Security Chapter 2 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Social Engineering Attack
answer
is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
question
Spoofing
answer
This is a human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment. Spoofing can occure in Internet Protocol (IP) addresses, network adapter hardware (Media Access Control (MAC) addresses, and emails. If employed in email, various email meddage headers are changed to conceal the originator's identity
question
Impersonation
answer
this is a human-based attack where an attacker pretends to be someone they are not. A common scenario is when the attacker calls an employee and pretends to be calling from the help desk. The attacker tells the employee he is reprogramming the order-entry database, and he need the employee's user anem and password to make sure it gets entered into the new system.
question
Hoax
answer
This is an email-based or web-based attack that is intended to trick the user into performing undesired actions, suck as deleting important system files in an attempt to remove a virus. It could also be a scam to convinces users to give up important information or money for an interesting offer.
question
Phishing
answer
attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1][2] The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.[6] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Many websites have now created secondary tools for applications, like maps for games, but they should be clearly marked as to who wrote them, and users should not use the same passwords anywhere on the internet
question
Vishing
answer
This is a human based attack where the goal is to extract personal, finanical or confidential information from the victim by using services such as the telephone system and IP-based voice messaging services (Voice over internet protocol VoIP) as the communication medium. This is also called voice phishing. Vishing can be more effective then phishing because of the trust that people tent to place in others they can speak to in real time. In addition, users may be too used to traditional telecommunications to know that VoIP identity can be much more easily spoofed due to the open nature of the Internet.
question
Whaling
answer
This is a form of spear phishing that targets individuals or organizations that are known to posses a good deal of wealth. whaling targets individuals who work in fortune 500 companies or financial institutions whose salaries are expected to he high.
question
URL Hijacking
answer
Also called typo squatting, this is a tactic of exploiting typos that users sometimes make when entering a URL into a browser. URL that are misspelled (correct way www.comptia.com, URL Hijacking www.comtpia.com) it will mimic the real website or contain malicious software that will infect the victim's computers
question
Spam and Spim
answer
Spam is an email based threat where the user's inbox is flooded with email which act as vehicles that carry advertising material for products or promotions for get rich quick schemes and can sometimes deliver viruses or malware. Spam can also be utilized within social networking sites such as Facebook and Twitter. Spim is an attack similar to spam that is propagated through instant messaging (IM) instead of through email.
question
Shoulder Surfing
answer
This is an attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN.
question
Dumpster diving
answer
This is an attack where the goal is to reclaim important information by inspecting the contents of trash containers. This is especially effective in the first few weeks of the year as users discard old calendars with passwords written in them.
question
Tailgating
answer
Also know as piggy backing, this is a human-based attack where the attacker will slip in through a secure area following a legitimate employee. The only way to prevent this type of attack is by installing a good access control mechanism and to educate users not to admit unauthorized personnel.
question
VoIP
answer
a technology that enables you to deliver telephony information over IP network. Voice information that is sent over the IP network in digital form in packets, as compared to the implementation on the Public switched Telephone Network (PSTN )
question
Hackers
answer
was a neutral term for a used who excelled at computer programming and computer system administrator.
question
Attacker
answer
us a term that always represents a malicious system intruder.
question
White Hat
answer
hacker who discovers and exposes security flaws in applications and operating system so that manufacturers can fix them before they become widespread problems. Professional basis. Working for security organization or a system manufacturer. Ethical hack.
question
Black hat
answer
is a hacker who discovers and exposes security vulnerabilities for financial gain or for some malicious purpose. not break directly into systems they way attackers do, widely publicizing security flaws can potentially cause financial or other damage to an organization.
question
Malicious insider
answer
a threat originating from an employee in an organization who performs malicious acts, such as deleting critical information or sharing this critical information with outsiders, which may result in a certain amount of losses to the organization. Internal attackers might be fueled by some kind of resentment against the organization, in which case their goal might be to get revenge by simply causing damage or disrupting system.
