Identifying Security Threats And Vulnerabilities 2 Flashcards
0
Q
List types of social engineering
A
Spoofing. Impersonation. Hoax. Phishing. Vishing. Whaling. URL hijacking. Spam & slim. Shoulder surfing. Dumpster diving. Tailgating.
1
Q
What is a social engineer attack
A
A type of attack that uses deception to trick users into providing sensitive data or violating security guidelines.
2
Q
Spoofing
A
Human based or software based social engineering attack. Goal is to pretend to be someone else for identity concealment. Can occur in IP Addresses, MAC Addresses, and email.
3
Q
Impersonation
A
Human based social engineering attack where attacker pretends to be someone they are not. Successful in situations where identity cannot easily be established
4
Q
Hoax
A
Email based or web based social engineering attack. Intended to trick the user to perform undesired actions or give up important information or money.
5
Q
Phishing
A
Email based social engineering attack where attacker sends an email that seems to come from a respected institution. Wants the user to provide private information to verify an account.
6
Q
Spear phishing
A
Email based social engineering attack targeting specific individuals or institutions
7
Q
Pharming
A
Similar to phishing social engineering attack but redirects a request for a website to a similar but fake site
8
Q
Vishing
A
Human based social engineering attack where the goal is to extract personal private information using the phone system IP based voice messaging services such as VoIP
9
Q
Whaling
A
social engineering attack a form of spear phishing that targets individuals of great wealth
10
Q
URL hijacking
A
Also called typo squatting. Exploits typos that users sometimes make when entering a URL into a browser
11
Q
Spam and slim
A
social engineering Email based threat where the users inbox is flooded with emails that carry advertising material for products. Can sometimes deliver viruses or malware.
Slim attack is Similar to spam done through instant messaging
12
Q
Shoulder surfing
A
social engineering attack where an attacker looks over shoulder to get passwords and PIN numbers
13
Q
Dumpster diving
A
Social engineering attack where the goal is to get private information by inspecting the trash
14
Q
Tailgating
A
Also called piggy backing. Human based social engineering attack where the attacker follows an employee through a secure area.
15
Q
What is a white hat hacker
A
Discovers and exposes security flaws in apps and OSs so that manufacturers can fix them Geoffrey becoming wide spread. Aka ethical hack
16
Q
What is a black hat hacker
A
Discovers and exposes security flaws for financial gain or malicious purpose.
17
Q
What is a grey hat hacker
A
Discovers and publicizes security problems without the permission or knowledge of an organization. Moral intent is in question.
18
Q
Why does social engineering work
A
Common and therefore successful. Exploits basic human trust, thought processes and behavior. Takes advantage of users who aren’t thinking critically or the human need to want to belong to groups and defer actions to the wisdom of crowds. The weakest link can compromise an entire system
19
Q
Categories of attackers
A
Malicious insider Electronic activists Data thief Script kiddie Electronic vandal Cyberterrorist
20
Q
A malicious insider threat is
A
A threat originating from an employee in an organization who performs malicious acts. Fueled by resentment motivated by financial gain
21
Q
Electronic activist or hacktivist
A
Motivated by a desire to cause social change or promoting a message by replacing the info on public websites. Cause damage to organizations deemed socially irresponsible or unworthy
22
Q
Data thief
A
Blatantly steals resources or confidential information for personal or financial gain. Covers their tracks to avoid detection. Exploits unauthorized access or acts in collusion with a disgruntled employee
23
Q
Script kiddie
A
Aka Novice attacker has limited technical knowledge and motivated to gain and display skill
24
Electronic vandal
Attacker wants to cause as much damage as possible
25
Cyberterrorist
Attacker tries to disrupt computer systems to spread fear and panic.
26
Basic explanation of malware
Most prevalent threat to computers. Is insidious and difficult to remove. A collection of different methods that can exploit vulnerabilities in your information security.
27
A malicious code attack
A type of software attack where undesired software or malware is Inserted into a target system
28
What are some potential uses of malicious code
Denial of Service (DOS) attacks
Hosting illicit or illegal data
Skimming personal or business info for identity theft, profit, or extortion
Displaying unsolicited ads
29
A virus is
A piece of code that spread from one computer to another by attaching itself to other files through self replication. Code executes when the attached file is opened and interferes with the functioning of the machine.
30
What is a worm
Malware that replicates itself across the infected system. Does not attach itself to files. Intended to interrupt network capabilities. Primary function is to spread and cripple network bandwidth
31
What is adware
Malware that automatically displays or downloads unsolicited advertising when used. Appears as browser pop ups. Have been associated with spyware. Reduces productivity by slowing down systems.
32
What is spyware
Malicious software intended to track and report the usage of a target system or collect other data.
