Threats, Vulnerabilities, Mitigation 3 Flashcards

1
Q

What is EOL / EOSL?

A

End of Life
* Manufacturer stops selling product
* May continue supporting the product

End of Service Life
* Manufacturer stops selling product
* Support no linger available for products
* no ongoing patches / updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are VM vulnerabilites?

A

Protection of virtualized environments
* VM´s, Virtual Networks, Cloud Infrastructures

Virtualization Vulnerabilities:
* Local Priviliege Escalation
* Command Injection
* Information Disclosure

Hypervisor:
* Manages Relationship between physical and virtual resource
* RAM, storage space, CPU availability

Resource use
* Resources like memory can be reused between VM´s
* Data can be shared between VM´s due to simultanious use of RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are cloud specific Attacks?

A
  • DoS
  • Authentication Bypass
  • Directory Traversal
  • Remote Code Execution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are cloud application Attacks?

A
  • Increase of web application attacks
    Log4j and Spring Cloud Function
  • XSS
  • Out of Bounds write
    Write to unauthorized Memory areas
    Data corruption, crashing or code execution
  • SQL Injection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Misconfiguration Vulnerabilities?

A
  • Open / unsecure Permissions leaving Data exposed
  • Unsecured Admin Accounts
  • Use of Insecure Protocols
  • Unencrypted: FTP, SMTP, IMAP, Telnet
  • Unchanged Default settings
  • Services leave ports open
  • Firewall misconfigured
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain Mobile Device Security risks

A

Jailbreaking / Rooting
* Gaining Access to OS of device
* IOS - jailbreaking
* Android - Rooting
* Installation of custom Firmware

Sideloading
* Installing or running application on a device from sources other then official app store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What categories of Malware are there?

A
  • Viruses
  • Worms
  • Trojan Horses
  • Rootkit
  • Spyware
  • Bloatware
  • Logic Bomb
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Virus and what Types are there?

A
  • Malware that reproduces itself
  • Reproduction through file system or network
  • Spread by running programm

Program Virus
Part of The Application

Boot sector Virus
Infects master boot record or boot sector of mostly Hard Drive

Script Virus
OS / Browser based

Macro Viruses
Common in Microsoft Office
Macros: Set of commands that automate tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Fileless Virus?

A

Stealth Attack
* Avoids often Anti-Virus

Operates in Memory
* Never installed in file or application

Often adds Auto start to registry to restart once system is rebooted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a worm?

A
  • Self-replicates itself without intervention
  • Uses Network as transmission medium
  • Self-propagates and spreads quickly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Bloatware?

A
  • Apps installed by manufacturer
  • Use valuable space and could be entry for attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly