Intro to Computer Security Test 2
What is the main concept of a Buffer Overflow? Draw a picture on the back of what a buffer overflow looks like?
A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting the data held in that space. Buffer Overflow Memory |A|A|A|A|A|A|A|A|A|B|
What is Steganography? Give an example of how it is used?
Steganography is data hidden within data. Steganography is an encryption technique that can be used along with cryptography as an extra-secure method in which to protect data. At any rate, steganography protects from pirating copyrighted materials as well as aiding in unauthorized viewing.
What is a Synchronous Token? Give an example of how it is used?
Synchronous tokens are powered by event triggers or clocks kept in sync with an authentication system. Users generate codes by viewing their tokens at the same time they authenticate themselves or by pressing buttons on certain tokes to generate codes
What is Social Engineering and the term misplaced Trust? Define them both?
Social engineering- is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain. Misplaced Trust-trusting someone with something while not knowing the person or their background but know them well enough to believe they were worthy of trust.
Define the job of the Stack and Heap?
The stack is a key data structure necessary for the interchange of data between procedures. The heap provides space for dynamic data, that is, data items whose size is not known when a program is compiled. Stack is used for static memory allocation and Heap for dynamic memory allocation, both stored in the computer's RAM. Variables allocated on the stack are stored directly to the memory and access to this memory is very fast, and it's allocation is dealt with when the program is compiled
Define the term Botnet? How does it work?
A botnet is a group of computers that are controlled from a single source and run related software programs and scripts. While botnets can be used for distributed computing purposes, such as a scientific processing, the term usually refers to multiple computers that have been infected with malicious software.
What is the difference between the following threats? Virus, Trojan horse and a worm?
A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail. A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft.
How does a key logger work? Give a scenario of how it is implemented to log keystrokes?
Keyloggers work generally by intercepting the chain of events when the person is using a computer and it occurs in a second while using the system by the users. The keylogger makes a note, that what key is pressed by the user and can record all the activities done by the user in the system. Students plugged the device into the USB port between a keyboard and the computer that faculty members used to enter grades into the school's electronic record system, where the logger went unnoticed by teachers. With the device, the students were able to obtain 13 teachers' account names and passwords, including at least one supervisory account with extra privileges. After retrieving the device and analyzing the keystroke data, the students were apparently able to login to the school's master grade program and change grades at will.
Name the three worms we discussed in the chapter and what problems they caused?
Morris Worm- resource exhaustion, disconnection of many systems from the internet, and isolation and inability to perform necessary work. Allegedly accidental infection disabled a large portion of the ARPANET, precursor to today's internet Code Red-It attacked computers running Microsoft's IIS web server causing a denial of service. SQL Slammer- attacks SQL database servers; it has unintended denial-of-service impact due to the massive amount of traffic it generates. A worm that attacks Microsoft's database software spread through the Internet over the weekend, causing cash machines to stop issuing money, taking most of South Korea offline, and slowing down the Internet. Conficker-infected as many as 10 million machines. cracking passwords, exploiting vulnerabilities, and hijacking Windows computers into a botnet to distribute spam and install scareware. It became one of the most serious malware outbreaks of all time
We can divide the payload from malicious code into 3 categories? What are they and define each one?
Nondestructive- Examples of behavior are sending a funny message or flashing an image on the screen, often simply to show the author's capability. This category would also include virus hoaxes, message falsely warning of a piece of malicious code, apparently of cause receivers to panic and forward the message to contacts, thus spreading the panic. Destructive- This type of code corrupt files, delete files, damages software, or executes commands to cause hardware stress or breakage with no apparent motive other than to harm the recipient. Commercial or criminal intent- An infection of this type tries to overtake the recipient's computer, installing code to allow a remote agent to cause the computer to perform actions on agent's signal or forward sensitive data to the agent. Examples of actions include collecting personal data, for example login credentials to a banking web site, collecting proprietary data, such as corporate plans, or serving as compromised agent for sending spam email or mounting a denial-of-service attak.
What are paging and segmentation? How does the memory structure use this technique to protect physical memory?
Paging is a memory management function that presents storage locations to the CPU as additional memory. Segmentation is a virtual process that creates variable-sized address spaces called segments.
What is the term propagate mean as it pertains to file privileges? Why is this a potential hazard with this concept?
Permissions propagation secures your data by limiting access to the users specified in the top folder. Propagation also means that you believe all the permissions in the folder tree are the same, but there are cases where that is not true
What are two of the four ways that an operating system invokes memory separation?
Physical Separation- Different processes use different physical objects, such as separate printers for output requiring different levels of security. Temporal Separation- Processes have different security requirements are executed at different times. Logical Separation- Users operate under the illusion that no other processes exist, as when an operating system constrains a program's accesses so that the program cannot access objects outside its permitted domain. Cryptographic Separation- Processes conceal their data and computation in such way that they are unintelligible to outside processes.
Based on the lesson, what is wrong with this code? And why is there an overflow? For (i=0; i<=9;; i++) Sample[i] = 'A'; Sample[10] = 'B'
Sample[10] = 'B' should be Sample[10] = 'A' If the letter B overlays an instruction that is not yet executed, the machine will try to execute an instruction with operation 0x42, the internal code for the character B. If there is no instruction with operation 0x42, the system will halt in an illegal instruction exception.
What is meant by security through obscurity? Give an example of this security control?
Security through obscurity is the belief that a system can be secure as long as nobody outside its implementation group is told anything about its internal mechanisms. An example of security by obscurity is when someone has an expensive house outfitted with the latest lock system, but the way you open the lock is simply by jiggling the handle. So if you don't know to do that, it's pretty secure, but once you know it's trivial to bypass.