33
What is a Trojan horse
Or simply a Trojan is hidden malware that causes damage to a system or gives an attacker a platform for monitoring and controlling a system. Do not replicate themselves or attach to files. Usually propagated by social engineering when users download an email or program
34
What is a rootkit
Malware code that is intended to take full or partial control of a system at the lowest levels. Hide themselves from monitoring or detection and modify low level system files when integrating into system. most install backdoors or spyware,
35
What is a logic bomb
A malware piece of code that sits dormant on a target computer until it is triggered by a specific event. When detonates performs the programmed actions often includes erasing or corrupting data on target system.
36
What is a botnet
A set of computers that have been infected by a control program called a bot that enables attackers to exploit those computers to mount attacks. These infected machines are referred to as zombies or drones. Used to coordinate DoS attacks, send spam email and mine for private info.
37
What is ransomware
Malware in which an attacker infects a victims computer with code that restricts access to the to computer and the data on it. Then the attacker demands ransom with the threat of destroying the data.
38
Polymorphic malware
Encrypted viruses that infect files with an encrypted copy of itself. The decryption module is altered each time the virus infects a file.
39
What is an armored virus
Virus attempts to trick or shield themselves from antivirus software. Virus is able to obscure it's true location in a system
40
A software attack is
Any attack against software resources. Goal is to disrupt or disable the software running on the target system
41
A password attack is
Attacker attempts to obtain and make use of passwords illegitimately.
42
Types of password attacks
```
Guessing
Stealing
Dictionary attack
Brute force attack
Rainbow tables
Hybrid password attack
Birthday attack
```
43
Guessing password attack is
Making individual repeated attempts to guess a password by entering different common password values
44
Brute force password attacks uses
Attacker uses password cracking software to attempt every possible alphanumeric combination. Most effective at cracking short passwords.
45
Rainbow tables password attacks
Sets of related plaintext passwords and their hashes. Executed by comparing the target password hash to the password hashes stored in the tables then work backward to determine a girls password from known hash
46
Backdoors attacks are
Type of software attack where an attacker creates software mechanism called backdoors to gain access to a computer. Typically delivered through a Trojan horse or other malware
47
Takeover attacks
Backdoors attacks can be the first step in which an attacker assumes complete control over a system.
48
Application attacks
Software attacks that are targeted at web based and other client server applications. Can lead to an authentication breach, customer impersonation, info disclosure, source code disclosure or tampering.
49
A client side attack
An application attack that specifically exploits the trust between a user and a server.
50
List types of application attacks
```
Cross-site scripting XSS
Command injection attacks
Zero day exploit
Cookie manipulation
Locally shared object LSO
Attachment attack
Malicious add-on
Header manipulation
Buffer overflow
Integer overflow
Arbitrary code execution
```
51
Four types of command injection attacks
SQL injection
LDAP injection
XML injection
Directory reversal
52
SQL injection attack
Command injection attack that inject a structured query language SQL into the input data intended for the server by accessing the client side of the application. Exploits and reads or modifies data in the database or executes admin operations.
53
LDAP injection attack
Command injection attack they targets web based applications by fabricating Lightweight Directory Access Protocol statements created by user input
54
XML injection attack
Command injection attack that injects corrupted eXtensible Markup Language query data so an attacker can gain access to the XML data structure
55
Directory traversal attack
A command injection attack that allows access to commands, files, and directories connected to the web document root directory. Affects http based interface
56
Zero day exploit application attack
An attacks that occurs whe on the security level of a system is at its lowest immediately after the discovery of a vulnerability
57
Cookie manipulation application attack
Attack injects a meta tag in an HTTP header making it possible to modify s cookie stored in a browser
58
Locally shared object LSO application attacks
Aka flash cookies. Are data that is stored on a users computer by websites that use Adobe flash player. Even after wiping the browser it can remain
59
Attachment application attack.
An attack where the attacker can merge malicious software into a downloadable file on a web server
60
Malicious add on application attack
An add on that is meant to look normal except when Installed malicious content is injected to target security loop holes present in the web browser
61
Header manipulation application attack
Am attack in which data goes past the boundary of the destination buffer and corrupts adjacent memory. Causes app to crash and reboot
62
Integer overflow application attacks
An attack which a computed result is too large to fit its assigned storage space and may trigger a buffer overflow
63
Arbitrary code execution application attack
Aka remote code execution. Exploits application vulnerabilities by allowing an attacker to execute any command on a victims machine.
64
TCP/IP basics
Transmission Control Protocol/Internet Protocol
Standard network protocol used
Is a layered suite of many protocols
By adding header info to the data in a network packet a protocol at a given layer on the sending host can communicate with the protocol at the corresponding layer at the receiving host.
