Threats & Vulnerabilities Flashcards
Denial of service
• Force a service to fail - Overload the service
- Take advantage of a design failure or vulnerability
- Keep your systems patched!
- Cause a system to be unavailable
- Competitive advantage
- Create a smokescreen for some other exploit
- Precursor to a DNS spoofing attack
• Doesn’t have to be complicated - Turn off the powe
A “friendly” DoS
- Unintentional DoSing
- It’s not always a ne’er-do-well
• Network DoS - Layer 2 loop without STP
• Bandwidth DoS
• Downloading multi-gigabyte
Linux distributions over a DSL line
• The water line breaks - Get a good shop vacuum
Distributed Denial of Service (DDoS)
• Launch an army of computers to bring down a
service
• Use all the bandwidth or resources - traffic spike
• This is why the bad guys have botnets
• Thousands or millions of computers at your
command
• At its peak, Zeus botnet infected over 3.6 million PCs
• Coordinated attack
• The attackers are zombies
• Many people have no idea they are
participating in a botnet
Zero-day attacks
- Zero-day
- The vulnerability has not been detected or published
- Zero-day exploits are increasingly common
Man-in-the-Middle
• How can a bad guy watch
without you knowing?
• Man-in-the-middle
- Redirects your traffic
- Then passes it on to the destination
- You never know your traffic was redirected
• ARP poisoning - ARP has no security
Mitigating man-in-the-middle
- Use encrypted protocols
- HTTPS, SSH
- Communicate over a secure channel
- Client-based VPN
- Use encrypted wireless networks
- Avoid insecure networks
- Public WiFi, Hotels
Brute Force Attacks
- The password is the key
- Secret phrase
- Stored hash
• Brute force attacks - Online
• Keep trying the login process
• Very slow
• Most accounts will lockout after a
number of failed attempts
• Brute force the hash - Offline
• Obtain the list of users and hashes
• Calculate a password hash,
compare it to a stored hash
• Large computational resource requirement
Dictionary attacks
- People use common words as passwords
- You can find them in the dictionary
• If you’re using brute force, you should start with the
easy ones
• 123456, password, ninja, football
- Many common wordlists available on the ‘net
- Some are customized by language or line of work
• This will catch the low-hanging fruit
• You’ll need some smarter attacks for the smarter
people
Rainbow tables
- An optimized, pre-built set of hashes
- Doesn’t need to contain every hash
- The calculations have already been done
- Remarkable speed increase
- Especially with longer password lengths
- Need different tables for different hashing methods
- Windows is different than MySQL
- Rainbow tables won’t work with salted hashes
- Additional random value added to the original hash
Spoofing
- Pretend to be something you aren’t
- Fake web server, fake DNS server, etc.
• Email address spoofing
• The sending address of an email isn’t really the
sender
- Caller ID spoofing
- The incoming call information is completely fake
• Man-in-the-middle attacks
• The person in the middle of the conversation
pretends to be both endpoints
MAC spoofing
- Your Ethernet device has a MAC address
- A unique burned-in address
- Most drivers allow you to change this
• Changing the MAC address can be legitimate
• Internet provider expects a certain MAC address
• Certain applications require a particular MAC
address
- It might not be legitimate
- Circumvent MAC-based ACLs
- Fake-out a wireless address filter
- Very difficult to detect
- How do you know it’s not the original device?
What kind of general term is used to describe the process of securing a computer system?
Hardening
Which of the following answers refers to the contents of a rainbow table entry?
Hash/Password
Removing Malware
- Identify malware symptoms
- Quarantine infected systems
- Disable System Restore
4a. Remediate: Update anti-virus
4b. Remediate: Scan and remove - Schedule scans and run updates
- Enable System Protection
- Educate the end use
