Week 9 - MiM Attack & DDoS

Question 1

What is a web app?

Answer 1

An application that runs in a web browser and require an active network connection.

Question 2

What layer does client side and server side interact?

Answer 2

Application Layer.

Question 3

What is HTTP?

Answer 3

Hypertext Transfer Protocol is used to communicate between client and server.

Question 4

True or False. HTTP is not stateless?

Answer 4

False. HTTP is stateless.

Question 5

How many HTTP methods are there?

Answer 5

6. GET, POST, HEAD, OPTIONS, PUT, PATCH.

Question 6

What is URL?

Answer 6

Uniform Resource Location.
Structure: protocol://hostname[:port]/[path/]file[?param=value]
Example: https://staffportal.curtin.edu.au/wplogin.php?foo=ba

Question 7

What is a cookie?

Answer 7

Short-lived storage on the client, it is a way to maintain a state. This means authentication can exist (stateful).

Question 8

List a few advantages of cookies.

Answer 8

User friendly
Convenience
Marketing
Configurations
Server Requirements
Availability

Question 9

What is a proxy server?

Answer 9

A system or router that provides a gateway between users and the web app/servers.

Question 10

List a couple of advantages of a proxy server.

Answer 10

+ Balance internet traffic to prevent crashes.
+ Control the website employees and staff access in the office.
+ Save bandwidth by caching files or compressing incoming traffic.
+ Secure employees’ internet activity from people trying to snoop on them.

Question 11

What is a Man-in-the-Middle Attack (MIM Attack)?

Answer 11

Involves a compromised proxy that an attacker gains control over and sits between a client and a target server.

Question 12

What can happen with a MIM attack?

Answer 12

Attack can intercept, modify, or eavesdrop on the communication between the client and the target server, potentially leading to various security and privacy issues.

Question 13

How to mitigate a proxy attack?

Answer 13

Use HTTPS. HTTP over TLS/SSL to encrypt normal HTTP requests and responses.

Question 14

Can Burp Suite intercept HTTPS?

Answer 14

Yes, but TLS-encrypted traffic must be decrypted. This can occur if burp has private key or certificate access.

Question 15

What is a Denial of Service attack (DoS)?

Answer 15

A single attack using his own computer and network to flood the victim’s server in order to shut down the target service.

Question 16

What is the key difference between DoS and DDoS?

Answer 16

DDoS leverages a group of remote systems that are compromised and under the attacker’s control (botnet) to perform a denial of service.

Question 17

List three types of DoS attacks.

Answer 17

1. Volume-based Dos Attack
   - Flood target with enormous amount of server bandwidth (100GpS). Targeting the server’s bandwidth.
2. Protocol-based DoS Attack
   - Targeting the vulnerability in the OSI model layer 3 or layer 4 weaknesses. Protocol based attacks fill the server resources, so there is no place to store the upcoming requests.
3. Application-based DoS Attack
   - Targeting the top layer in the OSI model, layer 7 (stealthy).

Question 18

How to mitigate a DoS Attack?

Answer 18

+ Traffic filtering and rate limiting
* Block suspicious traffic & limit requests
+ Intrusion Detection & Prevention Systems (IDS/IPS)
* Block suspicious traffic patterns.
+ Monitoring and Logging
* Log system to detect unusual traffic patterns