question
Electronic Activist (Hacktivist)
answer
Motivated by a desire to cause social change, and might be trying to get media attention by disrupting services, or promoting a message by replacing the information on public websites. wants to cause damage to organizations that are deemed socially irresponsible or unworthy.
question
Data thief
answer
Blatantly steals resources or confidential information for personal or financial gain. They are likely to try to cover their tracks so their attacks are not detected and stopped. Usually in data theft, the attacker exploits unauthorized access or acts in collusion with a disgruntled employee.
question
Script Kiddie
answer
an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.[3] However, the term does not relate to the actual age of the participant
question
Electronic Vandal
answer
Want to cause as much as damage as possible, without any particular target or goal. The motivation might be for fun, or to gain attention or admiration, or stem from some type of social or personal resentment against a person or institution.
question
Cyberterrorist.
answer
attacker tries to disrupt computer systems in an attempt to spread dear and panic. Just as the definitions of terrorism is controversial, there is disagreement as to whether or not attacks on computer systems should be considered cybterrorism if they do not cause physical harm or damage to infrastructure.
question
Malicious Code Attacks
answer
type of attack where an attacker inserts some type os undesired or unauthorized software, or malware, into a target system. Intended to disrupt or disable an operating system or an application, or force the target system to disrupt or disable other systems.
question
Evidence of a Malicious Code Attack
answer
Corrupted applications, data files, and system files; unsolicited pop-up advertisements; counterfeit virus scan or software update notification, or reduced system performance or increase network traffic.
question
Viruses
answer
a piece of code that spreads from one computer to another by attaching itself to other files through a process of self-replication. Excites when the file it is attached to is opened.
question
Worms
answer
malware that, like a virus, replicates itself across the infected system. It doesn't attach itself to other programs or files. Worms that do carry payloads often turn computers into remote zombies that an attacker can use to launch other attacks from.
question
Adware
answer
software that automatically displays or downloads unsolicited advertisements when it is used. often appears as a pop-up.
question
Spyware
answer
surreptitiously installed malicious software that is intended to track and report the usage of a target system, or collect other data the author wishes to obtain.
question
Trojan horse
answer
is hidden malware that causes damage to a system or gives an attacker a platform for monitoring and/or controlling a system. Often more insidious and remain undetected much more easily. Propagated by social engineering.
question
Rootkits
answer
code that intended to take full or partial control of a system at the lowest levels. Attempt to hide themselves from monitoring or detection, and modify low-level system files when integrating themselves into a system.
question
Logic Bombs
answer
A piece of code that sits dormant on a target computer until it is triggered by a specific event, such as a specific date. detonates and performs whatever actions it was programmed to do.
question
Botnet
answer
is a set of computers that has been infected by a control program called a bot that enables attackers to collectively exploit those computers to mount attacks. Zombies or Drones are often unaware that their computers are being used for nefarious purpose
question
Ransomware
answer
increasingly popular variety of malware in which an attacker infects a victim's computer with code that restricts the victim's access to their computer or the data on it. Demands a ransom be paid.
question
Polymorphic Malware
answer
uses this virus encryption, only decryption module is altered each time the virus infects a files. it makes it very difficult for antivirus software to detect an infection that is constantly changing.
question
Armored Virusest
answer
That they attempt to trick or shield themselves from antivirus software and security professionals. to fool antivirus software, an armorvirus is able to obscure its true location in the system and lead the software to believe that it resides elsewhere.
question
Software Attacks
answer
any attack against software resources, including operating systems, applications, protocols and files. Surreptitiously gain control of a computer so that the attacker can use that computer in the future, often for profit or further malicious activity.
question
Software Attack Combinations
answer
used by itself or in combination with another type of attack, such as a social engineering attack.
question
Password Attack
answer
any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately. attacker can guess or steal passwords or crack encrypted password files.
