IS terms: Application and Cloud Security

stack

A ________ buffer overflow occurs when a program uses more memory than it should in a specific area called the "(term)," which stores temporary data. Here's what it means in simple terms: How it's exploited: A hacker can intentionally overfill (overflow) this memory with extra data to: Change how the program works by overwriting nearby data. Replace the program's "return address" (which tells it where to go next) with their own instructions, making the program run their malicious code instead. Essentially, it's like sneaking in bad directions to control where the program "goes" and what it does.

buffer, outside

A ________ is an area of memory allocated by a process and typically used to hold data that is assembled before being sent out or has been received and will be processed. Data can be copied from memory ___________ the process (e.g. in network hardware) to a buffer in the process' memory pool [or vice versa].

heap

A buffer overflow occurring in the _____ data area is referred to as a (term) overflow and is exploitable in a manner different from that of stack-based overflows. Memory on the (term) is dynamically allocated by the application at run-time and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical (term) overflow technique overwrites dynamic memory allocation linkage (such as malloc meta data) and uses the resulting pointer exchange to overwrite a program function pointer. In simple terms, (term) overflow is a type of attack where a hacker manipulates data stored in a specific part of memory called the (term), which is used for temporary, dynamically allocated data during a program's run. Here's the idea in simple terms: The hacker overfills (overflows) the (term) with extra data. This extra data corrupts important structures in the program, like pointers (which tell the program where to find things in memory). By corrupting these pointers, the hacker can trick the program into running their malicious code or changing its behavior. It's different from a stack overflow because it targets a different memory area and focuses on disrupting how the program manages its temporary data.

modular

A common approach in programming is to create ____________ code, where one unit of code calls another, which will eventually return. The called unit may in turn call others.

stack, stack frame

A typical approach to managing modular code uses a __________- a memory structure to which data can be added ("pushed") or removed ("popped"). Each unit of data pushed (and later popped) is called a ____________________.

von Neumann, memory, code

Almost all modern computers use the _____________ (or Princeton) architecture where a single pool of __________ (e.g. RAM) is used to hold both _______ (CPU instructions) and data (to be processed by those instructions).

injects, modify

An SQL injection attack occurs when an attacker "__________" SQL code of his choosing into an SQL query within an application (IE, Safari, Mozilla are applications). The injected code may ___________ the existing query and or concatenate additional queries.

Advanced Persistent Threat (APT)

An _____________________________________ is a long-term, stealthy cyberattack where hackers target a specific organization or system. In simple terms: The attackers are highly skilled and use advanced tools to break into a network. They stay hidden for a long time, stealing sensitive data or causing damage without being detected. (term plural) are usually carried out by organized groups, often linked to governments or large criminal organizations. It's like a burglar sneaking into a house, staying hidden for months, and quietly stealing valuables without anyone noticing.

programming, operating

Any application running on an operating system faces at least 2 threats: one from the _______________ of the application and one from the _________________ system. If the (second term) system is connected to the Internet in any way, then the threat conversation gets messy, and then there are practically innumerable threats possible.

offensively

Application security can be approached __________________, which includes SQL injections and database hacks.

defensively

Application security can be approached __________________, which includes securing services, software, and network components.

forensically

Application security can be approached __________________; application security can be understood by malware analysis because in that analysis, important information about vulnerabilities is revealed.

defensively, forensically, and offensively

Application security can be approached ___________________, _____________________, and ____________________.

buffers, overflow

Applications use temporary storage areas in RAM called ___________. If attacker sends code or a message that exceeds the programmer's allocated amount of RAM it is an ____________. This can cause all kinds of issues for an operating system - ranging from little noticeable change to a complete system crash.

security service, FedRAMP

Cloud _____________________ solutions include: Implement stronger authentication - often two-factor authentication. • Closely review the CSP's audit results, if you are not allowed to perform your own security assessments against the service. • Federal agencies are required to use Federal Risk and Authorization Management Program (__________) - authorized CSPs. (second term) is a program established to assess CSPs to standardized security requirements

2014, two-factor

Early in _____, the social media accounts of Skype that were accessed by the Syrian Electronic Army had optional ___________ authentication available, but it was apparently not enabled by Skype. As a result, Skype's blog featured a headline: "Hacked by Syrian Electronic Army ... Stop Spying!" Similar messages were posted on its Twitter and Facebook pages.

