Term
| What can an attacker accomplish if they take over an application? |
|
Definition
| execute commands with the access permissions of the compromised application |
|
|
Term
| gaining ___ tends to be easier through ___ than through traditionally difficult attacks on the OS |
|
Definition
|
|
Term
| What is the dominant attack vector today? |
|
Definition
| breaking in by taking over applications |
|
|
Term
| what is one of the most widespread vulnerabilities in application programs? |
|
Definition
| buffer overflow vulnerabilities |
|
|
Term
| Where do programs store information temporarily? |
|
Definition
| in a part of the RAM called buffers. |
|
|
Term
| what is a buffer overflow? |
|
Definition
| when an attacker sends a message with more bytes than a programmer had allocated for a buffer, the attacker's information will spill over into other areas of RAM |
|
|
Term
| What is a common type of buffer overflow? |
|
Definition
|
|
Term
| what does the stack entry's return address do? |
|
Definition
| points to the location in RAM that holds the address of the next command to be executed in the suspended program |
|
|
Term
| what is a buffer overflow? |
|
Definition
| if the OS writes too much information to the buffer, it will create the buffer overflow which overwrites the return address. |
|
|
Term
| what is microsoft's webserver software? |
|
Definition
| internet information server (IIS) |
|
|
Term
| Which is more total work, app or OS hardening? Why |
|
Definition
| App. There are so many applications to harden as opposed to a few OS's. |
|
|
Term
| What is the first task in security? |
|
Definition
| understand the environment to be protected. |
|
|
Term
| What is the rule of least permissions? Why is this helpful? |
|
Definition
| limit permissions to an App/user as much as possible, this includes reducing the number of apps. Only give the minimal resources/permissions possible to reduce attack vectors. |
|
|
Term
| What are the two ways to minimize the number of/attack vectors to applications ? |
|
Definition
| 1. Minimize main applications. 2. minimize subsidiary applications: these are obscure programs that start when booting the OS or are installed by default |
|
|
Term
| ___ versions of applications are usually much safer than the ___ versions |
|
Definition
|
|
Term
| one way to stymie attackers is to disregard input from anyone who hasn't been ___ |
|
Definition
|
|
Term
| instead of broad access to a computer, application authentication can be specific as possible. Give an example. |
|
Definition
| only accepting people on an ACL and giving different people permissions that are relevant only to the application. |
|
|
Term
| ___ should always be used between the user and the application |
|
Definition
| cryptographic system protections |
|
|
Term
| in regards to security, which is better commercial off the shelf or in house programming? Why? |
|
Definition
| commercial off the shelf is better. custom apps aren't built as carefully because there is less security expertise. |
|
|
Term
| what is the basic rule for all applications? |
|
Definition
|
|
Term
| what is a login screen bypass attack? |
|
Definition
| an attacker enters a URL to a page beyond the login screen once the login screen appears. |
|
|
Term
| what is cross site scripting? |
|
Definition
| one user's input can appear on the page of another user. |
|
|
Term
| if input checking isn't done, an attacker may be able to use ___ to enter a string that includes both ___ |
|
Definition
SQL injection
the requested info and another SQL query. |
|
|
Term
| what are some common flaws in web based applications |
|
Definition
improper session management
passing invalid parameters
concurrency errors |
|
|
Term
|
Definition
| extracts data directly from the database and displays it in a web broweser |
|
|
Term
|
Definition
| uses malformed statements to extract data through a different application such as email. |
|
|
Term
|
Definition
| it doesn't extract data, but information ABOUT the database by using malformed SQL statements |
|
|
Term
| what is error based inference? |
|
Definition
| used to make assumptions about the underlying database based on error messages received after a query |
|
|
Term
| what is blind SQL injection |
|
Definition
| uses a series of SQL statements that produce different responses based on true/false questions or timed responses |
|
|
Term
| what are the popular webserver programs for microsoft and LINUX/UNIX |
|
Definition
Microsoft = Internet Information Server (IIS)
LINUX/UNIX = Apache |
|
|
Term
| what is security through obscurity? does it work? |
|
Definition
creating custom software and attackers will have a difficult time hacking these programs.