question
Guessing
answer
simplest type of password attack is making individual, repeated attempts to guess a password,
question
Stealing
answer
sniffing network communications, reading handwritten password notes, or observing a user in the act of entering a password
question
Dictionary Attack
answer
Automates password guessing by comparing passwords against a predetermined list of possible password values.
question
Brute force attack
answer
attacker uses password-cracking software to attempt every possible alphanumeric password combination.
question
Rainbow tables
answer
set of related plaintext passwords and their hashes, The underlying principle of rainbow tables is to do the central processing unit (CPU) intensive work of generating hashed in advance, trading time saved during the attack for the disk space to store the tables. Rainbow table attacks are executed by comparing the target password hash to the password hashes stored in the tables, then working backward in an attempt to determine the actual password from the known hash. (Example: password or passw0rd or p@ssw0rd)
question
Hybrid Password Attack
answer
The attack type utilizes multiple attack methods, including dictionary, rainbow table, and brute force attacks when trying to crack a password
question
Birthday Attack
answer
exploits weaknesses in the mathematical algorithms used to generate hashes. This type os attack takes advantage of the probability of different inputs producing the same encrypted outputs, given a large enough set of inputs. It is named after the surprising statistical fact that there is a 50 percent chance that two people in a group of 23 will share a birthday.
question
Backdoor attacks
answer
a type of software attack where an attacker creates a software mechanism called backdoor to gain access to a computer. Software utility or an illegitimate user account. Backdoor is delivered through use of a Trojan horse or other malware. Software typically listens for commands from the attacker on an open port. Often survives even after the initial intrusion has been discovered and resolved. can be difficult to spot. may not leave any obvious evidence behind.
question
Takeover Attack
answer
in which an attacker assumes complete control over a system.
question
Application Attacks
answer
are software attacks that are targeted at web-based and other client-server applications. Source code disclosure or tampering. Network breaches. Attacks that specifically exploit the trust between a user and a server are called client side attacks.
question
Evil twin attack and account phishing
answer
An evil twin attack on a social networking site is an attack where an attacker creates a social network account to impersonate a genuine user. Then, when the friends of that user all the attacker to become friends with them or join a gourd, the attacker can gain access to various personal detains and even company information of a company has a page on the site. This is often preceded by account phishing, in which an attacker creates an account and joins the friends list of an individual just to try to obtain information about the individual and their circle of friend or colleagues.
question
Drive by download
answer
This is a program that is automatically installed on a computer when a user accesses a malicious site, even without clicking a long or giving consent. This often happens when a sure searches for a social networking site and selects a site using a fraudulent link. Sometimes a drive-by download may be package invisibly together with a program that a user requests to download
question
Clickjacking
answer
An attack that tricks a user into clicking an unintended link. The attacker uses a combination of visible and invisible HTML frames to fool the use into thinking what they are clicking is what's visible, when in fact the invisible link is layered on top of or beneath the visible frame. This happens when a user is going through a fraudulent networking site or a site that has been hijacked by an attacker.
question
Password stealer
answer
A type of software that, when installed on a system, will be able to capture all the passwords and user names interred into the instant messaging application or social network site that it was designed for. This information is send back to the attacker who can use it for fraudulent purposes.
question
Spamming
answer
Within social networking, spamming refers to sending unsolicited bulk messages by misusing the electronic messaging services inside the social networking site.
question
URL Shortening service
answer
Makes it easier to share links on social networking sites by abbreviating the Uniform Resource Locators. Creates a vulnerability that attackers can exploit because the shortened URL hides the true target of the link. User may be directed to a fraudulent site that is a source of malware or other threats.
question
DoS Attacks
answer
Network attack in which an attacker attempts to disrupt or disable systems that provide network services by various means,
question
DoS Attacks include
answer
1) Flooding a network link with data to consume all available bandwidth. 2) Sending data designed to exploit known flaws in an application. 3) Sending multiple service request to consume a system's resources. 4) Flooding a user's email inbox with spam messages, causing gunning messages to get bounced back to the sender.
