Threats and Vulnerabilities Flashcards
Virus
MalwareReplicates itself on a systemCannot spread by itself
Worms
Propagates on it’s ownNoes not need a host application to be transportedSelf Contained
Trojan Horse
Program disguised as another programMay be included as an attachment or as part of an installation program.
Logic Bomb
Malware inserted into a system which sets off an action when specific conditions are met.
Rootkits
Has ability to hid spyware blockers, anti-virus program and system utilities. Runs at root level or admin access.
Backdoors
Bypass normal authentication methods. Full access to every aspect of the device.
Ping-of-Death
ICMP packet that is larger than allowed >65500
Land Attack
Creates packet with the same source and destination address. Creates a loop.
Teardrop Attack
Attacker creates a large packetOverlaps offset bits - packets never able to be reassembled
SYN Flood
Attacker sends succession of SYN requests to a target with bogus return address.Not effective against modern networks”half open handshake”
Smurf/Fraggle Attack
“broadcast attack”Attacker sends out ping with address of someone else’s address as return and have it sent to the broadcast address. Smurf=ICMP PacketsFraggle=UDP packets
Session Hijacking
Type of man in the middle attack Takes control of an active TCP session by using sequence number guessing.
Repudiation Attacks
Cannot tell who wrote it or where it came from.
Xmas Scan Attack
Conducted with XmasPacket with every option set for the protocol is in use. Assumptions made by how the computer responds
Spear Phishing
Email/IM scam
Particular target
Inside information needed
Whaling
Spear phishing
Directed toward high profile figures in organization
Transitive Access
Service that invokes another service to satisfy an initial request. Result of poor choice of access control mechanism (uses authentication to make access decisions). Tries another way when one isn’t successful.
Buffer Overflow (what it is/safeguards)
More info than buffer can hold and then computer crashes.
Can create a DoS attack
Nop/Noop - Non-operational data
Safeguards: Input validations, patch/upgrade
XSS (what it is/safeguards)
Cross-Site Scripting
Add comments/code to web pages which allows code injection.
Could redirect valid data somewhere else
Safeguard: Input validation, tie cookies to IP addresses
SQL Injection (what it is/safeguards)
Code put in a database via web form
Allows an attacker to query data from database
DoS most common SQL
User ID = ‘ ‘ or 1=1
Safeguard: Input validation
Transient vs Persistent Cookies
Transient: for current browsing session
Persistent: store for an extended period of time
ActiveX (what it is/vulnerabilities/safeguards)
Microsoft mobile code that runs on the client
Authenticode:
Code signing mechanism, ID the publisher
Ensures hasn’t been tampered with before download
Vulnerabilities:
Controls saved to HDD
Execution depends on current user acct security level
Once accepted it is always accepted
Safeguards:
Patches
Do NOT allow to run by default
Java Applets (what it is/vulnerabilities/safeguards)
Stand alone mobile code downloaded from server to a client.
Runs from browser
Sandbox:
- Virtual machine architecture
- Limits access to system resources
- Digitally signed can run outside the sandbox
Vulnerabilities:
- May be malicious
- Errors may allow some to escape the sandbox
Safeguards:
- Latest browser version
- Patches
- Disable
- Limit browser plug-ins
Fail Soft
Shuts down any nonessential components
