ISC2 - Study Notes 13

Question 1

attempts to gather information on specific computers, such as what protocols are running on the system or what specific functions the server performs. In contrast, a reconnaissance attack is a broad-based attack that attempts to identify systems on a network. For example, a ping sweep can identify computers based on their response to ping requests. A port scan on these computers provides more information on them.

Answer 1

Fingerprinting attack

Question 2

an attacker performs a large number of minor actions that likely won’t be noticed or reported but collectively can add up to big gains.

Answer 2

Salami Attack

Question 3

is another sophisticated attack where an attacker captures information from an ongoing TCP/IP session and attempts to take over the session by impersonating one of the parties. Such an attack is possible with HTTP sessions where cookies are used.

Answer 3

Session Hijacking

Question 4

DNS servers also have a cache. When one DNS server queries another DNS server to resolve a host name to an IP address, the DNS server receiving the response stores it in its cache. If the cache on the DNS server has been poisoned, the DNS server will send the incorrect IP address to any system that queries it. Attackers sometimes try to redirect traffic to malicious sites.

Answer 4

Info

Question 5

attack broadcasts ICMP ping packets to multiple computers on a network but spoofs the source address using the IP address of the attacked system. An ICMP packet normally includes the IP address of the sender in the source IP address field. However, by replacing the IP address with the victim’s IP address, the ICMP packet appears to come from the victim’s computer.

Answer 5

Smurf

Question 6

attack is similar to the smurf attack, but instead of using ICMP packets, it uses User Datagram Protocol (UDP) packets for the attack.

Answer 6

Fraggle

Question 7

use input validation to check user input before using the data. Input validation often checks for specific characters such as < and > to prevent cross-site scripting attacks and can help prevent buffer overflow attacks.

Answer 7

Applications

Question 8

client side and/or on the server side. With client-side input validation, the web page includes embedded code that validates the user input. If the user enters incorrect data, the code within the web page validates it and modifies the display to let the user know the data isn’t valid.

Server-side input validation validates the data when the server receives it. If the input is invalid, the server rebuilds the web page and sends it back to the client, typically with a message indicating what the user needs to correct.

Answer 8

Info

Question 9

attempts to discover vulnerabilities with an application before an organization releases it. ??? also include a review of the source code.

Answer 9

Application Review

Question 10

or digitally signing software, provides security for the organization hosting a website by associating a certificate with the software. It also provides users with assurances of who wrote the software and that the software has not lost integrity.

Answer 10

Code Signing