Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IT Security > Lecture 7 > Flashcards

Lecture 7 Flashcards

1
Q

What is Alternate Encodings?

A
  • Has multiple means of encoding
  • Unicode used for internationalisation
  • Uses 16-bit value for characters
  • Uses UTF-8 encodes as 1-4 byte sequences

Canonicalisation

  • Transform input > single, standard, minimal representation
  • Input is compared with single representation of acceptable input values
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How is Numeric Input validated?

A
  • Stored in fixed-sized values
  • 8, 16, 32, 64 bit integers
  • Values can signed or unsigned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Input Fuzzing?

A
  • A software used for input testing randomly generated data
  • Inputs are LARGE
  • Inputs determines that it handles abnormal inputs

Disadvantages:

  • Bugs trigger by other forms of input would be missed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you ensure Machine Language Corresponds to Algorithm?

A
  • Issue ignored by most programmers
  • Requires comparing machine code + original code
  • Slow and difficult ->>>>> EXPENSIVE!!!
  • Very high assurance level ‘EAL 7’ requires CHECKING
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to Correctly use memory?

A
  • Dynamic memory allocation
  • Used to manipulate unknown amounts of data
  • Allocated when needed, released when done
  • No memory left to run >>>> CRASH/HANG
  • Memory leak
  • Memory unavailablity on the heap > memory exhaustion
  • No explicit support in dynamic memory
  • Standard library routines used to _release memory _
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Race condition?

A
  • Synchronisation of accessat the same time”, can lead to loss due to overlapping access/use
  • Two or more threads can access shared data and they try to change it at the same time.
    • Because the thread scheduling algorithm can swap between threads at any time, you don’t know the order in which the threads will attempt to access the shared data.

Example: Withrdrawing money at the same time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Deadlock?

A

Deadlock occurs when there is a conflict of a shared resource

“Waiting for another for who is using the same resource”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Environment Variables?

A
  • Collection of string values that inherits from the parent
  • Affects the way a running process behaves
  • Included in memory
  • Can be modified to pass onto **children **
  • Another source of untrusted program input > Corruption!
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the use of Least Privileges?

A
  • Escalates privileges (Gives attackers privileges)
  • Least privileges (to run programs to complete function)
  • Determines appropriate **user group privileges **(Granted for group or users)
  • Ensures the program only modifies files and directories
  • Runs macros to know that it is from the legitimate user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Root/Administrator Privileges?

A
  • Programs with root privileges are a major target of attackers
  • Provides the highest levels of system access + control
  • Needed to manage access to protect system resources
  • Provides isolation between components
  • Reduces the consequences of security breech in one component
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

System calls and Standard Library Functions

A
  • Programs use system calls and standard library functions for common operations
  • If incorrect behaviour > optimising access to shared resources
  • Services become buffered, resequenced
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How to prevent Race Conditions?

A
  • Programs need to access a common system resource
  • Need synchronisation mechanism
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Lockfile?

A

Process must create and own the lockfile to gain access to shared resource

Concerns:

  • If program ignores the lockfile + shared resource, the system will prevent this
  • Implementation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to Safely use Temporary Files

A
  • Programs use temporary files in shared system area
  • Must be unique, not shared by others
  • Create name using process ID
  • Must be secure + use random names
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Malware Countermeasures?

List the 4 main elements of prevention + Threat mitigation

A

Solution of malware prevention

Four main elements of prevention

  • Policy
  • Awareness
  • Vulnerability Mitigation
  • Threat Mitigation

Threat mitigation options:

  • Detection
  • Identification
  • Removal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Generations of Anti-Virus software

A
  1. First generation: Simple scanners
  • (Requires malware signature to identify the malware
  • Limited detection)
    1. Second generation: Heuristics scanners
  • Uses heuristics rules
  • Integrity checking
    3. Third generation: **Activity Traps**
  • Identifies malware by its actions BEFORE infected programs
    4. Fourth generation: Full-featured protection
17
Q

What is Generic Decryption? List what GD scanner contains

A

Anti-virus detects the complex polymorphic viruses + malware

Run GD scanner which contains:

  • CPU emulator
  • Virus Signature
  • Emulation Control module
18
Q

What is Host-Based Behaviour Blocking Software?

A

A host computer that monitors the program behaviour in real time for malicious action

  • Blocks potential malicious attacks BEFORE it affects the system
  • Blocks software in real-time
19
Q

What are the Two types of monitoring software?

A

Ingres monitors:

  • Located at the border between enterprise network and the internet
  • Technique: look for incoming traffic to unused local IP address

Engress monitors:

  • Located at the engress point of individual LANS + border between the enterprise network + internet

_Monitors traffic signs scanning + suspicious behaviour _

20
Q

What is Worm Countermeasure? What are the 6 defences?

A

Anti-virus can detect + remove it

Worm defences:

  1. Signature-based worm scan filtering
  2. Filter-based worm containment
  3. Payload classification-based worm containment
  4. Threshold random walk, scan detection
  5. Rate limiting
  6. Rate Halting
21
Q

What are the four lines of DOS Attack Defence?

A

Four lines of defence against DDoS attacks:

  1. Attack prevention + pre-emption
    * BEFORE attack
    1. Attack detection + filtering
      • DURING the attack
    2. Attack source and traceback and identification
      • DURING + AFTER the attack
    3. Attack reaction
      • AFTER the attack
22
Q

What is DOS Attack Prevention?

A
  • Block IP directed broadcasts
  • Block suspicious services and combination
  • Manage application attacks with graphical puzzle

CAPATCHA (Completely Automated Public Turning test to tell Computer and Humans Apart –

to distinguish human request

23
Q

How to respond to DOS attacks?

A
  1. Antispofing
  2. Limit filters should be implemented
  3. Ideal for network monitors
  4. IDS to detect notify abnormal traffic patterns
  5. Requires good incident response plan
  6. Contact technical for ISP
  7. How to respond to attack
24
Q

Steps to responding to DOS Attack

A
  • Identify attack

(Capture + analyse packets
Block attack traffic upstream)

  • Have ISP to trace the packet flow back to source
  • Implement a plan (Such as a backup server)
  • Update incident response plan
  • Analyse attack for future response handling

IT Security (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions