Software Development Security Flashcards
What is a distributed application?
An application that consists of components that reside on separate, networked systems.
What are the 3 distinct issues to be aware of when securing distributed systems?
- Software integrity
- Data integrity
- Access Control
What is an agent in relation to distributed systems?
A software component in a distributed system that performs a particular service
Patch Management, Host base Intrusion Detection systems and Performance & Capacity Management Systems are all examples of what?
Agents in a distributed system
What is an applet in a distributed system?
A component that’s downloaded and executed by a web browser
What are the two most common applets?
Java and Active X
Java code runs in a constrained environment meaning that it can only communicate with the host from which it was downloaded? What is this commonly known as?
A sandbox
How does the security philosophy for Active X differ to that of Java?
The person running the web browser gets to determine whether they trust all Active X applets coming from a particular server. Digital certificates prove whether the Active X applet is genuine.
Which of the following applets doesn’t use a concept of a sandbox? Java or Active X?
Active X
Mobile code thats downloaded from a server and run on a client is otherwise known as what?
An applet
Should Active X be blocked by enterprises?
Yes
What is Web 2.0?
web features such as wikis, blogs, web services, mashups, communities, information sharing, etc. that utilises different features on other websites.
In terms of applets, what is a mashup?
A web page or applications that combines functionality from external applications through their published Application Programming Interfaces (API)
An online map that displays locations that come from different online applications implement what?
Mashups
What is the principle of an Object-oriented environment?
Objects after they are written, can be used again and again making an enterprises entire software development more efficient over time
What is encapsulation with regards an object oriented environment?
inner workings of the object are hidden
What term is used to describe an object performing a function?
A method
What term is used to describe an object that is running?
An instance (also refers to an object that is a member of a class of objects)
What is a behaviour in relation to an object oriented environment?
The result of an object having received a message
A template that defines the methods and variables to be included in a particular type of object is known as what?
A class
Real world example of a class?
Class = Cake Object = Chocolate Cake Method = recipe
the tree structure of a collection of classes and objects is known as what?
Class hierarchy
What is delegation in relation to OO?
An object that delegates a message to another object that contains the correct method. Happens when an object doesn’t have the requested method.
An object that gets some of it’s characteristics from a class is known as what?
Inheritance
How do objects communicate with one another?
Through messages
What is Multi-inheritance?
When an object inherits characteristics from more than one class
What is the basic unit in OO?
The Object
What is Poly-instantiation?
the process of developing one object from another object, but with different values in the new object
What is Polymorphism?
the ability to hide implementation details behind a common message interface. permits objects to be added to the system without having to re-write existing procedures
What are the 4 most common types of databases in use today?
Relational
Hierarchical
Object-oriented
Network
What is one way of simplifying security issues in a database, by allowing granular access, but through a virtual table using fields and rows from one or more tables in the database.
A View
What does aggregation mean with regards databases?
the process of combining separate low sensitive data items to produce a high sensitive data item
Which concept refers to the ability of someone to deduce or infer something about sensitive data that beyond normal reach because of its sensitivity level
Inference
An application that cites the existence of highly sensitive information within it to users is know as what?
Inference
What is a database of databases known as?
Data dictionary
What 3 things can you control with a data dictionary?
- create or re-create tables
- manage security access
- a control point for managing the schema of an applications database
What is the difference between a data warehouse and production database?
production database used for business operations, whereas data warehouse is used for research, decision support, planning, etc.
Why should a production database not be used for data warehousing purposes?
can impact the performance of normal business operations.
In a data warehouse, figuring out trends about customers/business activities is commonly known by which two terms?
Data Mining
Business Intelligence
Data mining can be used to detect fraud. true or false?
true
Which type of database is arranged in a tree structure with parent records at the top of the database and child records at successive layers? Relational Hierarchical Object-oriented Network
Hierarchical
Which type of database is an improvement to the design of hierarchical databases where records can be networked to other records via paths that don’t follow the normal tree structure?
Relational
Object-oriented
Network
Network
Which type of database has relationships between datasets with the freedom of a network database, but without the constraints of a hierarchical database?
Relational
Object-oriented
Relational
Which type of database is part of the overall object oriented application design? Relational Hierarchical Object-oriented Network
Object-oriented
What are two characteristics of a Relational Database?