Simple Mail Transfer Protocol (SMTP), 25

Email is governed by a protocol - the _____________________________________, port _____. If a person can gain root access based on other extant OS vulnerabilities, the attacker can generate forged emails, or get information about users on a system. One such famous, and overused vulnerability exists on Outlook Web Access email systems.

access control

If an attacker can get root access, then the attacker can execute applications at the highest most secure level. This is an __________________ issue that system administrators must face.

stack-based buffer

In a ________________________ overflow attack the attacker has discovered a vulnerability - the code doesn't check the length of the data being copied into a buffer that is a temporary variable in a stack frame. The attacker sends more data than the programmer allowed for. The excess data is carefully crafted to overwrite the return address with the address of a memory location somewhere in the excess data. That address is the start of a sequence of instructions chosen by the attacker.

passed, returned, used, return

In a typical approach a stack frame contains the following: space for data values to be _____________ to the called unit, space for a data value to be ______________ to the calling unit, space for temporary variables to be _________ within the called unit, the memory address of the end of the frame, and the __________ address (the memory location of the next instruction after the call).

input, stored

In regard to SQL injections, _______ checking must be done correctly. Use least privilege idea (aka the principle of least permissions). Don't build queries as strings using data from outside - use parameterized queries or ________ procedures (where user input is treated as data, not executable code).

Simple Network Management Protocol, 161, 162

Like most protocols, ___________________________ (UDP port numbers _______ and ______) has a command line interface: snmpget command • snmpget -mALL -v1 -cpublic snmp_agent_Ip_address sysName.0 As stated in the description of the sysName.0 MIB object in the SNMPv2-MIB, this command returns an administratively assigned name for this managed node. By convention, this is the node's fully-qualified domain name. If the name is unknown, the value returned is the zero-length string. It's a framework for sending and receiving messages. Messages read (GET) or update (SET) values defined in an object database (MIB). (term) does NOT define specific objects, just generic messages for any objects. Here's how it works in simple terms: The Manager: Think of this as you, sitting on the couch with the remote. This is the computer or software that sends requests to check on or control other devices in your network. The Agents: These are the gadgets in your house—like the lights or thermostat—but in a network, they're devices like routers, printers, or servers. They follow orders from the manager and provide updates when asked. The Language: SNMP is like the universal language they all understand, so they can talk to each other even if they're made by different manufacturers. What Can Be Done: Using SNMP, you can: Check the status: Ask the router how much data it's handling. Get alerts: Get a message if a printer runs out of paper. Control settings: Tell a switch to prioritize certain types of traffic, like video calls. How It Talks: SNMP works by sending tiny messages back and forth. The manager might ask, "Hey, router, how's the traffic?" and the router replie

Man-in-the-Browser (MITB)

More web vulnerabilities include Carberp, ChromInject, Nuklus, OddJob, SpyEye, and Zeus. These are sometimes called _____________________________attack vectors. Protection against this type of attack includes out of band verification, man in the mobile, and hardened software.

people

Most application-based threats become exacerbated when _________ are involved. Mis-configuration, inattention to details, laziness, short cuts, saving money, are all aspects of how application security becomes complex. Sometimes the threat only stops an application...sometimes an operating system.

Structured Query Language (SQL)

Most modern applications that use databases use _________________________ for database functions.

private, community, public, hybrid

Multiple models of cloud deployment models include _______ cloud, ________ cloud, ________ cloud, and ________ cloud.

cloud computing

NIST SP-800-145 defines __________________________ as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

public-key, symmetric, hashes, compression

PGP uses well-known algorithms for: _______________ cryptography (to encrypt/decrypt session keys, and hashes for digital sig's), ___________ cryptography (to encrypt/decrypt messages, and private keys in local storage), __________ (to generate/verify digital signatures), and ________________ (to minimize the amount of data sent/ received). • Each public key is bound to an e-mail address.

copied, integrity

Q: What is the root cause of a buffer overflow? A: The programmer failed to check the amount of data to be _________ before executing the copy instruction sequence. Q: What type of threat is this? A: _____________

elevation, spear-phish, compromise

Regarding OWA vulnerabilities, the _____________ of privilege is a substantial vulnerability because it allows an attacker to get username and email credentials from a webserver. Then an attacker can __________________ the person, based on their company directory, etc. enabling the attacker to get personal username and password credentials. The attacker then can send emails from that address to others on the list and _______________ them.

Cross Site, URLs

Regarding OWA vulnerabilities, the ______________ Scripting Vulnerability exists because the affected software fails to perform enough validation and sanitation of user-supplied input when processing crafted ______. An unauthenticated, remote attacker could exploit the vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site and access sensitive browser-based information. In other words, the vulnerability exists because the software doesn't properly check or clean up input (like text or URLs) that users provide. An attacker can create a malicious link and trick someone into clicking it. When the victim clicks, the attacker's script runs in their browser, as if it's coming from the trusted OWA site. This could let the attacker steal sensitive information, like login details or session cookies, or manipulate how the site behaves for the victim. In short, it's a way for hackers to trick users and hijack their interaction with a trusted site.

