Secure Computing Final Part 2

Card Set Information

Secure Computing Final Part 2
2014-12-02 21:35:55
part2 final

part 2 final exam
Show Answers:

  1. SQL Injection
    The ability to inject SQL commands into the database engine through an existing application
  2. The most common website vulnerability
    sql injection
  3. 3 classes of sql injection attacks
    • inband
    • out-of-band
    • blind
  4. inband sql injection
    data is extracted using the same channel
  5. out-of-band sql injection
    data is retrieved using a different channel
  6. blind sql injection
    • no transfer of data
    • can reconstruct the info by sending requests and observing the resulting behavior of the server.
  7. sql injection union operator
    • flaw in SELECT statement
    • combine 2 queries
  8. boolean sql injection
    • using in blind sql injection attacks
    • determine if conditions are true or false
  9. time delay sql injection technique
    • used in blind sql injection atacks
    • deleys answers in conditional queries
  10. 5 ways to defend against input validation
    • proper input validation 
    • use bound statements
    • enforce best programming practices
    • harden servers
    • harden 3rd party applications
  11. input validation
    • validate user input with regex
    • sanitize user input 
    • use with parameterized queries
  12. what is a session?
    a lasting connection between a user and a server
  13. why do we need sessions?
    http is a stateless protocol and web applications need a state to identify individual users
  14. most common method to track sessions
  15. 2 session hijacking levels
    • network level hijacking
    • application level hijacking
  16. network level hijacking
    interceptions of packets between the victim and server
  17. application level hijacking
    gaining control of the HTTP session by obtaining the session ID
  18. session spoofing
    • only attacker and server need to be online
    • attacker pretending to be victim while the victim is offline
  19. session replay
    attacker captures packets then sends them to the server at a later time
  20. session sidejacking
    attack takes over the IP session and changes the TCP sequence numbers
  21. session fixation
    takes advantage of web applications that use auto-generated sessions / tokens
  22. protect from sidejacking
    • using secure sockets layer for all communications
    • encrypting session and cookies data
  23. protect from session fixiation
    • forcing re-authentication or step-up authentication
    • use secondary checks for sessions
  24. 4 ways to regex can be put between
    • /regex/
    • |regex| - not recomended
    • #regex# - not recomended
    • ~regex~
  25. explode vs list vs implode
    • explode - splits a string by string (explode(",", $pizza)
    • list - assigns a list of variables to 1 operation
    • implode - join array of elements with a string
  26. A4 - Insecure Direct Object References
    when a developer exposes a reference to a file
  27. what makes a cipher computationally secure?
    • the cost of breaking the cipher exceeds the value of info
    • the time required to break the cipher exceeds the lifetime of information
  28. crypanalysis
    • the study of ciphers with a view of finding weaknesses in them
    • get the plaintext from the ciphertext
    • get the secret key
  29. kerkhoff's principle
    knows all details about a cryptosystem except the secret key
  30. symmetric cipher vs asymmetric cipher
    • sc - a single key, used for both encryption and decryption
    • ac - different keys used for both
  31. block cipher vs stream cipher
    • bc - encrypts a block of plaintext at a time
    • sc - encrypts data 1 bit at a time
  32. confusion vs diffusion
    • confusion - cannot predict what will happen to the ciphertext
    • diffusion - info from single plaintext is distributed over the entire ciphertext
  33. confusion cipher example
    • substitution cipher
    • invented by Julius Caesar
    • each letter replaced by the letter three positions further
  34. block algorithms
    encrypt and decrypt data in groups of 64 bits
  35. DES
    • Data Encryption Standard
    • used 56-bit key with 8 bits reserved
    • 2^56 keys
    • use for short-lived sessions not for modern apps that rely on security
  36. 2DES
    • 2 encryption stages and 2 keys
    • simplest form
  37. 3DES
    3 encryption stages and 1,2 or 3 keys
  38. AES
    • iterative cipher
    • process data 4 columns of 4 bytes
  39. RC4
    • most popular stream cipher
    • faster than DES
  40. hash(m)
    take message m and produce a smaller number or string
  41. cryptography key distribution
    secure communication without having to trust someone with your key
  42. cryptography digital signatures
    verify that message comes intact from claimed sender
  43. steps to confidentiality public key cryptography
    • alice encrypts message with bob's public key
    • message is sent
    • bob decrypts message with bob's private key
  44. steps to authentication public key cryptography
    • alice encrypts message with alice's public key
    • message is sent
    • bob decrypts message with alice's private key
  45. digital signature
    used to authenticate both the origin and content of a message
  46. digital certificates
    electronic document attached to a public key by a trusted third party
  47. PKC
    • public key certificate
    • used to authenticate and setup secure communications
  48. session concept
    • session created by handshake protocol
    • carries out multiple connections
  49. connection concept
    state defined by random numbers, secret keys and encryption
  50. 3 steps to passwords
    • authentication
    • authorization
    • accounting
  51. Rihndael
    • block cipher
    • encrypted output will always be a multiple of 16 bytes
    • cipher block chaining
    • operates one block to the next and utilized the output from the previous block
    • key + lastblock + currentblock = ciphertext
  53. initialization vector
    an input to a cryptographic function that is required to be random