Recognizing Security Threats Flashcards
Ping of death and Unreachable gateway are two types of what?
DOS attacks
What feature of loadbalancers can be employed to mitigate DDoS attacks?
TCP SYN cookie option
what type of permanent DoS attack can be done remotely?
Phlashing denial of service
what type of DoS attack involves spoofing a victim’s IP address to send large of number of pings to the network broadcast address so that the victims machine will be overwhelmed with the responses?
Smurfing
list the steps of a SYN Flood DoS attack
1) attacker sends SYN with flag set to 1
2) server responds with SYN-ACK and reserves memory waiting for response
3) attacker does not respond and instead sends another SYN and continues until memory is used up
Which type of DDoS attack tool incorporates Tribal Flood Network techniques
Stacheldraht
What two techniques enhance the effectiveness of a DoS attack?
Reflective/Amplified
DNS amplification attack works by the attacker sending what to an open resolver (DNS server)? Then what happens?
the attacker sends a small DNS message using the victim’s IP address as the source. It returns all known information about the DNS zone to the victim’s server.
Which version of NTP can prevent an NTP reflection attack?
4.2.7
What packet/protocol abuse software is used by attackers to by-pass firewall restrictions? How does it do it?
Iodine
It allows IPv4 traffic to be encapsulated in DNS packets
list 5 types of spoofing
1) ARP spoofing (attacker’s MAC becomes the gateway)
2) MAC spoofing (forges MAC address)
3) IP Spoofing
4) Email Spoofing
5) DNS spoofing (cache poisoning)
What simple technique can be applied to defeat brute force attacks?
Setting an account lock-out policy
Session Fixation, Session Sidejacking and Cross-site scripting are techniques used in what type of attack?
Session Hijacking
what type of session hijacking involves an attacker setting the session ID ahead of time then disconnecting the user after authentication has completed to steal their ID?
Session Fixation
an attacker steals the session key from memory on the victim’s computer, what attack is this called?
Session sidejacking
In VLAN tagging, what does the attacker do?
They place a fake VLAN tag into the packet along with the real tag - double tagging.
What accounts should be disabled as default?
default administrator accounts
what type of malware executes when a particular event takes place and can be used to foist forensic investigations?
Logic Bombs
viruses don’t need any action taken by the user but worms do - TRUE or FALSE?
FALSE, Worms don’t need assistance.
Placing limits of sharing, writing and executing programs can help mitigate what type of security threat?
Worms
how do file virus do their damage?
By replacing some or all of the target program’s code with it’s own. Only when it is executed can it work.
Missing Operating System or Hard Disk Not Found are symptoms of what?
Boot-Sector virus
What type of security threat can the below two principles mitigate?
1) Principle of Least Privilege
2) Separation of Duties
Insider Threat
To mitigate insider threats, what should you do when an employee has been terminated?
Remove all network access
Once inside a network, how might an attack get TCP packets past the firewall and out of the network to communicate with their servers?
By encapsulating TCP packets in DNS or ICMP
What type of attack involves taking advantage of a vulnerability that has not yet been patched?
Zero-day attack
What is the Tribal Flood Network?
A set of computer programs used to conduct DDoS attacks.
What’s the difference between a Rogue AP and an Evil Twin. What do hackers use them for?
A rogue access point is an unauthorized access point that has been installed on a network. A hacker will use it to gather information by using it sniff packets or simply access the wired network
Evil Twin is also a rogue access point but this use is slightly different. It is set up to mimic the SSID of a legitimate AP causing users to connect to it. It is not connected to a company’s network. Hackers use it to steal information the users enter when they browse the web.
What does jamming involve?
an attacker using noise on the same frequency as the wireless signal. This prevents users connecting to the wireless network or intermittent connectivity.
what attack attempts to discover the pre-shared key? How does it work? What security method is most susceptible to it?
Called Initialization Vector attack. The IV is a number and some security protocols use it a long with the pre-shared key to encrypt the transmission. If the attacker knows the IV they will discover the key.
Because the IV uses only a 24-bit number the likelihood of a repeat IV number is the same.
The attacker injects packets into the AP to increase the probability of a key being reused.
What’s the name given to the practice of sending unsolicited messages to nearby bluetooth devices?
Bluejacking
You’ve just used obexftp to steal information from someone’s phone, what have you just done?
Bluesnarfing
How is bluebugging different to bluesnarfing?
Bluesnarfing involves stealing information from a phone over bluetooth connection, but Bluebugging installs a back door which allows the attacker to do things like make the hijacked phone call their phone so they can listen in on conversations in the same room.
How do you reduce the chances of bluetooth attacks?
ensuring devices are paired manually
Why is it called a replay attack?
because the attacker captures data, alters it, then re-sends or replays the data in attempt to impersonate one of the parties.
What 3-types of attack is RFID susceptible to?
sniffing
replay
DoS