WHERE

Regarding SQL queries, the row(s) affected are typically limited by a __________ condition clause.

buffer overflow

Regarding buffers, in C:, we could use the strcpy function: strcpy(char *dest, const char *src), where dest is the address of the start of the buffer and src is the address of the start of the outside memory. It will copy a byte from the source to the destination. Unless that byte was a NULL (0) [indicating the end of a string] it will increment the pointers and repeat the process. In simple terms, strcpy(dest, src) copies a string from src (source) to dest (destination). It keeps copying characters, one by one, until it encounters a NULL character (a 0 byte), which marks the end of the string. How it works: Each character in src is transferred to the corresponding position in dest. If the dest buffer (memory space) is too small to hold the entire string from src, it might overwrite memory outside its intended area. The problem (___________): If the src string is longer than the space allocated for dest, the extra characters will overwrite other data in memory. This can lead to bugs, crashes, or security vulnerabilities (e.g., attackers exploiting this to inject malicious code).

hybrid

Regarding the multiple models of cloud deployment models, the ___________ cloud is any combination of public, community, and private clouds.

private

Regarding the multiple models of cloud deployment models, the ___________ cloud is the infrastructure is provisioned for exclusive use by a single customer. Examples are "on prem" clouds where the company builds and owns it.

community

Regarding the multiple models of cloud deployment models, the ___________ cloud is the infrastructure is utilized by companies with similar missions and often common regulatory and security requirements - such as a healthcare cloud - or a banking cloud.

public

Regarding the multiple models of cloud deployment models, the ___________ cloud is where cloud services made available to the (term), such as AWS or Azure. Much of these are "pay-per-use" models where you are only charged for the data processed or stored.

Cross Site Scripting

Regarding websites and webservers, allowing ______________________________ (XSS) where one user's input can appear on the page of another user is a serious vulnerability.

3

SNMP V_ adds both encryption and authentication, which can be used together or separately. SNMP V(term) is the best but most complicated version to configure.

2

SNMP V_ adds support for 64-bit counters.

1

SNMP V_ is the oldest and easiest to setup. It is all plaintext and has very little security.

2578

SNMP Version 2 changed minor functionality features from version 1 and is defined by RFC _____.

3410

SNMP Version 3 applied major changes to security functionality and is defined by RFC ____.

Management Information Bases

SNMP is based on ____________________________________ (MIBs). An MIB is like a dictionary or blueprint for devices in a network. It organizes and describes all the data that a device can share with a network management system using SNMP. In simple terms: It defines what can be monitored or controlled on a device, like CPU usage, network speed, or temperature. Each piece of information (like CPU usage) is given a unique identifier, called an Object Identifier (OID). Network management tools use the MIB to understand and communicate with devices.

RMON

SNMP uses _______ probes (Remote Monitoring) to manage networks. Require ports to be left open and thus create some security vulnerabilities. Also data sent and received is in plaintext in earlier version of SNMP. (term) probes work with (Remote Network Monitoring), a protocol that defines what data to collect and how to report it to network administrators. Probes help analyze performance and troubleshoot problems without needing someone to check everything manually. In short, (term) probes keep an eye on your network to ensure it runs smoothly and alerts you if something goes wrong.

multitenancy

Security considerations for cloud services include ________________- The nature of cloud services being hosted on shared infrastructure can make it difficult to ensure that your data is completely isolated from other companies or, when your company leaves the service, that your data is completely wiped from the drives. This can also be problematic for law enforcement officials serving warrants for a particular company's data

confidentiality

Security considerations for cloud services include ________________--Does the service encrypt the data when it is transmitted or stored on its servers?

authentication

Security considerations for cloud services include ________________--How does the service ensure that only authorized users may access the data?

auditing

Security considerations for cloud services include ________________--Is the service capable of providing (partial term) logs to you to meet regulatory compliance laws - or performing adequate (term) to ensure that security incidences don't go unreported?

geographic location

Security considerations for cloud services include ________________--where is the service hosted? Government agencies, for instance, can only host within approved locations.

redirection, URL Redirection

Similar to iframes, A ______________________ attack is also unseen to the user but can have a more complicated attack vector. The end result though is the same - User will visit what appears to be the website they want, but in reality, is something else. A ___________________________ Attack is a kind of vulnerability that redirects you to another page freely out of the original website when accessed, usually integrated with a phishing attack.

256, RSA, TLS

Skype uses encryption - the AES-_____. Public keys are certified by the Skype server at login using 1536- or 2048-bit ____ certificates. Skype calls traversing PSTN networks, however, are not encrypted. Instant messages in Skype use ___.

RAM

The CPU can only accept content from ____.

