Web Security Risks Flashcards

1
Q

Virus

A

malicious piece of software (malware) that inserts malicious code into a program and then continues to spread itself using a variety of methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Trojan Horse

A

Malware attack that disguises itself as something innocent such as computer game, or YouTube search results page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Spam

A

makes up 70-84% of daily emails sent throughout the world.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Phishing

A

Spam emails designed to trick recipients into clicking a link to an insecure website; typically executed to steal account information for e-commerce sites

Phishers usually part of a larger crime organization (Russian mafia). Phisher pays someone who contraols a fleet of zombies to send out the phishing attack from zombie PCs. Phisher compiles a large list of bank accounts, credit card info, and similar info from phishing attack. Phisher frequently sells account info in bulk to intermediary, who then sells individual accounts to anyone who wants them. Person who buys the accounts can use them to empty bank accounts and participate in identity theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Packet Sniffers

A

Capture data streams over a network, allowing for the capture of sensitive data like usernames, passwords and credit card numbers

When you make contact with the Internet, data is sent in slices to keep performance of Internet high. Slices = packets; sniffer allows people to see these packets that are being sent or received.

Packet sniffers only work when they are on the same network on which the data is travelling to. Once it has the data, the sniffer can relay the info to different networks via honeypots.

information is sent from sniffer to a database where all the info is stored. can create reports out of the database such as site visits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Password Attacks (Types)

A

Brute-force- guess password by repeatedly entering new combination of words and phrases compiled from dictionary

Packet sniffers

IP-spoofing- similar to honeypots, involves interception of data packets by computer successfully pretending to be a trusted server/resource

Trojans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Internet passports

A

variety of technologies and standards that let people control which information about themselves they allow released to websites and how that information can be used

lives inside a web browser. user filles out profile in the browser determining what info can be made available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

buffer overflow attack (browser attack)

A

buffer= area of memory allocated for a certain function.

In a buffer overflow attack, the hacker writes code that downloads from a website and floods a specific area of memory with so much data that it overflows into a nearby area of memory.

The data that flows into a nearby area of memory contains malicious code, and that code can bypass normal security functions because of a flaw in the browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Zombie Computers & Botnets

A

Zombie computer- computer infected with malware that causes it to act as a tool of a spammer by silently sending out thousands of emails from the owner’s email address. Typically a single person controls a zombie network of infected computers

Infected zombie computers are organized by spammers into small groups called botnets which can send out spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Spyware

A

Employs a user’s Internet connection in background without their knowledge and gathers/transmits info on that user or their behaviors

Used to make cash- (pop up ads, phishing)

Spywhere “phones home” at regular intervals to report to the spyware website on what sites you have been visiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Directory Traversal & Browsing

A

method used by hacker to access sensitive data held on a web server where your web site is installed. Filtering HTTP data requests to the server is the best prevention of directory traversal attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Server Side Scripts

A

Important to validate forms and use good coding practices and standards to avoid holes in your code which can be exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SQL Injection

A

SQL is way to enter, modify, and retrieve information from a database. Information that is stored can be vulnerable to SQL injection which breaches the database security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cross Site Scripting

A

Technique used to gather personal information or run malicious code while a user is using their web browser. This is the majority of hacking attempts. Data is usually gathered in the form of a hyperlink which contains malicious content within it. User will click the link from another website, IM, or reading a web board or email message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Active X

A

Used by Microsoft IE on Windows systems, allows applications or parts of applications to be utilized by web browser. Web page can use ActiveX components that may already reside on a Windows system, or a site may provide the component as a downloadable object. Gives extra functionality to web browsing but increases vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Java Security Issues

A

Java Virtual Machine (applet) is used to execute Java code provided by the web site. Soem operating systems come with a JVM, while others require a JVM to be installed before Java can be used; Java applets are operating system independent

Java applets usually execute within a “sandbox” where the interaction with the rest of the system is limited. However, various implementations of JVM contains vulnerabilities that allow an applet to bypass these restrictions

17
Q

Plugins

A

apps intended for use in the web browser (ie: Adobe Flash). Can contain programming flaws such as buffer overflows

18
Q

Cookies

A

Files placed on your system to store data for specific web sites. can contain any info that a website is designed to place in it. May contain information about the sites you visited, or credentials for accessing the site.