- is defined by its schema
- records are often called rows and rows are stored in tables
In a relational database what would you use to query a table to look for a specific record?
A primary key
What is a primary key?
A field in a table that contains a unique value
In relational databases, what is a foreign key?
A field in a table that points to the primary key in another table.
A sub-routine that can be accessed by software applications is know by what term?
Stored procedures
Prepared statements are basically canned statements that can be called by the application. What are they also known as?
Parametrised statements
In a relational database what 2 methods can be used to protect against SQL injection attacks?
Stored procedures and Prepared statements
What is a distributed database?
A database whose components exist in multiple physical locations
A distributed database can be network, object oriented, relational, hierarchical or any other design. True or False?
True
An action performed on a database that results in the addition, alternation or removal of data on a database is called what?
Transaction
What can be used to protect data in a database and permit users to alter certain data in that database?
Database management System
What is the dominant computer language used to manipulate data in a database?
SQL (Structured Query Language)
In databases a mechanism used to avoid collisions in which two or more programs may be trying to update the same table or row at the same time is known as what?
Locking
What is used to describe a system that can make decisions or predict the future based on historical data?
Knowledge Based System
Which type of system builds a database of past events in order to predict outcomes in future situations?
Expert Systems
Expert systems are designed to work with a degree of uncertainty. In what two ways do they do this?
- Fuzzy logic
- Certainty factors
What is fuzzy logic?
the component of an expert system that produces a quantitative result based on uncertainties. breaks down the factors influencing a decision
What is a certainty factor?
Operates on the numeric probabilities of yes/no, true/false, etc.
What is a neural network?
accumulates knowledge by observing events, measuring their input and outcome. Overtime it becomes proficient at predicting the correct outcome. Learns that input components are weighted.
What is the central component of an operating system?
The kernel
What are the 4 primary activities carried out by the kernel?
- Process Management: controls execution/termination of programs
- Memory Management: allocated memory to itself as well as running processes
- Interrupts: signal sent to the kernel to temporarily suspend processing
- Hardware Resource Management: manage process access to computer hardware.
What part of the OS permits interaction between the kernel and specific hardware connect to the computer?
Device Drivers
What are the two primary OS interfaces?
Graphical and Command Line
What are the 5 main security functions that an OS carries out on a computer?
- Authentication
- Access Control
- Process isolation
- Network communication
- File-system Access
What are the 2 objectives of a system development life-cycle?
- A system that performs its intended function correctly and securely
- A development project that’s completed on time and in budget
In which type of system development model are stages performed sequentially?
Waterfall
In a Waterfall model which of the following is used to provide a high level description of a system? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Conceptual Definition
In a Waterfall model which of the following lists required characteristics/features of a system? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Functional Requirements
In a Waterfall model at which stage should a test plan be outlined detailing characteristics of the system that should be tested? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Functional Requirements
In a Waterfall model at which stage are the "what we think we can build" statements included? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Functional Specifications
In a Waterfall model at which stage should details about authentication, authorisation, access control, confidentiality, transaction auditing, integrity, availability, etc. be contained? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Functional Specifications
In a Waterfall model at which stage would database schemas, data flow diagrams, over the wire protocols etc. be inlcuded? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Design
In a Waterfall model At which stage would unit testing (process of verifying all the modules that are built) be carried out? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Coding
What is OWASP (The Open Web Applications Security Project)?
Provides guidelines for secure coding practices
In a Waterfall model At which stage would you check for programming erros? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Code review
What is Unit Testing?
allows a tester or developer to verify the correct functioning of individual modules of an application.
In a Waterfall model At which stage is a system tested end to end? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
System test
In a Waterfall model At which stage is a system evaluated and declared fully functional? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Certification & Accreditation
What is the difference between certification and accreditation?
Certification is a formal system evaluation whereas accreditation is done by senior management tat have said it’s ok to put the system into production.
In a Waterfall model At which stage is change management and configuration management carried out? Conceptual Definition Functional Requirements Functional Specifications Design Design Review Coding Code review System test Certification & Accreditation Maintenance
Maintenance
The process of approving modifications to a production environment is known as what?
Change Management (the what)
the process of recording modifications made to a production environment is called what?
Configuration Management (the how)
name 4 common system development life-cycle models?
Waterfall
Spiral
Scrum
RAD (Rapid Application Development)
What should the 5 security principles be in software development?
