Web Security Risks

Question 1

Virus

Answer 1

malicious piece of software (malware) that inserts malicious code into a program and then continues to spread itself using a variety of methods

Question 2

Trojan Horse

Answer 2

Malware attack that disguises itself as something innocent such as computer game, or YouTube search results page

Question 3

Spam

Answer 3

makes up 70-84% of daily emails sent throughout the world.

Question 4

Phishing

Answer 4

Spam emails designed to trick recipients into clicking a link to an insecure website; typically executed to steal account information for e-commerce sites

Phishers usually part of a larger crime organization (Russian mafia). Phisher pays someone who contraols a fleet of zombies to send out the phishing attack from zombie PCs. Phisher compiles a large list of bank accounts, credit card info, and similar info from phishing attack. Phisher frequently sells account info in bulk to intermediary, who then sells individual accounts to anyone who wants them. Person who buys the accounts can use them to empty bank accounts and participate in identity theft

Question 5

Packet Sniffers

Answer 5

Capture data streams over a network, allowing for the capture of sensitive data like usernames, passwords and credit card numbers

When you make contact with the Internet, data is sent in slices to keep performance of Internet high. Slices = packets; sniffer allows people to see these packets that are being sent or received.

Packet sniffers only work when they are on the same network on which the data is travelling to. Once it has the data, the sniffer can relay the info to different networks via honeypots.

information is sent from sniffer to a database where all the info is stored. can create reports out of the database such as site visits

Question 6

Password Attacks (Types)

Answer 6

Brute-force- guess password by repeatedly entering new combination of words and phrases compiled from dictionary

Packet sniffers

IP-spoofing- similar to honeypots, involves interception of data packets by computer successfully pretending to be a trusted server/resource

Trojans

Question 7

Internet passports

Answer 7

variety of technologies and standards that let people control which information about themselves they allow released to websites and how that information can be used

lives inside a web browser. user filles out profile in the browser determining what info can be made available

Question 8

buffer overflow attack (browser attack)

Answer 8

buffer= area of memory allocated for a certain function.

In a buffer overflow attack, the hacker writes code that downloads from a website and floods a specific area of memory with so much data that it overflows into a nearby area of memory.

The data that flows into a nearby area of memory contains malicious code, and that code can bypass normal security functions because of a flaw in the browser.

Question 9

Zombie Computers & Botnets

Answer 9

Zombie computer- computer infected with malware that causes it to act as a tool of a spammer by silently sending out thousands of emails from the owner’s email address. Typically a single person controls a zombie network of infected computers

Infected zombie computers are organized by spammers into small groups called botnets which can send out spam

Question 10

Spyware

Answer 10

Employs a user’s Internet connection in background without their knowledge and gathers/transmits info on that user or their behaviors

Used to make cash- (pop up ads, phishing)

Spywhere “phones home” at regular intervals to report to the spyware website on what sites you have been visiting

Question 11

Directory Traversal & Browsing

Answer 11

method used by hacker to access sensitive data held on a web server where your web site is installed. Filtering HTTP data requests to the server is the best prevention of directory traversal attacks

Question 12

Server Side Scripts

Answer 12

Important to validate forms and use good coding practices and standards to avoid holes in your code which can be exploited

Question 13

SQL Injection

Answer 13

SQL is way to enter, modify, and retrieve information from a database. Information that is stored can be vulnerable to SQL injection which breaches the database security.

Question 14

Cross Site Scripting

Answer 14

Technique used to gather personal information or run malicious code while a user is using their web browser. This is the majority of hacking attempts. Data is usually gathered in the form of a hyperlink which contains malicious content within it. User will click the link from another website, IM, or reading a web board or email message.

Question 15

Active X

Answer 15

Used by Microsoft IE on Windows systems, allows applications or parts of applications to be utilized by web browser. Web page can use ActiveX components that may already reside on a Windows system, or a site may provide the component as a downloadable object. Gives extra functionality to web browsing but increases vulnerability

Question 16

Java Security Issues

Answer 16

Java Virtual Machine (applet) is used to execute Java code provided by the web site. Soem operating systems come with a JVM, while others require a JVM to be installed before Java can be used; Java applets are operating system independent

Java applets usually execute within a “sandbox” where the interaction with the rest of the system is limited. However, various implementations of JVM contains vulnerabilities that allow an applet to bypass these restrictions

Question 17

Plugins

Answer 17

apps intended for use in the web browser (ie: Adobe Flash). Can contain programming flaws such as buffer overflows

Question 18

Cookies

Answer 18

Files placed on your system to store data for specific web sites. can contain any info that a website is designed to place in it. May contain information about the sites you visited, or credentials for accessing the site.