no, because most programming languages produce programs that have common security failure modes that are well known |
|
|
Term
| what are the common webserver attacks? Describe them |
|
Definition
website defacement = putting up a hacker produced page instead of the normal page
buffer overflow to launch a command shell = use buffer overflow to get control of the command shell and strong system privileges.
directory traversal attack = typing in specific symbols in the URL to gain access to other directories |
|
|
Term
| what are some codes used in directory traversal attacks |
|
Definition
|
|
Term
| what are some website protections? |
|
Definition
website vulnerability assessment tools
reading website error logs
placing a webserver-specific application proxy server in front of the webserver |
|
|
Term
| what are some website vulnerability assessment tools? |
|
Definition
Nikto
paros
proxy
acunetix
rational AppScann
Whisker |
|
|
Term
| what are some common error messages that may reveal an attack. describe them |
|
Definition
500 = indicate an attacker is trying to send invalid data to the server
404 = an attacker is searching blindly for files on your website |
|
|
Term
| it is critical to control the deployment of new ___ |
|
Definition
|
|
Term
| what are the three classes of servers and their security? |
|
Definition
development server = used only for development
testing servers = developers don't have access, only testers
production = development and testers dont have access, only systems administrators. this provides a service to users |
|
|
Term
|
Definition
| consists of commands written into a webpage. when it is downloaded the script can execute automatically |
|
|
Term
| what are some types of mobile code? describe them |
|
Definition
java applets = safest because many attack related actions are disabled
active-x = it is powerful and can do almost anything on the client machine. it offers almost no protection against misuse
Scripting languages (VBScript, JavaScript)= easier to use than full programming languages but lack protections of full languages |
|
|
Term
| browsers are vulnerable to malicious links. what are these. |
|
Definition
| if a user clicks on it, an attack script in the downloaded page will execute. sometimes the script will activate even if the user doesn't click on it. |
|
|
Term
| what are some other client side attacks |
|
Definition
file reading = a java applet turns the users PC into an unwilling file server
executing a single command = a script attack that allows the attacker to execute any command on the victim PC
redirecting to unwanted pages = script that permanently changes browser setting/computer registry. Or when you make error typing in a URL you are taken to another site.
cookies= small text string that is placed on the client PC and can store data. can be retrieved later. |
|
|
Term
| what are somethings that cookies can do |
|
Definition
track where you have been at a website
relay private information |
|
|
Term
| how do you enhance browser security |
|
Definition
patching and upgrading
change browser configuration
increase privacy/security in options |
|
|
Term
| what dialog box and tab allows you to change your security settings. |
|
Definition
internet options>security.
allows you to change security for internet, intranet, trusted/restricted websites |
|
|
Term
| what is search engine poisoning |
|
Definition
| when malware distributors expend effort attempting to place their malware network sites high enough in search results of a search engine to attack victims |
|
|
Term
| what are the two types of malware attacks. describe them. |
|
Definition
fake Antivirus attack: tricks you into thinking your PC is infected and to get you to download a fix. It is actually malware.
Fake Warez/Codec attack: downloading a "free" program that is supposed to be genuine, but is malware. |
|
|
Term
| what are some dangerous content that is filtered in email. |
|
Definition
malicious code in attachment/HTML
Spam
inappropriate content: company prevents sexually/racially based harassment to avoid lawsuit.
extrusion prevention: prevents intellectual property from leaving the corporation.
PII |
|
|
Term
| How much does spam account for email today |
|
Definition
|
|
Term
| what is over filtered email. |
|
Definition
| when filtering for spam, a number of legitimate messages are rejected as spam with no warning to sender or receiver |
|
|
Term
| what do email administrators spend most of their time doing? |
|
Definition
antivirus filtering
spam filtering other security issues |
|
|
Term
| relatively few corporations have their employees ___ email for confidentiality, authenticity integrity or replay protections |
|
Definition
|
|
Term
| for SMTP transmission, what must has to be done to ensure end to end encryption |
|
Definition
use transmission encryption
recipient communicates securely with the mail server |
|
|
Term
| for message encryption, what must be done to ensure end to end security? What are some standards for this? |
|
Definition
sender encrypts the message (including the header, body and attachments)
S/MINME AND PGP |
|
|
Term
|
Definition
| it uses circles of trust. If A trusts B and B trusts C, then A trusts C. It is dangerous because of misplaced trust |
|
|
Term
| What converts a persons voice into digital bytes in VoIP |
|
Definition
|
|
Term
| what is in each packet that carries digital voice? |
|
Definition
IP header
user datagram protocol(UDP) header
RTP header
and group of voice octets |
|
|
Term
| what is Real Time Protocol (RTP) |
|
Definition
it is used to make up for two of UDPs weaknesses.