- Security in the requirements
- Security in the design
- Security in testing
- Security in the implementation
- Ongoing security testing
What 12 applications security controls should be considered when developing a system?
- process isolation
- hardware segmentation
- separation of privilege
- accountability
- defence in depth
- abstraction
- data hiding
- system high mode
- security kernel
- reference monitor
- supervisor and user mode’s
- SLA’s
Application Security: What is process isolation?
running processes aren’t allowed to view or modify memory or cache assigned to another process (isolation carried out by OS so developer shouldn’t have to worry about this)
Application Security: What is hardware segmentation?
the practice of isolating functions to separate hardware platforms to ensure the integrity and security of system functions, ie separation of a development environment and a production environment.
Which two of the following are used to re-enforce the concept of separation of duties and least privilege?
- process isolation
- hardware segmentation
- separation of privilege
- accountability
- defence in depth
- abstraction
- data hiding
- system high mode
- security kernel
- reference monitor
- supervisor and user mode’s
- SLA’s
- hardware segmentation
- separation of privilege
Application Security: What is separation of privileges?
assures that no individuals or objects have excessive functions on a system
Application Security: What is Abstraction?
a process of viewing an application from its highest level functions, which make all lower level functions into abstractions.
In abstraction, lower level functions are treated as black boxes. What does this mean?
Known to work, even if we don’t know how.
Application Security: What is system high mode?
refers to a system that operates at the highest level of information classification.
Application Security: What is the Security Kernel?
- composed of hardware, software and firmware components that mediate access and functions between subjects and objects.
- part of the protection ring model in which the OS kernel operates the innermost ring and has full access to all system data/hardware with user programs occupying outer rings with fewer access privileges.
What does the security kernel use to enforce access control on a system?
Reference Monitor
Why should a business application run in user mode rather than supervisor mode?
An application running in supervisor mode could bypass some or all security controls
What 8 minimum standards should be defined in an SLA?
- Hours of availability
- Average and peak number of concurrent users
- Transaction throughput
- Data storage capacity
- Application Response Times
- Service Desk Response Times
- Security Incident Response Times
- Escalation process during times of failure
What are the characteristics of a virus?
- to replicate itself. spreads by making identical copies of itself on files that are likely to be transported to other computers.
- can be booted from media, run from a .exe, macros in documents/image files, Javascript, Active X, etc.
A virus that can spread by both using the boot sector and executable files is called what?
A multi-partite virus
What is the difference between a worm and a virus?
Worms propagate by attacking known weaknesses on systems whereas viruses propagate via programs, ie .exe
Conficker, Code Red, NIMDA and Storm are all types of what?
Worms
A malicious program that hides itself within the target machine in order to evade detection is known at what?
A rootkit
Name 5 types of rootkits?
- Hardware
- Firmware
- Hypervisor
- Kernel
- Library
Which type of rootkit normally requires a compromise in the manufacturers supply chain that permits the substitution of a component in a computer with one that includes rootkit code?
- Hardware
- Firmware
- Hypervisor
- Kernel
- Library
Hardware
What is the most likely scenario in which a firmware could be infected by a rootkit?
Firmware updates
What are the characteristics of a Hypervisor rootkit?
- Operates as a virtual machine running between the hardware and the OS.
- The running OS is a guest on the hypervisor environment.
- can intercept all communications such as input/output with devices such as disk drives.
What is a kernel rootkit?
Utilises malicious code to insert itself into the OS kernel.
What is a Library rootkit?
Inserts rootkit code into an OS code’s library. Rather than alter the disk copy of a library file, a rootkit alters the memory image only.
Why are rootkits difficult to detect?
rootkits exist in a location that the Anti-Virus program is unable to access or is not designed to access.
An object that claims to be one thing, but turns out to be something else is known as what type of malicious code?
Trojan Horse
What are the characteristics of a trojan horse?
- generally don’t spread by replicating themselves
- normally delivered either via email with a malicious payload such as .exe or file with macros or via a pop-window with a link.
Which two types of malicious could generally spread through replication?
Worms and Viruses
A pop-up windows trojan that attempts to pressure a user into installing software because their machine is infected is known as what?
Scareware
A phony virus warning message that is designed to cause panic is otherwise known as what?
A hoax
Which type of program is designed to cause damage when some sort of computer/network event has occurred?
