Threats and Vulnerabilities

Question 1

Virus

Answer 1

MalwareReplicates itself on a systemCannot spread by itself

Question 2

Worms

Answer 2

Propagates on it’s ownNoes not need a host application to be transportedSelf Contained

Question 3

Trojan Horse

Answer 3

Program disguised as another programMay be included as an attachment or as part of an installation program.

Question 4

Logic Bomb

Answer 4

Malware inserted into a system which sets off an action when specific conditions are met.

Question 5

Rootkits

Answer 5

Has ability to hid spyware blockers, anti-virus program and system utilities. Runs at root level or admin access.

Question 6

Backdoors

Answer 6

Bypass normal authentication methods. Full access to every aspect of the device.

Question 7

Ping-of-Death

Answer 7

ICMP packet that is larger than allowed >65500

Question 8

Land Attack

Answer 8

Creates packet with the same source and destination address. Creates a loop.

Question 9

Teardrop Attack

Answer 9

Attacker creates a large packetOverlaps offset bits - packets never able to be reassembled

Question 10

SYN Flood

Answer 10

Attacker sends succession of SYN requests to a target with bogus return address.Not effective against modern networks”half open handshake”

Question 11

Smurf/Fraggle Attack

Answer 11

“broadcast attack”Attacker sends out ping with address of someone else’s address as return and have it sent to the broadcast address. Smurf=ICMP PacketsFraggle=UDP packets

Question 12

Session Hijacking

Answer 12

Type of man in the middle attack Takes control of an active TCP session by using sequence number guessing.

Question 13

Repudiation Attacks

Answer 13

Cannot tell who wrote it or where it came from.

Question 14

Xmas Scan Attack

Answer 14

Conducted with XmasPacket with every option set for the protocol is in use. Assumptions made by how the computer responds

Question 15

Spear Phishing

Answer 15

Email/IM scam
Particular target
Inside information needed

Question 16

Whaling

Answer 16

Spear phishing

Directed toward high profile figures in organization

Question 17

Transitive Access

Answer 17

Service that invokes another service to satisfy an initial request. Result of poor choice of access control mechanism (uses authentication to make access decisions). Tries another way when one isn’t successful.

Question 18

Buffer Overflow (what it is/safeguards)

Answer 18

More info than buffer can hold and then computer crashes.

Can create a DoS attack
Nop/Noop - Non-operational data

Safeguards: Input validations, patch/upgrade

Question 19

XSS (what it is/safeguards)

Answer 19

Cross-Site Scripting
Add comments/code to web pages which allows code injection.
Could redirect valid data somewhere else

Safeguard: Input validation, tie cookies to IP addresses

Question 20

SQL Injection (what it is/safeguards)

Answer 20

Code put in a database via web form
Allows an attacker to query data from database
DoS most common SQL
User ID = ‘ ‘ or 1=1

Safeguard: Input validation

Question 21

Transient vs Persistent Cookies

Answer 21

Transient: for current browsing session

Persistent: store for an extended period of time

Question 22

ActiveX (what it is/vulnerabilities/safeguards)

Answer 22

Microsoft mobile code that runs on the client

Authenticode:
Code signing mechanism, ID the publisher
Ensures hasn’t been tampered with before download

Vulnerabilities:
Controls saved to HDD
Execution depends on current user acct security level
Once accepted it is always accepted

Safeguards:
Patches
Do NOT allow to run by default

Question 23

Java Applets (what it is/vulnerabilities/safeguards)

Answer 23

Stand alone mobile code downloaded from server to a client.
Runs from browser

Sandbox:

• Virtual machine architecture
• Limits access to system resources
• Digitally signed can run outside the sandbox

Vulnerabilities:

• May be malicious
• Errors may allow some to escape the sandbox

Safeguards:

• Latest browser version
• Patches
• Disable
• Limit browser plug-ins

Question 24

Fail Soft

Answer 24

Shuts down any nonessential components

Question 25

Black Box

Answer 25

Examines program from user perspective

Testers do not have access to internal code

Question 26

White Box

Answer 26

Examines the internal logical structures line by line

Question 27

Gray Box

Answer 27

Combines Black/White Box

Testers approach software as user and have access to the source code.

Develop tests to be run as user.

Question 28

EAP 802.1X

Answer 28

Authentication framework
NOT specific authentication mechanism

Used over PPP and WLANs

See Domain 4 slides pg. 90

Question 29

Protocol Analyzers (what they do/types of tools)

Answer 29

Hardware or software
Analyzes traffic and breaks it down for you

Tools: Wireshark, Snort, Kismet

Question 30

Penetration Testing (what it is)

Answer 30

Attempt to break into your own network by finding weaknesses. Assess amount of business impact if it’s successful.

Need written approval before attempting

Question 31

Vulnerability Scanning (what it is/what it does/tools that do it/scanners)

Answer 31

Software that compares system to database of known vulnerabilities.

Detects potential vulnerabilities.

Tools: Protocol analyzers, port scanners, network mappers, password crackers, vulnerability scanners.

Scanners: Nessus, SAINT, NMAP, Retina

Question 32

OVAL (what it is/when it’s used)

Answer 32

Open Vulnerability and Assessment Language

Used in vulnerability scanning.

Question 33

Network Mappers (what it is/tools that do it)

Answer 33

Used to create network maps

Tools: Nmap, Solar Winds, What’s Up Gold

Question 34

Port Scanners (what it does/tools that do it)

Answer 34

Probes for all enabled TCP/UDP ports

Tools: SuperScan, NMAP, Nessus