Vulnerabilities Flashcards
What is a threat?
A circumstance that has the potential to cause harm
What is an exploit?
An activity that takes advantage of a vulnerability.
What is malware?
Malicious software that encodes and exploit
What is an attack?
A vector - mechanism or entry route for an exploit
Why are international standards applied to systems?
Used to prove that risks have been accounted for and attempts to mitigate them have been made
COVER YOUR ASS
What factors are taken into account in risk analysis?
Subject: Person or process
Object: The what, data, file, process
Mode: Way of access/exploiting
Policy: The how who/what/how and possibly when
What forms can threats come in?
Malicious or non-malicious
Huiman or bot
Directed or random
What are the four kinds of threats?
Interception
Interruption
Fabrication
Modification
How can threats be reduced?
Multi-level authentication Principle of least privilege Fail securely Use of security policies Adherence of standards Continuous risk assessment
What is a virus?
Program that infects other programs or files, often also has a replication mechanism
Contains payload which can make changes to the user’s system, create backdoors or leak data
What is a trojan virus?
Virus that poses as a legitimate application but is indeed a virus
what is a logic bomb?
Virus that waits for a trigger, such as opening a file, at which point it violates a security policy
What is a worm virus?
Virus that replicates and spread through a network
What is a rabbit virus?
A virus that multiplies rapidly to fill up system resources ie IP tables, Ports
What is a botnet?
A network in which a virus has allowed for a large number of connected devices to be controlled.
What was the code red virus?
2001, exploited buffer overflow on IIS web servers to DoS the white house and create a backdoor
What was the mydoom virus?
Affected 250,000 systems in a day
Files attached to infected messages which, once opened, created a TCP connection and caused a DDoS.
What was the storm virus?
2007, spread by using headlines of articles. Created a backdoor and a P2P botnet that shared list of hosts.
What is a boot sector infector?
Loads programs on boot by changing the config of a bootloader
What is an executable infector?
Virus code inserted into a program that is executed propr to the execution of the actual code
What is a TSR virus?
Stay in memory after the application has been exited. These can execute at random times and interfere with signal interrupts
What is adware?
Advertisement virus that causes popups, and sometimes come with keyloggers and spyware
What is spyware?
Monitor keystrokes and internet usage, privacy-invasive.
What is spam?
Unsolicited and unprecedented amount of Email, IM and other post methods of communication
What was the Marai botnet and how was it used?
Marai botnet infected IoT devices and used them to create point-to-point connections between the devices and the DYN systems.
Largest ever DOS attack on the Dyn servers that host a large amount of the world’s traffic.
Height of attack seen traffic of 620Gbps to the servers.
What was the wannacry virus?
Exploit that took advantage of old windows installations. Encrypted the filetable and demanded payment for the decryption of the files and file table.
Massively impacted NHS trusts.
Spread ended when another hacker registered a domain that was used as a killswitch by the virus once calls could be made to it.