Logic Bomb
What are the characteristics of a logic bomb?
- invokes when a specific computer/network event occurs.
- don’t replicate, but can be delivered via viruses or worms
What would be two ways of combating logic bombs?
- code reviews
- controls that prevent unauthorised changes from being inserted into software and systems.
What is a malicious applet?
Active X/ Java applet carrying malicious code.
Why is it easier to write a destructive Active X applet than a Java applet?
Active X applets normally have unfettered access to the entire computer, whereas a Java applet is sandboxed.
Which type of logic bomb functions as part of a program and performs an undocumented function whenever certain conditions are met to bypass security controls?
Trapdoor
What is Hidden Code in relation to Malicious Code?
If an attacker can modify or replace programs on the target system, he or she may elect to install hidden code that usually carries out some sort of malicious act.
An applications reporting program that also happens to erase certain entries fro an audit trail can be categorised as which type of malicious code?
Hidden code
An attack where the attacker attempts to insert instructions into a computer programs input field, in an attempt to prompt the program to perform functions unintended by the programs developer is known as which type of attack?
Injection Attack
What are two common types of injection attacks?
SQL injection: injects SQL statements in an attempt to trick a backend database to perform specific funtions.
Frame injection: attacker attempts to load arbitrary code into a browser into order to steal other data from other frames present in the browser session.
Frame injections are also commonly known by which two names?
Cross Frame Scripting
XFS
Which type of attack is one where an attacker is able to inject client-side scripts into web pages viewed by other intended victims and allows an attacker to bypass security mechanisms in websites/browsers?
Cross-site scripting attack (XSS)
What are the two principal types of XSS attacks?
Non-persistent and persistent
Which type of XSS attacks tricks a user to clicking a malicious URL containing a malicious script, which for instance could steal the users session cookies?
Non-persistent XSS attack.
Which type of XSS attack is malicious code stored within a browser/website?
Persistent XSS attack
In which type of an attack, does an attacker attempt to trick a victim into clicking on a link which then performs some sort of action that the victim would not approve?
Cross-site request forgery (CSRF)
What are two common methods of protecting against Cross-site request forgery attacks?
- the inclusion of a one-time-use hidden variable such as a nonce on important web pages. the website keeps track of these hidden variables and any variation indicates potential tampering.
- inclusion of a secondary approval dialogue for any significant transaction, ie on a banking website.
What is the purpose of a Denial of Service attack?
To make a system unavailable
What are the two types of Dos Attacks?
- attacker floods the victims system with a large number of network packets that legitimate users of the system cannot reach.
- attacker creates a specific message that is designed to cause the target system in malfunction and stop running
What is a DoS SYN attack?
- exhausts a systems resources to the point that it can no longer function.
What is the Ping of Death attack?
a malformed or extremely large ping packet is sent to the target system
What is a Distributed Denial of Service attack (DDoS)?
occurs when an attacker uses multiple systems to attack a target system simultaneously
Which type of attack is used to crack computer passwords using common words found in the dictionary?
A dictionary attack
What does a dictionary attack first require in order to be successful?
A copy of the Unix password/shadow file or Windows SAM file.
Which type of attack changes the network identity of a computer or program so as to trick the targeted system into granting access? ie a target system may only accept telnet requests from specific IP’s which the attacker masquerades as
Spoofing
In a spoofing attack, when the target system replies, will the reply go to the attacker spoofing the address or the actual address itself?
Address itself
What are 4 ways of preventing spam?
- Centralised appliance: appliance connected to the network ahead of the email server.
- Spam blocking service: third party service receives the email, blocks out the spam. advantage is a complete absence of spam consuming network resources.
- Spam blocking software: anti-spam software running on email server removing spam when they enter or after they are stored. less widely used.
- Workstation based software: almost never used anymore.
What are the most effective spam blocking services?
those that are centralised and placed as far ahead of the email servers as possible.
What are 4 technical forms of social engineering?
Phishing
Pharming
Spear-phishing
Whaling
Which technical form of social engineering involves the create of genuine looking email messages that direct a user to a fake site such as on-line banking to enter details? Phishing Pharming Spear-phishing Whaling
Phishing
Which technical form of social engineering hacks a user's DNS to re-direct them to a fake site? Phishing Pharming Spear-phishing Whaling
Pharming
What is spear phishing?
