Midterm Flashcards
Threat
Potential dangers to a system’s security
Exploit
Method of attack to cause harm to a system
Vulnerability
Weakness in a system that can be exploited
Controls
Measures implemented to mitigate risks
Motives
Why they do it, money, power, control, fame, etc.
Arms Races
Constant battle between attackers and defenders in the cybersecurity realm. Attackers develop new methods to breach security, defenders respond with countermeasures.
Chicken/Egg
Which should come first; implementing security measures or responding to security threats.
You can’t trust software because its pretty hard to make every single component yourself.
Existence of Absolutes
In computer security nothing is absolute. Vulnerabilities can exist even in the most secure systems, and attackers continuously find new ways to exploit them.
Confidentiality
Ensures that data is only accessible to to authorized users
Integrity
Ensures that data is accurate and unaltered
Availability
Ensures that data is accessible any time when needed
The Three Goals of Cybersecurity
Confidentiality, integrity, and availability
Confidentiality Examples
Encryption, authentication(passwords, biometrics), NDA policy
Integrity Examples
Offline backups, blockchain, digital signatures, hashing
Availability Examples
load balancing, backups, hot sites
SetUid Model
Allows users to execute a program with the permissions of the program’s owner. Useful for programs/tasks that change password or file accesses, without needing to grant them full administrative access.
Purpose of Bounds Checking
Ensures that data stays within the boundaries of allocated memory
Arrays
More efficient but have fixed sizes. This makes them vulnerable to buffer overflows, off by ones, etc. Lack of runtime bounds checking in some languages. So they can be exploited to read data outside the array’s memory.
Dynamic Memory
Some bounds checking done as part of the allocation process. Pointers unlikely to point at anything ripe to change.
Inheritance
Can propagate vulnerabilities from parent classes to child classes if not properly managed.
Security Through Obscurity
Security by means of hiding implementation details. Flawed way of thinking. Bad actors always have the time and drive.
Policy Based Security
Defining rules and regulations that dictate how data, software, and infrastructure of a system should be accessed, used, and protected within an organization.
Policy Based Security Examples
Coding policy/guide, use dynamic arrays if possible, proactively keep and check array bounds for fixed arrays, peer reviews, code reuse, code audits
Fortress Defense
Makes it difficult and time consuming for attackers to breach in the system. Primarily focused on access controls.
Fortress Defense Examples
Host configuration, ACLs, authentication, role-based access controls, sandboxing, firewalling, MAC, DAC, domain type enforcement
Host Configuration
Refers to the setup and configuration of a system such as settings, permissions, installed programs, and etc.
Firewalling
A firewall is an application/device that monitors and controls incoming and outgoing network traffic. They inspect data and determine if the data us allowed or blocked depending on rules set.
ACL
Access control list. Rules or criteria that determine whether an entity is allowed or denied access to a resource or service. Filesystem ACL and Network ACL.
Authentication
Verify identity of a user. Can use passwords, multi factor authentication (MFA), certificates, and etc.
Role Based Access Controls
Assigns permissions to users based on their role within an organization.
Sandboxing
Running applications or processes in a controlled environment (such as a VM) to limit their access to system resources.
MAC
Mandatory Access Controls. A security model where access controls are determined by the owner of the information. Access controls are immutable. Access control info travels with user and data.
DAC
Discretionary Access Controls. Alterable access controls. Typically in a filesystem level, API level. You have to trust users because they can make copy of data with new ACLs
Domain Type Enforcement
Often called capabilities. Access controls at the programming interface level. Detailed divison of labor, roles, and duties. Can add a level of protection against software bugs.
Example: only shells and certain processes can fork or execute
Fortress Defense Evasion Techniques
Encapsulation, spoofing (using another’s address or identity), breach of physical security, extortion, exploit encoding and encapsulation and fragmentation
Time-Based Defense
To detect and react appropriately. Involves implementing measures to detect and prevent security breaches in real time.
Anti-Virus Software
Detect and remove malicious software such as bugs, worms, trojans, etc. Works by scanning files and comparing them against a database of known malware signatures, mire advanced forms use behavior detection.
Network Intrusion Detection/Prevention
NIDS/NIPS. Monitors lots of network traffic and identifies anomalies which are then blocked. Can be evaded by cryptography.
Host Based(Time Based Defense)
Ability to monitor and identify many system-level events.
Time Based Defense Evasion Techniques
Cryptography, encapsulation, fragmentation
Denial of Service
Many forms: disrupt services by overwhelming the target system with excessive requests, input validation problems
Good Defense Plan
Careful planning, fortress defense tactics, detection and reaction capabilities
Offense: Enumeration
Gathering information about your targets.
Passive Enumeration
Stealth: Web searching, public directories, packet sniffers, social engineering
Active Enumeration
Directly interact with victim, can be traced/alerted: Ping-sweeps, port-scanners, get OS version, use client software
Offense Strategies
Privilege escalation, memory corruption, remote code execution/injection DoS
Vulnerabilities of a System
Buffer overflows, oversights in design, input validation failures, race conditions, hardware, lack of access controls, lack of encryption, misconfigurations
Buffer Overflows and Underflows
Allows memory corruption of same process memory, can be used to inject code or elevate privileges
Injecting code/shellcode
Injecting malicious code into a system using vulnerabilities like buffer overflows, SQL injections, etc.
Oversights
Mistakes during development or configuration in a system that can add vulnerabilities. Examples: no input validation, not applying security patches, etc.
Input Validation Problems
When applications fail to properly validate user input.
Ex: SQL injections, script injections, buffer overflows
Race Conditions
When the outcome of a system’s event depends on time or sequence, it can lead to vulnerabilities.
Hardware Security Holes Examples
Cosmic rays, memory tightly packed leading to leaks, adjusting CPU frequency can make you see data or tamper with higher levels of execution
Misconfigurations
When a system is not properly configured to enforce security rules. Blame is on the new or poorly trained person