question
NOTE
answer
Nearly anything can cause a DoS attack of it interrupts or disables a system.
question
DoS targets
answer
Any service or network device, but is usually mounted against servers or routers, preventing them from responding to legitimate network requests.
question
DDoS Attacks (Distributed Denial of service)
answer
Is a type of DoS attack that uses multiple computers on disparate networks to launch that attack from many simultaneous sources. Attacker introduces unauthorized software that turns the computer into a zombie/drone that directs the computers to launch the attack. Host computers gots the zombies.
question
Symptoms of DoS and DDoS attacks
answer
1) Sudden and overwhelming service request from hose outside your network 2) A sudden and unexplained drop in the amount of available Internet bandwidth. 3) A sudden and overwhelming drain on a specific resource in a system, causing unusual behavior or freezes.
question
DoS Attack Type
answer
Description
question
ICMP flood
answer
This attack is based on sending high volumes of ICMP ping packets to a target. Common names for ICMP flood attacks are Smurf attacks and ping floods. Modern systems and networks are usually well-protected against these types of attacks.
question
UDP Flood (User Datagram Protocol)
answer
The attacker attempts to overwhelm the target system with UDP ping requests. Often the source IP address is spoofed, creating a DoS condition for the spoofed IP.
question
SYN flood
answer
An attacker send countless requests for a TCP connection (SYN messages) to an FTP server, web server, or anything other target system attached to the Internet. The target server then responds to each request with a SYN-ACK mediate and, in doing so, creates a space in memory that will be used for the TCP session when the remote host responds with its own SYN-ACK message. However, the attacker has crafted the SYN mediate (usually through IP spoofing) so that the target server sends its initial SYN-ACK response to a computer that will never reply. So, the target server has reserved memory for numerous TCP connections that will never be completed. Eventually, the target server will stop responding to legitimate requests because it's memory resources are flooded with incomplete TCP connections.
question
Buffer overflow
answer
Many systems are services are vulnerable to a buffer overflow condition, in which too much data is fed into a fixed-length memory buffer, resulting in adjacent areas of memory being overwritten. Attackers can exploit buffer overflow vulnerabilities by deliberately invoking buffer overflow conditions, introducing bad data into memory, thus opening the door for any number of subsequent attack methods or simply causing the system to cease to function or respond. A buffer overflow can also occur when there is an excessive amount of incomplete fragmented traffic on a network. In this case, an attacker may attempt to pass through security systems or IDSs.
question
Reflected DoS attack
answer
In reflected DoS and DDoS attacks, a forged source IP address is used when sending requests to a large number of computers. This causes those systems to send a reply to the target system, causing a DoS conditions.
question
Permanent DoS attack
answer
Permanent DoS attacks, also called phlashing, target the actual hardware of a system in order to prevent the vicim from easily recovering from a denial of service. With a successful attack, phlashing forces the victim to repair or replace the hardware that runs the system. Taking advantage of remove administration, the attacker may be able to push corrupted firmware onto the hardware, causing that equipment to brick, or become completely inoperable.
question
Session hijacking attack
answer
Involves exploiting a computer in session to obtain unauthorized access to an organization's network or services.
question
Peer to peer (P2P) attacks
answer
Launched by malware propagating through P2P networks. Shared command and control architecture, making it harder to detect an attack. Can be used to launch huge DoS attacks. Van be compromised by malware such as viruses and Trojans. Control all these compromised computers to launch a DDoS attack.
question
NOTE:
answer
Notable P2P programs of the past are Napster, Kazaa, and LimeWire, all of which are now either defunct or no longer P2P.
question
ARP Poisoning (Address Resolution Protocol)
answer
The mechanism by which individual hardware MAC addresses are matched to an IP address on a network. Also know as ARP spoofing, occurs when an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient.
question
Physical Network Address
answer
Packets based on a unique physical address that is individually assigned to every network adapter board by the adapter's manufacturer. No two network adapters in the world are supposed to have the same physical address.
