GCGA Ch. 7 Protecting Against Advanced Attacks Flashcards
DDoS attacks
Denial of Service (DoS) attacks from multiple computers. Distributed Denial of Service (DDoS) attacks typically include sustained, abnormally high network traffic, high processor usage, or high memory usage resulting in resource exhaustion.
Major variants of DDoS attacks
include reflected attacks, which involve using third-party servers to redirect traffic to the target, and amplified attacks, which combine reflection techniques with amplification to generate an even greater volume of traffic directed at the target.
Forgery attacks
occur when an attacker creates a fake identity, certificate, file, or other object in an attempt to fool an unsuspecting user or system. Spoofing is an example of forgery that occurs when one person or entity impersonates or masquerades as someone or something else.
On-path attacks
a form of interception or active eavesdropping. Sophisticated on-path attacks establish secure channels and users may see certificate warnings indicating an on-path attack. SSH will give users a warning if it detects a man-in-the-middle attack.
Secure Sockets Layer (SSL) stripping
an on-path attack that attempts to convert encrypted HTTPS sessions into unencrypted HTTP sessions.
DNS poisoning attacks
corrupt or modify DNS data stored on a DNS server and can redirect users to malicious sites. A pharming attack attempts to manipulate the DNS name resolution process by storing incorrect DNS records on a client system.
URL redirection
causes a web browser to go to a different URL when a user visits a website.
Domain hijacking attacks
allow an attacker to change a domain name registration without permission from the owner. Owners learn of the hijack after they’ve lost access to the site.
Replay attacks
capture data in a session. After manipulating the capture, they send it back on the network as a session replay. Timestamps and sequence numbers thwart replay attacks.
Input validation
A common coding error in web-based applications is the lack of input validation. Input validation checks the data before passing it to the application and prevents many types of attacks, including buffer overflow, SQL injection, command injection, and cross-site scripting attacks.
Server-side input validation
the most secure. Attackers can bypass client-side input validation but not server-side input validation. It is common to use both.
Race conditions
allow two processes to access the same data at the same time, causing inconsistent results. Problems can be avoided by locking data before accessing it.
Error-handling
Error-handling routines within applications can prevent application failures and protect the integrity of the operating systems. Error messages shown to users should be generic, but the application should log detailed information on the error.
Code signing
uses a digital signature within a certificate to authenticate and validate software code.
Code quality and testing techniques
include static code analysis, dynamic analysis (such as fuzzing), stress testing, sandboxing, and model verification.
SQL injection attacks
provide information about a database and can allow an attacker to read, modify, and delete data within a database. They commonly use the phrase ‘ or 1=1 to trick the database server into providing information. Input validation and stored procedures provide the best protection against SQL injection attacks.
Secure cookies
have an attribute set that instructs web browsers to only send them over encrypted connections, protecting them from eavesdropping attacks.
Buffer overflow
occurs when an application receives more input, or different input, than it expects. The result is an error that exposes system memory that would otherwise be protected and inaccessible.
Directory traversal
a type of injection attack that attempts to access a file by including the full directory path or traversing the directory structure on a computer.
XSS
Cross-site scripting (XSS) is a web application vulnerability that allows attackers to inject scripts into webpages
Automation and orchestration techniques
allow IT and security teams to streamline processes, minimize human error, and ensure a consistent approach to managing various security-related tasks.
Common use cases for automation and scripting in security operations
user provisioning, resource provisioning, guardrails, security groups, ticket creation, escalation, enabling/disabling services and access, continuous integration and testing, and the use of APIs to create integrations.
The key benefits of automation and scripting in security operations & considerations
include improved efficiency and time saving, consistent enforcement of baselines, standardized infrastructure configurations, secure scaling, increased employee retention, faster reaction times, and serving as a workforce multiplier. When implementing automation and scripting in security operations, it is essential to consider the potential complexity, cost, single points of failure, technical debt, and ongoing supportability to ensure long-term success and maintainability.