65
The logical end points of a connection between hosts are called
Ports
66
Each host on a TCP/IP network receives ______ & _______
Receives a numeric address and a descriptive address
67
TCP/IP layers
Network interface / data link layer
Internet layer
Transport layer
Application layer
68
Describe the network interface/data link layer of TCP/IP
Enables the network software to transmit data on the physical network via the network adapter cards and network media.
Major protocol is Ethernet and wireless specs
69
Describe the Internet layer of TCP/IP
Provides addressing, naming and routing
Major protocols: IP manages numeric host addresses across the Internet.
DHCP dynamic host configuration protocol manages automatic address assignment
ICMP Internet control message protocol
Test for communication between devices and sends error messages when network function is unavailable
70
Describe the transport layer of TCP/IP
Provides connection and communication services.
Major protocols:
TCP Transmission Control Protocol
A connection oriented guaranteed delivery protocol. Waits for ACK (acknowledgement) and fixes errors when possible
UDP user datagram protocol
Ensures the consistent transmission of data packets or datagrams by bypassing error checking
71
Describe the application layer of TCP/IP
Provides utilities that enable client applications on an individual system to access the networking software.
Major protocols:
NetBIOS. Network basic input output system. A simple broadcast based naming service
Sockets. A piece of software within an operating system that connects an application with a network protocol so that the application can request network services from the os
FTP. File transfer protocol. Enables the transfer of files between a users workstation and a remote host over a TCP network.
72
A port scanning attack is
Network attack where a potential attacker scans the devices connected to the Internet to see which TCP and UDP ports are listening and which services on the system are active.
73
An eavesdropping attack is
Also called sniffing attack uses special monitoring software to gain access to private network communications. Can be done on wired and wireless networks. Hard to detect
74
Man In the middle attack is
A form of eavesdropping where the attacker makes an independent connection between two victims and relays info between the two as if they are directly talking over closed connection but in fact the attacker is controlling the info that travels between the two victims.
75
A replay attack is
A network attack where an attacker captures network traffic and store it for retransmitting at a later time to gain unauthorized access to a specific host/network.
76
Types of social network attacks
```
Evil twin attack and account phishing
Drive-by download
Clickjacking
Password stealer
Spamming
```
77
Describe an evil twin attack
An attack in a social networking site where an attacker creates a social network account to impersonate a genuine user. Then users add the attacker account as a friend and has access to personal details etc.
78
Describe drive-by download
A program thats automatically installed on a computer when a user accesses a malicious site
79
Describe clickjacking
A social network attack that tricks a user into clicking an unintended link. Uses a combo of visible and invisible HTML frames to fool the user into thinking they are clicking what's visible. The invisible link is layered on top of or beneath the visible from
80
Describe password stealer attack
A social network attack where software is installed on a system and captures all the passwords and user names entered into the messaging app or social network site which is sent to the attacker
81
Describe spamming attack
In social networking refers to sending unsolicited bulk messages in a social network site
82
What is DoS attack
A denial of service attack a network attack where an attacker disrupts or disables systems that provide network services.
Includes flooding link to consume bandwidth
Exploit known flaws
Sending multiple service requests
Flooding email inbox
83
What is a DDoS attack
A distributed denial of service attack a type of DoS attack that uses multiple computers in disparate networks to launch the attack simultaneously. Computers turned into zombies or drones to carry out attack
84
Types of DoS attacks
```
ICMP flood
UDP Flood
SYN flood
Buffer overflow
Reflected DoS attack
Permanent DoS attack
```
85
Describe ICMP flood attack
DoS attack based on sending high volumes of ICMP pings packets to a target. Aka smurf attacks and ping floods.
86
Describe UDP flood attack
DoS attack that overwhelms the target with UDP ping requests
87
Describe SYN flood attack
DoS attack sends countless requests for a TCP connection (SYN messages) to an FTP server, web server attached to the Internet. Target server will stop responding to legitimate request because memory resources are flooded with incomplete TCP connections
88
Buffer overflow attack
DoS attack where too much data is fed into a fixed length memory buffer resulting in adjacent areas of memory being overwritten. Or when an excessive amount of incomplete Fragmented traffic on a network.
89
Describe reflected DoS attack
DoS or DDoS attack where a forged source IP address is used when sending requests to a large number of computer. Causes those systems to send a reply to the target system causing a DoS condition
90
Describe permanent DoS attack
Also called phlashing. Targets the actual hardware of a system to prevent the victim from recovering from denial of service. Forces repair or replace the hardware.
91
What is a session hijacking attack
Exploits a computer in session to obtain unauthorized access to an organizations network or services. Involves stealing an active session cookie used to authenticate a user to a remote server and use that to control the session
92
What is a P2P attack
Peer to peer attack launched by malware propagating through P2P networks. These networks typically share command and control architecture making detection more difficult.