The RTP header has a sequence number so the receiver can place voice octets in order.
second, the RTP header contains a time stamp so the receiver's codec plays the sounds in the packet at the right time. |
|
|
Term
| What is the difference between transport and signaling |
|
Definition
transport is the carriage of voice between the two parties
signalling consists of communication to manage the network (dialing a number) |
|
|
Term
|
Definition
| VoIP signaling standards. older systems follow H.323, newer systems follow the Session Initiation protocol (SIP) |
|
|
Term
| what is the first aspect of signaling? |
|
Definition
| registration: phone contacts a registrar server and presents the user's credentials |
|
|
Term
| what does a SIP proxy server do? |
|
Definition
| it will allow an IP telephone to communicate to a soft telephone. It acts as a middleman by checking registration information and sends INVITE messages to the called device. If the called phone sends an OK message, then the SIP communication continues until a session is established. |
|
|
Term
| how do you establish interconnection between VoIP and PSTN |
|
Definition
| they use different codecs, transport and signaling systems. Because of this a PSTN gateway is used which translates between the different technologies. |
|
|
Term
| What are some VoIP threats? Describe them. |
|
Definition
eavesdropping: listening to a call without permission
DoS: used against phones, proxy servers, registrar servers, PSTN gateways. It can simply add latency, jitter or reduced bandwidth
Caller Impersonation: claiming to be someone they aren't
Hacking/Malware: hijacking the phone using Malware/Hacking.
Toll Fraud: breaking into a VoIP system to place long distance calls
Spam over IP telephony (SPIT) |
|
|
Term
| what is the first step in creating VoIP security? |
|
Definition
|
|
Term
| what are some aspects of VoIP security |
|
Definition
authentication
encryption for confidentiality: encrypt both transport traffic and signaling messages
Firewalls |
|
|
Term
What are some issues with using port based firewalls with VoIP.
what are the signaling ports? |
|
Definition
the issues for port based firewall filtering: firewall must allow traffic on signaling ports.
SIP = Port 5060
H.323 = Ports 1719 and 1720 |
|
|
Term
| NAT causes problems for some protocols. How does it effect VoIP? |
|
Definition
| NAT IP address and port number translation take a small amount of time that increases latency |
|
|
Term
| what are some problems with Skype? |
|
Definition
uses proprietary software and protocols that haven't been studied by security professionals
is Peer to Peer service that is almost impossible to control at the firewall because the Skype protocol is unknown and changes.
Skype's file transfer mechanism doesn't necessarily work with antivirus. |
|
|
Term
| Many IM systems only use ___ servers. What doe these do? |
|
Definition
| presence servers: allows the two parties to locate each other. after location, communication is peer to peer and servers aren't involved |
|
|
Term
| What is an IM relay server? |
|
Definition
| all messages pass through this server. can be used to filter inappropriate content |
|
|
Term
| What are some of the TCP/IP supervisory protocols? |
|
Definition
ARP
ICMP
DNS
DHCP
LDAP
RIP
OSPF
BGP
SNMP |
|
|
Term
| why are supervisory protocols favorite targets? |
|
Definition
| disruption of supervisory protocols can disrupt the operation of an entire internet |
|
|
Term
| what is the security of Simple Network Management Protocol (SNMP) V.1 |
|
Definition
|
|
Term
| what is the security of Simple Network Management Protocol (SNMP)V.3 |
|
Definition
| individual secrets shared between the manager and each managed device. offers optional confidentiality message integrity time stamps |
|
|
