Week 10/11 Flashcards
What are the three meanings of security?
Protection and authentication (think identification of users and access levels)
• System Integrity (Only allow authorized users and don’t allow others to execute code)
• Information Security (Attacks on databases, attacks on medical records (SAD!))
What are the 4 security levels?
- Physical (BIOS, who has access to the drives, key loggers (can be software or hardware))
- Human (Social Engineering through fake patch updates and phishing)
- Network (DDOS, put password timeouts and protect against smurf/zombie attacks)
- OS (Hardware protection for OS)
What are Buffer Overflow attacks
Writing binary into buffer, ending with return address and points into the buffer
• Subroutine returns into the stack
What is a protection against stack overflows?
- Random value put on stack before local variables, this means that the variable doesn’t get returned because of an attack
- Checked before the pointer returns and if it is not the same then the OS knows that there is an overflow attack!
Two networking attack methods
• Sends Address resolution protocols over a LAN. Links a MAC address of an attacker to a valid users IP. Allows for a man in the middle attack between two servers. Protect up logging MAC addresses and not using all replies
• Eavesdropping using WEP or ARP poisoning or MAC flooding
◦ Can also use FTP or TELNET unencrypted protocols
◦ Or SSH,SFTP encrypted protocols
What is Smurfing
A malware infected computer has a network packet with a fake IP. It has a ICMP ping message, asks network nodes that receive the packet to send a reply. The echoes are sent back to network IP addresses again, setting up for a DDOS
What is a Trojan Horse
Program that is installed for something, but really does something different
What is a Back door
Hole left by programmer, hard coded account numbers or logins for example.
What is a Global overflow
when a global variable is overflowed and releases the other data in the buffer
What is a Buffer overflow in the heap
Having a chunk of memory that is allocated to the heap, the memory overflows the heap and data is written without any bound checking. This leads to data being overwritten that the stack needs to have for operation
What are two possible program threats (Race Conditions and checking parameters)
◦ Race conditions
▸ Programs make security checks before doing things, then the thing is done. The issue is that an attacker can switch out the code in between those tasks.
◦ Checking parameters
▸ Making sure you aren’t executing anything fishy. SQL attacks and webform things. Putting SQL code in a user box is an issue.
Viruses vs worms
Virus needs a human action, worm contains code to attack the next machine without user interaction
What’s a metamorphic virus/worm
A rewrite of a code that changes a few registers or constants to withstand signature changes