An attacker targets certain users or groups of users, ie a phisher may know the specific online financial institutions that a group of users use.
What is Whaling?
A type of phishing attack that targets seniot executives in an organisation.
Which type of social engineering attack is a special form where an attacker poses as an admin or vendor, telling unsuspecting users that a flaw has been discovered in the system and they should install a certain patch (usually a trojan horse)
Pseudo flaw attack
A developer that buries software code in order to expose features, functionality, data , etc is known as what?
A maintenance hook
What can be the problems with identifying maintenance hooks?
Normally undocumented and are designeed to evade detection
What is a technical form of eavesdropping?
packet sniffers
How can an attacker use traffic analysis and inference?
Analyse traffic patterns and other types of transmissions in order to make inferences about something her or she wants to know more about, ie sabotage a system during high network utilisation. normally part of a bigger plan.
Which type of attack involves an attacker attempting to login with a user ID using every possible password?
Brute force attack
How can a brute force attack easily be prevented?
Account lockout after a number of failed attempts.
how does Anti-Virus software work?
intercepts OS routines that store files and open files.
What is heuristics in relation to AV?
the AV software detects certain kinds of anomalous behaviour instead of checking for a virus signature such as the replacement of a .exe with a newer version.
What are the two common methods used by AV vendors today?
Signatures and heuristics
What are the 3 benefits of using heuristics?
- conservation of space: signature files grow large.
- decreased download time: rate of virus creation means that you need to update signatures more and more frequently.
- improved computer performance: computer is focused on symptoms rather than does or doesn’t a file possess a virus signature.
What is the difficulty in preventing new forms of malware?
virus code is scrambled each time it is sent to another computer meaning that a new signature is required for each one
Other than AV, what are 3 other ways of commonly fighting against malware?
- Application whitelisting: permit only registered applications to execute on a workstation
- Data Leakage Prevention: Programs and network devices are designed to detect possible data leakage
- malware callback detection: network devices that listen for signs of malware calling home, ie point of origin
What is a hacker?
A broad-brush term describing anyone with computer hacking skills?
An individual with a low technical acumen of that of real hackers and that use programs developed by hackers are called what?
Script kiddies?
What was the original terms to describe someone that cracked long distance telephone networks in order to get free long distance calls?
Phreakers (often used to describe hackers that break into systems in order to obtain free services)
What is the difference between a black hat hacker and white had hacker?
Black hat = bad guys
White hat = good guys
What is bounds checking?
Field size, time, date, etc. think of buffer overflow attacks
software development is covered in which ISO standard?
ISO 9000
Which type of software development method is preferred for system security?
Non-iterative or iterative
Non-iterative
What are three types of non-iterative security models?
- Structured Programming Development: requires defined processes and modular development. Each phase is subject to reviews and approval
- Spiral Method: nested version of Waterfall model. each phase of waterfall has 4 sub-stages based on the common Deming PDCA (Plan-Do-Check-Act). incudes risk assessment.
- Cleanroom: engineering process for development of high quality software. method of controlling bugs in software. goal is to write code correctly the first time. more time spent on early phases to reduce testing. quality achieved through design rather than testing.
What is the difference between iterative and non-iterative system development models?
Iterative allow for refinements of design, coding, requirements.
What are 5 types of iterative system development models?
- Prototyping: objective is to build a simplified version of the app.
- Modified Prototype Model (MPM): form of prototyping that’s ideal for web app development. maintenance phase begins straight after deployment. app evolves as business requirements evolve.
- Rapid Application Development (RAD): form of rapid prototyping. disadvantage is rapid development can result in poor decisions on design.
- Joint Analysis Development (JAD): Integral part of RAD and other methods. based on key players communicating at critical phases of project
- Exploratory Model: based on assumptions without structure. due to this security may play second fiddle.
What 4 system development methods do not rely on the iterative/non-iterative model?
- Computer Aided Software Engineering (CASE):
- Component Based Development (similar to Object oriented programming)
- Reuse Model (object oriented)
- Extreme Programming:based on values or simplicity, communication and feedback. fairly structured approach.
What 3 sub-languages are there in SQL?
- Data Definition Language (DDL):used to create databases, tables, views.
- Data Manipulation Language:used to query, insert,extract data
- Data Control Language:used to control access to data
Which sub-language of SQL is of primary concern in relation to security?
