IT Security: Defense against the digital dark arts. Week1: Understanding Security Threats
Which of the following is true of a DDoS attack?
Attack traffic comes from lots of different hosts; The "Distributed" in DDoS means that the attack traffic is distributed across a large number of hosts, resulting in the attack coming from many different machines.
Which of these is true of blackhat and whitehat hackers?
Blackhats are malicious. Whitehats exploit weakness to help mitigate threats; Blackhat hackers are trying to break into a system and do something malicious. Whitehats try to find weaknesses before the bad guy does, and reports them to get fixed.
What type of attack can a hacker perform that involves injecting malicious code into a website to hijack a session cookie?
Cross-site Scripting (XSS); XSS (Cross-site Scripting) is an injection attack where the attacker inserts malicious script into a website to achieve session hijacking.
A(n) _____ attack is meant to prevent legitimate traffic from reaching a service. DNS Cache poisoning Password Injection Denial of Service
DNS Cache poisoning; Not quite. Please refer back to the "Network Attacks" lesson for a refresher.
An attacker could redirect your browser to a fake website login page using what kind of attack?
DNS cache poisoning attack; A DNS cache poisoning attack would allow an attacker to redirect your requests for websites to a server they control.
A network-based attack where one attacking machine overwhelms a target with traffic is a(n) _______ attack.
Denial of Service; This is a classic denial-of-service attack. Note that this is not a distributed denial-of-service attack, as the attack traffic is coming from a single source and not distributed over many attacking hosts
Which of these is where a victim connects to a network that the victim thinks is legitimate, but is really an identical network controlled by a hacker to monitor traffic?
Evil Twin; The premise of an Evil Twin is for the victim to connect to a network that is identical to a legit one, but it is actually controlled by a hacker.
Why is a DNS cache poisoning attack dangerous? Check all that apply.
It affects any clients querying the poisoned DNS server it allows an attacker to redirect targets to malicious web servers; By inserting fake DNS records into a DNS server's cache, every client that queries this record will be served the fake information. This allows an attacker to redirect clients to a web server of their choosing.
What are the characteristics of a rootkit? Check all that apply.
Is difficult to detect; A rootkit is designed to provide administrator-level access to a third party without the system owner's knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect. provides elevated credentials; A rootkit is designed to provide administrator-level access to a third party without the system owner's knowledge. Given this, rootkits are usually designed to avoid detection and can be difficult to detect.
The practice of tricking someone into providing information they shouldn't is called ________. Brute force attacks Eavesdropping Social Engineering Man-in-the-middle attacks
Man-in-the-middle attacks; Not quite. Please refer back to the "Other Attacks" lesson for a refresher.
What could potentially decrease the availability of security and also test the preparedness of data loss?
Ransomware; Ransomware could prevent access to your data by holding the data hostage until you pay a ransom.
If a hacker targets a vulnerable website by running commands that delete the website's data in its database, what type of attack did the hacker perform?
SQL injection; A SQL injection targets an entire website if the site uses a SQL database. If vulnerable, hackers can run SQL commands that allow them to delete web data, copy it, and run other malicious commands.
A hacker infected your computer to steal your Internet connection and used your machine's resources to mine Bitcoin. What is the name of this kind of attack?
a bot; Malware can use a victim's machine to perform a task controlled by a hacker. At that point, the compromised machine is known as a bot.
An unhappy Systems Administrator wrote a malware program to bring down the company's services after a certain event occurred. What type of malware does this describe?
a logic bomb; A logic bomb is malware that is intentionally triggered by a hacker once a certain event or time has occurred.
An end-user received an email stating his bank account was compromised, and that he needs to click a link to reset his password. When the user visited the site, he recognized it as legitimate and entered his credentials which were captured by a hacker. What type of social engineering attack does this describe?
a phishing attack; Phishing occurs when a hacker sends a victim an email disguised as being legit but isn't. For example, you get an email saying your bank account has been compromised. When you click the link to reset your password, you go to a site that looks like it's your bank's but it's actually a fake website trying to steal your password!
In the CIA Triad, "Integrity" means ensuring that data is:
accurate and was not tampered with; "Integrity," in this context, means ensuring that the data remains intact, uncorrupted, and not tampered with. The data that gets sent is the exact same as the data that gets received.
What are the dangers of a man-in-the-middle attack? Check all that apply.
an attacker can modify traffic in transit an attacker can block or redirect traffic an attacker can eavesdrop on unencrypted traffic; A man-in-the-middle attack means that the attacker has access to your network traffic. This allows them to eavesdrop, modify traffic in transit, or block traffic entirely. Yikes!
What's the relationship between a vulnerability and an exploit?
an exploit takes advantage of a vulnerability to run arbitrary code or gain access; A vulnerability is a bug or hole in a system. It allows an attacker to gain access by using an exploit, which takes advantage of the vulnerability.
In the CIA Triad, "Availability" means ensuring that data is:
available and people can access it; "Availability," in this context, means ensuring that data and services remain accessible to those who are authorized to access them.
True or false: A brute-force attack is more efficient than a dictionary attack.
false; A brute-force attack tries out every possible valid combination of characters to guess the password, while a dictionary attack only tries passwords contained in a dictionary file. This means the dictionary attack is more efficient, since it doesn't generate the passwords and has a smaller number of guesses to attempt.
In the CIA Triad, "Confidentiality" means ensuring that data is:
not accessible by unwanted parties; "Confidentiality," in this context, means preventing unauthorized third parties from gaining access to the data.
Which of the following result from a denial-of-service attack? Check all that apply.
service unreachable slow network performance; A denial-of-service attack is meant to prevent legitimate traffic from reaching a service. This is usually done by flooding the victim with attack traffic, degrading network and system performance, and rendering services unreachable.
Which of the following scenarios are social engineering attacks? Check all that apply.
someone uses a fake ID to gain access to a restricted area you receive an email with an attachment containing a virus; A malicious spam email is a form of social engineering; the email is designed to trick you into opening a malicious payload contained in the attachment. Using a fake ID to gain entry to somewhere you're not permitted is impersonation, a classic social engineering technique.
Which statement is true for both a worm and a virus?
they're self-replicating and self-propagating; Both worms and viruses are capable of spreading themselves using a variety of transmission means.
How can you protect against client-side injection attacks? Check all that apply.
use input validation use data sanitization; By checking user-provided input and only allowing certain characters to be valid input, you can avoid injection attacks. You can also use data sanitization, which involves checking user-supplied input that's supposed to contain special characters to ensure they don't result in an injection attack.
The best defense against injection attacks is to ______.
use input validation; Input validation will prevent an attacker from injecting commands using text input fields.
Check all examples of types of malware:
worms adware viruses; These three are all examples of unwanted software that can cause adverse affects to an infected system, which is exactly what malware is