93
What is ARP poisoning
Address Resolution Protocol individual hardware addresses are matched to an IP address on a network. Poisoning or ARP spoofing occurs when an attacker redirects an IP address to the MAC address of an unintended computer
94
What is a transitive access attack
The access given to certain members in an organization to use data in a system without needing to authenticate themselves. The list of members with this access is usually in a host file. An attack accesses the list and takes advantage of access given to steal or destroy data in a system. Attacks from the client side of a network
95
What are the two DNS vulnerabilities
DNS poisoning. Exploits the open nature of DNS system to redirect a domain name to an IP address of the attackers choosing
DNS hijacking. An attacker sets up a rogue DNA server to respond to legitimate requests with IP Addresses to malicious or non existent websites.
96
What is wireless security
Any method of securing wireless LAN network to prevent unauthorized network access and network data theft. Wireless networks are more vulnerable to attacks. Wireless transmission can be scanned or sniffed out of the air so use relevant security protocols to avoid
97
What is a rogue access point
An unauthorized wireless access point on a network. Not easily detected and can allow private network access to unauthorized users. Can allow man in the middle attacks. Protect from by installing IDS.
98
Describe evil twins in wireless networking attack
Access points on a wireless network that fool users into believing they are legitimate by having similar names as trusted ones. Typically found in public Wi-Fi hotspots and connect from available networks on a lost. More dangerous than rogue access points
99
What is jamming in terms of wireless wireless networking
Also called interference. An attack where radio waves disrupts 802.11 wireless signals. Causes the 802.11 signals to wait before transmitting and the wait can be indefinite. Attackers my use radio Transceiver to intercept transmission and inject jamming packets
100
What is bluejacking
Attack sends out unwanted Bluetooth signals from Bluetooth enabled devices. Close range attack that sends out unsolicited messages along with images and video. Can lead to device malfunctions through viruses and Trojan horses.
101
What is bluesnarfing
Attacker gain access to unauthorized information on a wireless device using Bluetooth transmission. Exploits private information, email messages, images and video
102
What is a near field communication (NFC) attack
NFC is a standard of communication between mobile devices in close proximity. An attacker could eavesdrop on the RF signals emitted and corrupt data as it is being transferred by flooding the area with excess of RF signals
103
What is war driving
Locate wireless access points while traveling to obtain unauthorized Internet access and steal data. Can be automated using GPS and software
104
What is ear chalking
Using symbols to mark off sidewalks or walks to indicate open wireless network offering Internet access.
105
What is an IV attack
An initialization vector is a number added to a key that constantly changes in order to prevent identical text from producing the same ciphertext upon encryption. An attack allows the attacker to predict or control the initialization vector to bypass
106
What is packet sniffing
Used as an attack on wireless networks where an attacker captures data and registers data flow to be analyzed to launch a more effective attack on a network. In the benign form helps an organization monitor their own network against attackers
107
Describe wireless replay attacks
Weak or no encryption on a wireless network allows attacker to capture packers and replay them to manipulate data stream
108
Describe sinkhole attacks
Takes advantage of routing on a wireless network by creating a single node through which traffic is funneled. Tricks other nodes into redirecting their traffic. Attackers can intercept data packets and slow a network.
109
List some environmental threats and vulnerabilities
```
Fire
Hurricanes and tornadoes
Flood
Extreme temperature
Extreme humidity
```
110
Describe WEP attack
Wired Equivalent Privacy algorithm was the earliest way to secure wireless networks. Used a stream bit cipher to encrypt data and relied on IV to randomize identical strings of text. Extremely vulnerable to IV attack. Should not be used
111
Describe WPA/WPA2 attacks
Superseded WEP. Wi-Fi Protected Access protocol. Generates 128 bit key for each packet. Uses RC4 stream cipher. WPA2 uses AES block cipher for encryption. If secured with Weak passwords are susceptible to brute force password cracking attacks. Allows attacker to inject malicious packets into the wireless data stream.
112
What is a WPS attack
The Wi-Fi Protected setup feature is a flaw in WPA & WPA2. Was intended to strengthen wireless security encryption but can be cracked easily
113
Physical security refers to
The implementation and practice of control mechanisms intended to restrict physical access to facilities. Challenged by facility intrusions, electrical grid failures, fire, personnel illness and data network interruptions.
114
List four physical security threats
Internal
External
Natural
Man made
115
What is a hardware attack
An attack that targets a computers physical components and peripherals.destruction of hardware. Theft of data. Disrupts and causes loss
116
What is Keylogging attacks
Hardware attack that captures sensitive data with a variety of software or hardware like keyghost or key grabber
