Recognizing Security Threats

Question 1

Ping of death and Unreachable gateway are two types of what?

Answer 1

DOS attacks

Question 2

What feature of loadbalancers can be employed to mitigate DDoS attacks?

Answer 2

TCP SYN cookie option

Question 3

what type of permanent DoS attack can be done remotely?

Answer 3

Phlashing denial of service

Question 4

what type of DoS attack involves spoofing a victim’s IP address to send large of number of pings to the network broadcast address so that the victims machine will be overwhelmed with the responses?

Answer 4

Smurfing

Question 5

list the steps of a SYN Flood DoS attack

Answer 5

1) attacker sends SYN with flag set to 1
2) server responds with SYN-ACK and reserves memory waiting for response
3) attacker does not respond and instead sends another SYN and continues until memory is used up

Question 6

Which type of DDoS attack tool incorporates Tribal Flood Network techniques

Answer 6

Stacheldraht

Question 7

What two techniques enhance the effectiveness of a DoS attack?

Answer 7

Reflective/Amplified

Question 8

DNS amplification attack works by the attacker sending what to an open resolver (DNS server)? Then what happens?

Answer 8

the attacker sends a small DNS message using the victim’s IP address as the source. It returns all known information about the DNS zone to the victim’s server.

Question 9

Which version of NTP can prevent an NTP reflection attack?

Answer 9

4.2.7

Question 10

What packet/protocol abuse software is used by attackers to by-pass firewall restrictions? How does it do it?

Answer 10

Iodine

It allows IPv4 traffic to be encapsulated in DNS packets

Question 11

list 5 types of spoofing

Answer 11

1) ARP spoofing (attacker’s MAC becomes the gateway)
2) MAC spoofing (forges MAC address)
3) IP Spoofing
4) Email Spoofing
5) DNS spoofing (cache poisoning)

Question 12

What simple technique can be applied to defeat brute force attacks?

Answer 12

Setting an account lock-out policy

Question 13

Session Fixation, Session Sidejacking and Cross-site scripting are techniques used in what type of attack?

Answer 13

Session Hijacking

Question 14

what type of session hijacking involves an attacker setting the session ID ahead of time then disconnecting the user after authentication has completed to steal their ID?

Answer 14

Session Fixation

Question 15

an attacker steals the session key from memory on the victim’s computer, what attack is this called?

Answer 15

Session sidejacking

Question 16

In VLAN tagging, what does the attacker do?

Answer 16

They place a fake VLAN tag into the packet along with the real tag - double tagging.

Question 17

What accounts should be disabled as default?

Answer 17

default administrator accounts

Question 18

what type of malware executes when a particular event takes place and can be used to foist forensic investigations?

Answer 18

Logic Bombs

Question 19

viruses don’t need any action taken by the user but worms do - TRUE or FALSE?

Answer 19

FALSE, Worms don’t need assistance.

Question 20

Placing limits of sharing, writing and executing programs can help mitigate what type of security threat?

Answer 20

Worms

Question 21

how do file virus do their damage?

Answer 21

By replacing some or all of the target program’s code with it’s own. Only when it is executed can it work.

Question 22

Missing Operating System or Hard Disk Not Found are symptoms of what?

Answer 22

Boot-Sector virus

Question 23

What type of security threat can the below two principles mitigate?

1) Principle of Least Privilege
2) Separation of Duties

Answer 23

Insider Threat

Question 24

To mitigate insider threats, what should you do when an employee has been terminated?

Answer 24

Remove all network access

Question 25

Once inside a network, how might an attack get TCP packets past the firewall and out of the network to communicate with their servers?

Answer 25

By encapsulating TCP packets in DNS or ICMP

Question 26

What type of attack involves taking advantage of a vulnerability that has not yet been patched?

Answer 26

Zero-day attack

Question 27

What is the Tribal Flood Network?

Answer 27

A set of computer programs used to conduct DDoS attacks.

Question 28

What’s the difference between a Rogue AP and an Evil Twin. What do hackers use them for?

Answer 28

A rogue access point is an unauthorized access point that has been installed on a network. A hacker will use it to gather information by using it sniff packets or simply access the wired network
Evil Twin is also a rogue access point but this use is slightly different. It is set up to mimic the SSID of a legitimate AP causing users to connect to it. It is not connected to a company’s network. Hackers use it to steal information the users enter when they browse the web.

Question 29

What does jamming involve?

Answer 29

an attacker using noise on the same frequency as the wireless signal. This prevents users connecting to the wireless network or intermittent connectivity.

Question 30

what attack attempts to discover the pre-shared key? How does it work? What security method is most susceptible to it?

Answer 30

Called Initialization Vector attack. The IV is a number and some security protocols use it a long with the pre-shared key to encrypt the transmission. If the attacker knows the IV they will discover the key.

Because the IV uses only a 24-bit number the likelihood of a repeat IV number is the same.

The attacker injects packets into the AP to increase the probability of a key being reused.

Question 31

What’s the name given to the practice of sending unsolicited messages to nearby bluetooth devices?

Answer 31

Bluejacking

Question 32

You’ve just used obexftp to steal information from someone’s phone, what have you just done?

Answer 32

Bluesnarfing

Question 33

How is bluebugging different to bluesnarfing?

Answer 33

Bluesnarfing involves stealing information from a phone over bluetooth connection, but Bluebugging installs a back door which allows the attacker to do things like make the hijacked phone call their phone so they can listen in on conversations in the same room.

Question 34

How do you reduce the chances of bluetooth attacks?

Answer 34

ensuring devices are paired manually

Question 35

Why is it called a replay attack?

Answer 35

because the attacker captures data, alters it, then re-sends or replays the data in attempt to impersonate one of the parties.

Question 36

What 3-types of attack is RFID susceptible to?

Answer 36

sniffing
replay
DoS