L4 Malicious Software and Application Attacks Flashcards
Name a few different types of attacks
Passive
Active
Insider
Outsider
What is a passive attack?
An attempt to learn or make use of information from the system that does not affect the system resources.
What is a active attack?
An attempt to alter the system resources or affect their operation.
What is an insider attack?
An attack initiated by an entitiy inside the security perimeter, an inside attack.
What is a outsider attack?
An attack initiated by an entity outside the security perimeter.
What is an Attack tree?
Is an branching, hierarchical data structure that represent a set of potential techniques for exploting security vulnerabilities.
What is Malware?
a program that is inserted into a system, usually without the owner of the system knowing it. With the intent of compromising the CIA of the victims data, applications or operating system. Or otherwise annoying or disrupting the victim.
What types of malware are there?
- Viruses
- Worms
- Trojan horses
- Logic bombs
- etc.
What is a virus?
- Is a piece of malicious code replicating itself by attaching to another piece of executable code.
- When the executuble code is run, the virus is also executed and has the oportunity to infect and perform any other nefarious actions it was intended to do.
What is a worm?
- Is a piece of code that attempts to penetrate networks and computer systems
- When the worm penetrates it copies itself on the penetrated system.
- A worm doesn’t have to rely on the attachement to another piece of code as a virus would have to.
What is the difference in the lifcycle of a worm when compared to a virus?
A worm can survive on it’s own, whereas a virus code has to attach itself to something else.
What is a Trojan horse?
- Is a piece of software that appears to do a thing, and may even do it in order to hide other functionality.
What is a challenge with a Trojan horse?
The attacker have to somehow entice the intended victim to copy and run the program.
What is the difference in the lifcycle of a trojan when compared to a virus?
Unlike the virus which has to copy itself by attaching to other files or programs the trojan is a standalone program that must be copied and installed by the victims.
What is a logic bomb?
- It’s a type of mailcious software that is deliberately installed, often by a authorized user and in particular by administrators.
- Logic bombs difficult to detect.
What is the difference in the lifcycle of a Logic bomb when compared to other malware?
A logic bomb is a piece of code that sits dormant for a period for time until som kind of event invokes its malicous payloud.
What is a buffer overflow
Is an attack where input is placed into a buffer or data holding area, filling it more than it has the capacity too handle, in turn overwriting information. At this time attackers exploit the condition to crash the system or place specifically crafted code which could allow them to gain control of the system.
What is a scripting attack?
Is an attack where additional commands are hidden inside the user input. The usual intent is to provide the attacked with unauthorized or create damage to websites.
What makes a system vulnerable to scripting attacks?
Where the user input is unvalidated.
Examples:
* Adding - - to user input at the end may leave a database open to attacks, because code is commented out and your own code can be added in.
What is an SQL injection attack?
- SQL commands are placed between single quotes.
- E.g SELECT * FROM client WHERE name = ‘Bob’ OR 1=1 – ‘
- A legal username is inserted into the query, but because name = Bob OR 1=1 is TRUE the entire client table is selected.
