Security+ 3 Flashcards
brute-force attacks also called known ciphertext attacks … Simple Shift Cipher : shifts each letters of alphabet a certain number of places — shift of 1 moves A’s become B’s and B’s become C’s etc .. shift of 3 moves A’s become D’s and B’s become Es, etc …
keyspace : set of all possible encryption keys usable with an algorithm …
brute force are not able to crack complex algorithms AES etc but there may be a flaw in the algorithm which brute force may be able to crack …
brute force etc …
Frequent Analysis = attacker is trying to break the code does statistical analysis of ciphertext trying to detect patterns …
Known-Plaintext Attack = attacker has access to unencrypted/encrypted message and attacker uses this knowledge to decrypt for other messages …
Chosen-Plaintext Attack = ability to encrypt a message using a selected algorithm and key; the attacker can study the algorithm and attempt to learn key being used …
Downgrade Attack = (ex : Poodle Attack) possible when system supports many types of encryption some which are insecure, attacker uses MITM to force 2 other systems attempting to communicate to switch to a weak encryption implementation the attacker can eavesdrop then crack …
Knowledge Based Attacks
Watering Hole Attacks : are client-side attacks, websites (browser and add-ons often have vulnerabilities) … often cause pop-up warnings but users usually click “OK” to security warnings … step 1 : attacker compromises a highly targeted website, step 2 : choose client exploit that will breach the security of website visitor browsers and bundles a botnet payload that joins infected systems to the botnet, step 3 : then attacker places malware on compromised website then waits for infected systems to contact back to the attacker …
Watering Hole Attacks :
Wireless Networking uses beaconing to advertise to other devices … WPA uses TKIP …
Hacking WEP : when setting up new WEP connection PC and access point exchange an IV that helps get connection established, IV sent w/o encryption because its used to create encrypted channel, if attacker captures enough different IVs attacker can reconstruct encryption key …
WPA relies on RC4 encryption standard, changes it’s key constantly with a new key for each packet … known attacks allow injection of packets and some limited decryption and they work against TKIP … WPS pins cant be changed …
WPA etc …
Jamming and Interference Attacks seek to deny users to wireless network, attacker brings powerful transmitter into vicinity of wireless network and broadcasts a very strong signal which overpowers legitimate access points. War Driving uses programs linked with GPS to plot which networks are vulnerable, ex of tools : iStumbler, or website wigle.net …
Propagation Attacks
enterprise grade wireless has built in Intrusion Detection capabilities, unknown radios on network can be identified with handheld tools to help locate them … Evil Twin, making a duplicate spoof SSID, karma toolkit can automate evil twin process, search for adjacent networks, create fake AP, etc …
Rogue AP Detection
Deauthentication Frame (DF) disconnects devices when rogue access point is detected, the access point sends a special frame (DF) to targeted client informing client it has been disconnected from network and must re-connect and re-authenticate - the DF is sent by AP to client and it bears source MAC address and destination MAC address of client … this attack can be repeated for : gather authentication info for cryptograhic attacks, do DoS’s on wireless networks …
Disassociation Attacks
Bluejacking = attacker sends spam mesages directly to a device, they try to lure the victim into doing some action or setup for more advanced attack. Bluesnarfing = attacker forces pairing between devices and connection grants access to the device, can also monitor the device. Disable NFC on devices if not using them, apply patches …
*** eletronic toll systems use RFID and so do atm/credit cards …
Bluejacking etc …
Application Hardening : use proper authentication, encrypt sensitive data, validate user input, avoid and remediate known exploits … Application Configuration : type and scope of encryption, users with access to application, access granted to authorized users, security of underlying infrastructure …
Application Hardening
SQL Injection Attacks : use web applications as mechanism to illegitimately access database servers that support web applications and retrieve sensitive info or make unauthorized modifications to the database … mitigate by : validate all user input check that user input matches the expected format …
SQL Injection Attacks