Data Control Language (DCL)
What are the 5 database interface languages?
- Open Database Connectivity (ODBC)
- Java Database Connectivity (JDBC)
- eXtensible Markup Language (XML)
- Object Linking and Embedding Database (OLE DB)
- Active X Data Objects (ADO)
Which Database Language Interface is the dominant means of standardised data access?
ODBC
What are common security issues with ODBC?
- username and password stored in plaintext
- call and returned data sent in cleartext
- calling applications must be checked to ensure they don’t combine data from multiple sources, ie data aggregation.
- calling applications must be checked to ensure they do not exploit ODBC drivers.
- poor user verification
How can access to databases through the internet be secured?
create a tiered application approach that manages data in layers. most use a three tier approach: presentation layer, business logic layer and data layer (internet computing model)
What are the advantages and disadvantaged to the internet computing model for db access via the web?
Advantage is that the user does not directly access the data.
Disadvantage is that if the db has security featuresm they may be lost through the middle translation layer.
What is a general metadata standard relating to the retrieval of information resources? (particularly form the web)
The Dublin Core Metadata Element Set
What is Online Analytical processing?
provide an analyst with the ability to formulate queries, and based on the outcome of the queries, define further queries.
The locking of data in a database and related requirements is known as an ACID test. What does this stand for?
- Atomicity: when all parts of a transaction’s execution is committed or rolled back.
- Consistency: occurs when a database is transformed form one valid state to another valid state.
- Isolation: isolating one transaction from another
- Durability: ensures completed results are permanent.
In which SQL standards can individual object rights be assigned?
SQL 92
In a non object oriented database, how can restrictions be applied to a database?
by user
by view
by individual items
What 3 security controls can be applied to object oriented databases?
Metadata controls ,ie data dictionary
Data contamination controls, ie input/output controls
Online Transaction Processing: record all busines transactions
What are the security concerns for OLTP systems?
Concurrency and Atomicity
What is “Full Disclosure” in relation to software licensing?
where an individual publicly disseminates information regarding vulnerabilities they have found in software.
What is a low level programming language?
machine and assembly languages (closer in form to the binary language of the computer)
What are high level languages?
High level languages become closer to human language and introduce standards which can be beneficial for security. Java and C are examples.
Languages are generally separated into generations what are they?
1st: binary, hex
2nd: symbols as abbreviations for instructions
3rd: meaningful words
4th: query languages
5th: natural language interfaces
What is JavaScript?
allows control over most of the features of a web browser. security management in javascript is minimal. either its enabled or disabled.
What are the 3 parts of the Java Security approach?
- Verifier: memory and bounds checking
- Class Loader: Load and unloads classes
- Security Manager: protects against rogue functionality
What is a weakness of the 3 part java security model?
if any of the 3 parts fail to operate the security model may be compromised.
Security enhancements to Java can provide:
- validating certification paths
- managing certificate revocation lists
- kerberos support
- authentication and access controls
- encryption, key generation, message authentication
- Java Secure Sockets Extension: implements java version of SSL/TLS and inlcudes data encryption, serevr authentication, message integrity, optional client authentication.
What is a “Between the Lines Attack”?
occurs when telecommunications lines used by an authorised user are tapped into and data falsely inserted.
Klez and SirCam are which type of virus?
have the ability to send data files form your system to another system.
Jerusalem is a type of which virus?
File Infector
Brain, Stoned and Michaelangelo are types of which type of virus?
Boot sector
What is a Companion/Spawning virus?
doesn’t physically touch the target file. if files are copied to a certain directory in a specific order then the directory will get infected.
Melissa, Loveletter, Hybris and SirCam are common viruses that are delivered by what means?
Concept and CAP are common examples of which type of virus?
Macro Virus
What is a Macro Virus?
uses macro programming of an application such as a word processor. most common use visual basic for applications in microsoft word.
What is a script virus?
usually standalone files that can be executed by an interpretor, ie Microsoft Windows Script Host ,.vbs.
CodeRed, LION and Nimda are types of what?
Worms
What is a Remote Access Trojan (RAT)?
designed to be installed, usually remotely, after systems are in production, not in development as is the case with logic bombs and backdoors.
BlackShades, Back Orifice, Netbus, Bionet and SubSeven are types of what?
Remote Access Trojans
What is a “Processor Privileged State”?
protects the processor and the activities it performs.