When visiting a site, CGI script on the server takes the information the user has entered and then writes the cookie onto the hard disk. When you leave a site, your cookie info remains on hard disk so site can recognize you next tiem you decide to visit (unless cookie has been written to expire when you leave)

If website uses cookies for authentication, then an attacker may be able to acquire unauthorized access to that site by obtaining the cookie. Persistent cookies higher risk than session cookies because they remain on the computer longer

Question 19

web bugs

Answer 19

piece of HTML code placed on web pages or in email messages, used to trace people’s pathes through a website. “wiretap”- can be included in email, and can enable people to view some of your email

small piece of Java Script that has capability to read the entire contents of an email message

Question 20

Firewall

Answer 20

Protects the ports on which computers use to communicate and offers Intrusion protection

Question 21

corporate firewalls

Answer 21

hardware and software combinations that are built using routers, servers, and a variety of software; sit at the most vulnerable point between a corporate network and the Internet, can be as simple or complex as system administrators want to build them

Question 22

proxy servers

Answer 22

commonly used in firewalls. Server software that runs on a host in a firewall, such as a bastion host. Because only the single proxy server (instead of many individual computers on the network) interacts with the Internet, security can be maintained. Single server can be kept more secure than hundereds of individual computers on a network

proxy servers can be used as a way to log the Internet traffic between an internal corporate network and the Internet

can be used to speed up performance of some Internet services by caching data- keeping copies of the requested data

Question 23

Personal firewall

Answer 23

Personal firewalls are software that runs on the computer and protects computer against Internet attacks. Data packets come in through Internet ports (virtual entrance between your comp & Internet)

Personal firewalls examine data packets your computer receives and can filter out packets being sent to certain ports

Question 24

war driver

Answer 24

people drive through areas of cities and suburbs known for having WiFi networks searching for unprotected networks they can break into

use program like NetStumbler to search for unsecured Wifi network. Once the war driver connects to network, has same access rights as any other user, so can use all the network’s resources and data. If he is a hacker, he can also try to take control of the network or damage it

Question 25

“Evil Twin” Hacks

Answer 25

hacker creates a twin of an existing hot spot to lure people into logging into his hot spot rather than the real thing.

Hacker finds a popular hot spot and finds its SSID (network name), then sets up duplicate hot spot that has same SSID as real thing. Adds extra strength to his signal so that when someone automatically connects to a hot spot, will automatically connect to his

May set up phony login screen asking for payment info

Question 26

MAC address

Answer 26

a unique number that identifies a network device. By allowing only certain MAC addresses on to the network, hackers can be blocked.

Question 27

Honeypot

Answer 27

honeypot creates mutliple false SSIDs w/ only one true SSID among the many false ones, and hackers cannot find the real SSID to hack into the network

unsecured wifi access points that hackers setup and trap people into using them

Question 28

v-marker/ virus marker

Answer 28

messages placed by viruses inside programs they infect, helps manage the viruses’ activities. Each virus has a specific v-marker associated with it. If a virus encounters oneof these markers in another program, knows that the program is already infected so doesn’t replicate itself there

Question 29

scanners

Answer 29

software programs that check for viruses and alert you to virus presence.

check for v-markers, or check to see whether a program’s file size have changed

Question 30

eradication programs

Answer 30

disinfect or remove viruses from software

Question 31

worms

Answer 31

programs designed to infect networks such as Internet. travel from networked computer to network computer and replicate themselves along the way

when document w/ worm is opened, macro ran without user knowing it (macro- set of automated commands, slimiar to a program)

Question 32

anti-spyware

Answer 32

scans a system in search of bits of code called signatures that are telltale signs of spyware infection and looks for suspicious behavior

compares signature to database of signatures (signature base), when identified, deletes the spyware.

also includes real time protection- won’t allow spyware to be installed or hijack to take place

Question 33

DOS/DDOS

Answer 33

Denial of Service or Distrbuted Denial of Service- hacker incapacitates a network by flooding it with extraneous traffic.

Done via smurf attack

Question 34

smurf attack

Answer 34

hacker floods the ISP with so many garbage packets that all the ISP’s available bandwidth is used up. hacker exploits PING (Pocket Internet Groper)

1. hacker sends ping to a network attached to Internet. Network being pinged is not the target of the attack. Instead, it will be used as a way to attack the ISP
2. Hacker forges the return address on the ping packets. Instead of having his address, puts the address of the ISP the hacker will be attacking
3. Ping requests are sent in a constant stream to the networks directed broadcast address. This address in turn sends the ping requests to every computer attached to the network.
4. Each of those computers responds w/ answer packets to target ISP whose address is on the ping request.
5. ISP flooded with ping answer packets
6. ISP is flooded with so much data that the ISP’s users can’t send/receive data because ping packets take up all the ISP’s bandwidth

Question 35

Ping

Answer 35

Pocket Internet Groper

People use ping to see whether a particular computer or server is currently attached to the Internet and working. When comp/server is sent a ping packet, sends a return packet to the person who sent the ping, saying, “Yes I am alive and attached to Internet”

Question 36

How Hackers attack your computer

Answer 36

Software called SubSeven which you can unwittingly get a copy of onto your computer. Hacker sends out port probes- packets that look at specific virtual ports that are open. SubSeven is 27374, tells hacker the port is open