When visiting a site, CGI script on the server takes the information the user has entered and then writes the cookie onto the hard disk. When you leave a site, your cookie info remains on hard disk so site can recognize you next tiem you decide to visit (unless cookie has been written to expire when you leave)

If website uses cookies for authentication, then an attacker may be able to acquire unauthorized access to that site by obtaining the cookie. Persistent cookies higher risk than session cookies because they remain on the computer longer

19
Q

web bugs

A

piece of HTML code placed on web pages or in email messages, used to trace people’s pathes through a website. “wiretap”- can be included in email, and can enable people to view some of your email

small piece of Java Script that has capability to read the entire contents of an email message

20
Q

Firewall

A

Protects the ports on which computers use to communicate and offers Intrusion protection

21
Q

corporate firewalls

A

hardware and software combinations that are built using routers, servers, and a variety of software; sit at the most vulnerable point between a corporate network and the Internet, can be as simple or complex as system administrators want to build them

22
Q

proxy servers

A

commonly used in firewalls. Server software that runs on a host in a firewall, such as a bastion host. Because only the single proxy server (instead of many individual computers on the network) interacts with the Internet, security can be maintained. Single server can be kept more secure than hundereds of individual computers on a network

proxy servers can be used as a way to log the Internet traffic between an internal corporate network and the Internet

can be used to speed up performance of some Internet services by caching data- keeping copies of the requested data

23
Q

Personal firewall

A

Personal firewalls are software that runs on the computer and protects computer against Internet attacks. Data packets come in through Internet ports (virtual entrance between your comp & Internet)

Personal firewalls examine data packets your computer receives and can filter out packets being sent to certain ports

24
Q

war driver

A

people drive through areas of cities and suburbs known for having WiFi networks searching for unprotected networks they can break into

use program like NetStumbler to search for unsecured Wifi network. Once the war driver connects to network, has same access rights as any other user, so can use all the network’s resources and data. If he is a hacker, he can also try to take control of the network or damage it

25
Q

“Evil Twin” Hacks

A

hacker creates a twin of an existing hot spot to lure people into logging into his hot spot rather than the real thing.

Hacker finds a popular hot spot and finds its SSID (network name), then sets up duplicate hot spot that has same SSID as real thing. Adds extra strength to his signal so that when someone automatically connects to a hot spot, will automatically connect to his

May set up phony login screen asking for payment info

26
Q

MAC address

A

a unique number that identifies a network device. By allowing only certain MAC addresses on to the network, hackers can be blocked.

27
Q

Honeypot

A

honeypot creates mutliple false SSIDs w/ only one true SSID among the many false ones, and hackers cannot find the real SSID to hack into the network

unsecured wifi access points that hackers setup and trap people into using them

28
Q

v-marker/ virus marker

A

messages placed by viruses inside programs they infect, helps manage the viruses’ activities. Each virus has a specific v-marker associated with it. If a virus encounters oneof these markers in another program, knows that the program is already infected so doesn’t replicate itself there

29
Q

scanners

A

software programs that check for viruses and alert you to virus presence.

check for v-markers, or check to see whether a program’s file size have changed

30
Q

eradication programs

A

disinfect or remove viruses from software

31
Q

worms

A

programs designed to infect networks such as Internet. travel from networked computer to network computer and replicate themselves along the way

when document w/ worm is opened, macro ran without user knowing it (macro- set of automated commands, slimiar to a program)

32
Q

anti-spyware

A

scans a system in search of bits of code called signatures that are telltale signs of spyware infection and looks for suspicious behavior

compares signature to database of signatures (signature base), when identified, deletes the spyware.

also includes real time protection- won’t allow spyware to be installed or hijack to take place

33
Q

DOS/DDOS

A

Denial of Service or Distrbuted Denial of Service- hacker incapacitates a network by flooding it with extraneous traffic.

Done via smurf attack

34
Q

smurf attack

A

hacker floods the ISP with so many garbage packets that all the ISP’s available bandwidth is used up. hacker exploits PING (Pocket Internet Groper)

  1. hacker sends ping to a network attached to Internet. Network being pinged is not the target of the attack. Instead, it will be used as a way to attack the ISP
  2. Hacker forges the return address on the ping packets. Instead of having his address, puts the address of the ISP the hacker will be attacking
  3. Ping requests are sent in a constant stream to the networks directed broadcast address. This address in turn sends the ping requests to every computer attached to the network.
  4. Each of those computers responds w/ answer packets to target ISP whose address is on the ping request.
  5. ISP flooded with ping answer packets
  6. ISP is flooded with so much data that the ISP’s users can’t send/receive data because ping packets take up all the ISP’s bandwidth
35
Q

Ping

A

Pocket Internet Groper

People use ping to see whether a particular computer or server is currently attached to the Internet and working. When comp/server is sent a ping packet, sends a return packet to the person who sent the ping, saying, “Yes I am alive and attached to Internet”

36
Q

How Hackers attack your computer

A

Software called SubSeven which you can unwittingly get a copy of onto your computer. Hacker sends out port probes- packets that look at specific virtual ports that are open. SubSeven is 27374, tells hacker the port is open