Threats, Vulnerabilities, Mitigation 4 Flashcards

1
Q

What is a Logic Bomb?

A
  • Waits for predefined events
  • Time Bomb
  • Often Hard to recover once it goes off

Mitigation
* Formal change control
* Alerts on changes
* Constand Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a rootkit?

A

Hides itself in kernel of the OS
* Makes itself part of the OS
Can be invisible to the OS
* Does not appear in Task manager
Often invisible to traditional anti-virus

Mitigation:
* Rootkit remover tools
* Secure boot with UEFi - secures boot of system and therefore rootkit from running in kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Techniques for Physical Attacks?

A
  • Brute Force
  • RFID cloning:
  • Underlying technology for Access badges, key fobs
  • Environmental Attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is DNS Poisioning ?

A
  • Network Attack
  • Exploiting Vulnerabilities in DNS infrastructure
  • Corrupting DNS cache by injecting false data
  • Leads to mapping of Domainname to incorrect IP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Domain Hijacking?

A
  • Gain Access to Domain registration and control traffic flow

How?
* Brute Force
* Social engineer password
* Gain access to email address that manages account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Wireless Authentication Attack?

A
  • Wireless deathentication
  • Significant DoS attack
  • 802.11 frames associated to attack
  • Original Wireless Standarts had no protection for management frames: 802.11ac updates included
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Radio Frequency Jamming?

A

DoS
* Prevents Wireless communication

Deliberate Interference of Wireless communications
* transmitting signals that disrupt normal functioning of devices

Fox hunting
* Attacker needs to be close in order to interfere

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an on-path-attack?

A

Type of Attack where attacker gains access to communication path between two systems or devices allowing to intercept, modify or disrupt communication flow

  • Formerly Man-in-the-middle attack

Example: Arp Poisioning
* Attacker sends falsified ARP messages onto local IP subnet
* ARP has no security associated to it
* Attacker tries to update ARP cache of victim and of router (or other device) with his own Mac Address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an on-path browser attack?

A

Middlemen is on same computer as victim and intercepts communication between web browser and internet

  • Example: Exploiting Bank account login
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are reply attacks?

A

Attacker intercepts and reuses valid communication between two parties

Pass the Hash
* Interception of client and server communication
* Instead os letting victim send his own hashed password, attacker sends his password hash to gain access to server

Mitigation:
Salting, Encryption

Session Hijacking
* Taking over web user session by obtaining session ID and masquerading as legitimate user

How to obtain?

  • Using packetcapture to obtain Session ID from header
  • XSS
  • Modification of headers: Tamper, Firesheep, Scapy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly