Lecture 2

Question 1

What are the 2 types of threats?

Answer 1

1. Malicious software known as “Malware”
2. Intruder is known as “Attacker”

Question 2

What is ​Adware?

Answer 2

Displays popups of advertising downloads when the user is online

Question 3

What is an Attack kit?

Answer 3

A set of tools that generates new malware automatically using a **variety of propagation **

Question 4

What is a Auto-rooter?

Answer 4

Used to break into new machines remotely – to the highest root to gain full access

Question 5

What is Backdoor?

Answer 5

Bypass a normal security check via a compromised system such as using a password

Question 6

What are Downloaders?

Answer 6

Code that installs other items on the machine that is under attack. It is normally included in the malware code which is placed in a compromised system

Question 7

What is Drive-by Download?

Answer 7

Uses a code to compromise a website to exploit a browser vulnerability to attack a client system the website is viewed

Question 8

What is Flooders?

Answer 8

Generating a volume of data to attack a networked computer system by applying DOS attack

Question 9

What is Keyloggers?

Answer 9

captures keystrokes in a compromised system

Question 10

What is a Logic bomb?

Answer 10

A program that is timed to cause harm at a certain point of time. It stays inactive until the time comes.

Question 11

What is a Marco Virus?

Answer 11

1. Uses a set of macro commands used by other programs to perform a sequence of actions automatically.
2. Typically embedded in a document and triggered when it is viewed or run or replicate itself into other documents

Question 12

What is a Mobile code?

Answer 12

A code transferred between systems/across a network in an email, document, file or a website which is executed via a network or a storage device

Question 13

What is Rootkit?

Answer 13

A set of hacker tools used after the attacker had broken into a computer and gained root-access

Question 14

What is Spyware?

Answer 14

• Monitors the user’s activity of your computer
• Aims to gather information about a person or company
• Sent it to another computer.
• Scans the computer for files containing sensitive information

Question 15

What is a Trojan horse?

Answer 15

• Harmless by accessing a user’s computer but secretly infects the computer

Question 16

Classification of Malware

Answer 16

Independent, self-contained = Worms, Trojans and bots

Malware DOES NOT replicate = Trojans and Spam emails

Replicates viruses and worms

Question 17

Propagation mechanisms

Answer 17

1. Infection of existing content by **viruses **
2. Exploit of software vulnerabilities by malware replication from worms or drive-by-downloads
3. Social Enginnering to encourage users to bypass security to Install Trojans to respond to phishing attack

Question 18

What is a Virus?

Answer 18

• Malicious software that replicates itself
• Easily spread through other environments
• When it is attached to an executable program, the virus can secretly execute when the program is run

Finding weakness in OS and Hardware

Question 19

Worm

Answer 19

1. Self-replicates itself via networks rapidly to find sensitive data and converting them into ‘bots’
2. Exploits client/server programs
3. Spread through storage devices (USB, HDDs)

Question 20

What are the 3 Intruder classes?

Answer 20

1. Masquerader: OUTSIDER An ‘unauthorised’ user that pretends to be an identity/legit user to perform such act
2. Misfeasor: INSIDER Legit user that misuse the privileges
3. Clandestine user: EITHER OUTSIDER or INSIDER

Surpasses control to evade auditing and access controls to surpass audit collection

Question 21

Give Examples of intrusion

Answer 21

• Compromise the root remotely
• Damages Web server
• Guess/crack passwords
• Copy database containing credit card details
• Viewing sensitive data without authorisation
• Use unsecured modem to access internal network
• **Use unattended workstation **

Question 22

What is a hacker?

Answer 22

• Motivated to gain access
• Hacking community has been very ‘Strong’ and ‘popular’
• Status is determined by level of competence
• Intruders consume resources and slow performance for legit users
• Uses Virtual Private Network (VPN)

Question 23

What are the attacker motivations?

Answer 23

1. Hobbyists: Crackers and experts whose main motivation is the intellectual challenge of breaking into a system
2. Financial gain
3. Political: Nation state
4. Military/Strategy: nation state actors
5. Psychological: Causing doubt in population

Question 24

Examples of Attacks

Answer 24

DOS
Distributed denial of service
Cross side scripting attacks
Buffer over flow attacks

Question 25

What is a Denial of Service?

Answer 25

• Interruption that floods the traffic of the network that prevent legit users from accessing information and services
• Blocks users from the websites they visit regularly: email, online accounts, online banking and other websites

Question 26

What are the types of resources in by DOS attacks?

Answer 26

1. Network bandwidth: The speed + capacity of a network connection that is consumed
2. System resource: Aims to crash or overload the handling software
3. Application resources: Involves a number of valid requests each consumes significant resources and limit the ability of the server to respond to requests for users

Question 27

Source Address Spoofing

Answer 27

• Uses forged source addresses
• Makes attacking systems harder to identify
• Generates large volumes of packets that have the target system as the destination address
• Congests the router to lower capacity of the link ->
• Network engineers need to query the flow of information

Question 28

What is SYN Spooling?

Answer 28

• Common DOS attack
• Attacks the ability of the server to damage the future connection requests
• Legit users denied access to the server

Question 29

What is Flooding Attack?

Answer 29

**Overloads **the capacity of the server of:

• ICMP flood
• UDP (PORT number on target system)
• TCP SYN

Question 30

What are the broad categories of pay loads?

Answer 30

1. Corruption of the system or data
2. Theft of service to make the system a zombie agent of attack
3. **Theft of information **from the system
4. **Hiding **the presence of the system