back to the other user as if nothing is happening.
How can ARP poisoning be prevented
Logging MAC address changes to prevent sending information after a suspicious change
Describe pharming as mentioned in class
Pharming attack start by compromising a DNS. They will impersonate a website, track information given, then pass the information on to the normal website and use the information later
Define a rootkit as mentioned in class
A Root Kit is software used to hide the evidence of system modification. They were originally used by intruders in Unix system to hide backdoor changes
Is a rootkit an initial vulnerability
No. Rootkits are not how an attacker broke into the system. Sometimes the attacker will patch the attack to prevent the system being taker
How can a RootKit be caught?
Manually search device drivers & parse disk data structures. Then compare the values found to the values the os displays. If there are discrepancies there is something afoot.