question
Transitive Access Attacks
answer
The access given to certain members in an organization to use data on a system without the need for authenticating themselves. Attacker can access and modify the file, then that will give transitive access to all data and programs to the attacker.
question
Wireless security
answer
Any method of securing your wireless LAN network to prevent unauthorized network access and network data theft.
question
Rogue Access point
answer
An unauthorized wireless access point on a corporate or private network. Cause considerable damage to an organization's data. Not detected easily and can allow private network access to many unauthorized users with the proper devices.
question
Jamming
answer
Also called interference, is an attack in which radio waves disrupt 802.11 wireless signals.
question
Bluejacking
answer
Method used by attackers to send out unwanted Bluetooth signals from smartphone, mobile phones, tablets, and laptops to other Bluetooth enabled devices. This is a very close-range attack.
question
Bluesnarfing
answer
Method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-feet Bluetooth transmission limit.
question
Near Field Commnication
answer
Is a standard of communication between mobile devices like smartphones and tablets in very close proximity, usually when touching or being only a few inches apart from each other.
question
War driving and war chalking
answer
Act of searching for instances of wireless networks using tracking devices suck as smartphones, tablets or laptops. War Chalking act of using symbols to mark up a sidewalk or wall to indicate the presence and status f a nearby wireless network
question
War Driving Tools
answer
NetStumbler Kismet Aircrack
question
IV Attacks (Initialization Vector)
answer
A number added to a key that constantly changes in order to prevent identical text from producing the same exact ciphertext upon encryption. Allows the attacker to predict or control the Initialization vector in order to bypass this effect.
question
Packet Sniffing
answer
Can be used as an attack on wireless network where an attacker captures data and registers data flows, which allow the attacker to analyze the data contained in a packet.
question
Wireless Relay Attack
answer
Fine it easier to capture packets over a wireless network and replay the in order to manipulate the data stream. Can also be used in conjunction with an IV attack to successfully break weak encryption.
question
Sinkhole Attacks
answer
Take advantage of routing on a wireless network by creating a single node through which all traffic goes. Individual node is able to trick the other nodes into redirecting their traffic.
question
Sinkhole Wage attack against WSN (Wireless Sensor Network)
answer
A WSN is a collection of autonomous sensor-equipped devices that monitor and old physical and environmental conditions suck as temperature, humidity levels, lighting controls, ect and forwards data through a wireless gateway to a main network location. By luring traffic destined for a base station and sending it to the compromised device, the base station receives incomplete and inaccurate sensing data.
question
Sinkhole Wage Attack against MANET (Mobile ad-hoc networks)
answer
A continuously felt-configuring network of mobile devices suck as smartphones, tablets, and laptops. Because of the changing nature of ad-hoc networks, each devices must act as a router. By falsely advertising a lower routing metric, the sinkhole attracts the majority of the MANET's traffic and could serve as a platform for attacks such as skewing load balancing, modifying packets, or dropping packets, all of which can adversely affect upper-layer applications.
question
Physical Security
answer
To the implementation and practice of various control mechanisms that are intended to restrict physical access to facilities. 1) Facilities intrusions 2) Electrical grid failures 3) Fire 4) Personnel illnesses 5) Data Network interruptions.
question
Physical security threat and vulnerability
answer
Description
question
Internal
answer
It is important to aways consider what is happening inside an organization, especially when physical security is concerned. Disgruntled employee
question
External
answer
It is impossible for any organization to fully control external security threats. Example: power failures.
question
Natural
answer
Although natural threats are easy to overlook, they can pose a significant threat to the physical security of a facility. Tornadoes.
question
Man-made
answer
Whether international or accidental, people can cause a number of physical threats. Backhoe operator may accidentally dig up fiber optic cables.
question
Hardware attacks
answer
An attack that targets a computer's physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling or smart card.
question
Key logging attack
answer
Uses a software or hardware to capture each keystroke a user types.