SipTab,

The __________ attack is a method of targeting VoIP (Voice over IP) systems by exploiting vulnerabilities in the SIP (Session Initiation Protocol), which is commonly used to set up and manage voice calls over the internet. In simple terms: Attackers intercept or manipulate SIP messages, which control how a call is established, routed, or terminated. This allows them to: Eavesdrop on calls, redirect calls to their own devices (call hijacking), and disrupt communication by blocking or dropping calls. It's like hacking into the "control signals" of an internet phone system to listen in, take over, or disrupt conversations. Properly securing SIP servers with encryption and authentication helps prevent SipTab attacks.

VOMIT, Voice Over Misconfigured

The ___________ attack (_________________________Internet Telephony) is a method that exploits vulnerabilities in poorly secured VoIP (Voice over IP) systems to capture and reconstruct phone calls into audio files. In simple terms: Hackers intercept the data packets that carry voice communication over the internet. They then use tools to convert these packets back into listenable audio. This allows attackers to eavesdrop on private conversations if the VoIP system lacks encryption or is misconfigured. It's like someone grabbing bits of a digital phone call and piecing them back together into a recording, highlighting the importance of securing VoIP systems with strong encryption and proper configuration.

outside

The root cause of a SQL injection attack is building a SQL query as a text string using data from ___________ the application (e.g. user input).

defense-in-depth, systems

The three approaches to application security require understanding of ____________________, as well as ___________ administration, programming, network security, and policy-based rules and roles

common payload, shell

There are many techniques used in buffer overflow attacks. • A ___________________________ attempts to start a command shell and attach it to a network connection so the attacker can remotely issue commands. The command ______ will have the same privileges as the corrupted process

Software, Platform, Infrastructure

There are three service models of cloud computing which are __________ as a Service (Saas), ____________ as a Service (Paas), and ___________ as a Service (Iaas).

128

Though some may disagree, iMessage is considered quite secure, considering it uses AES-____ encryption.

stack, heap

Two types of buffer overflows are _________ and ____________.

OAuth2

Two versions of OAuth include OAuth and __________. OAuth is the original version and lets one app request limited access to your account on another service (e.g., a fitness app accessing your Google calendar) by using a token instead of your login credentials. (term) is an improved version with better security and flexibility. It's widely used today, allowing apps to access your data in a safer and more user-friendly way (e.g., "Sign in with Google" or "Sign in with Facebook"))

SELECT, INSERT UPDATE, DELETE

Typical SQL queries include _______________:, which retrieves columns from rows from tables, _______________:, which adds new rows, ________________:, which changes columns in existing rows, and _________________:, which removes rows

SaaS

_____ is when applications are hosted in the cloud and are accessible from various client devices . An example is with Gmail or Office 365.

IaaS

______ is compromised of the CSP provisions processing, storage, networks, and other fundamental computing resources. The customer has control over the applications and servers.

SNMP

______ is only associated with MIB.

PaaS

______ is when infrastructure is hosted in the cloud and is managed by the Cloud Service Provider (CSP). The customer may still configure and deploy applications on the infrastructure and maybe even the server settings. An example is with Avaya's VoIP - where Avaya's VoIP gateway completely manages the VoIP traffic remotely at Avaya after it leaves the customer's site.

SSL

_______ provides a basic level of security for online transactions.

Cloud

________ computing essential characteristics include: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service.

Security

________ considerations for cloud services include: geographic location, multi-tenancy, authentication, confidentiality, and auditing.

SMTP

________ has a set of commands associated with the protocol - such as: HELO, EHLO, MAIL, TO:, FROM:, VRFY, EXPN.

Application Security

__________ covers a range of topics...It usually involves coding of some sort, but not always. Since the application layer is at the top (or bottom) depending on how you see of the OSI reference model, we can assume that applications influence other network layers. It can be a tcp/ip, kernel, rpc, or microcode programming error.

Iframes

_______________ can pop up on a web session and not be noticed. When the pop up they execute malicious code. Users do not usually see them. In this example, the frame will not appear on the screen.

Host hardening

__________________ is like putting extra locks and alarms on your computer or server to protect it from bad actors. It involves setting up security measures like: Installing updates and patches to fix vulnerabilities. Using strong passwords and restricting access to only trusted people. Removing unnecessary programs or features that hackers could exploit. Setting up a firewall and antivirus to block threats. Regularly backing up data in case something goes wrong. The goal is to make the system as secure as possible to minimize risks.

VOIP (Voice Over IP)

____________________ has security risks because it relies on the internet and network security, making it vulnerable to attacks like: Open Internet Traffic: Calls can be intercepted if not encrypted. Limited Gateway Security: Devices connecting to (term) networks often lack strong protections. Exploits: Tools like VOMIT and SipTab can intercept or steal unencrypted call data. Best Defense: Use encryption for calls and secure the call management system to protect against these threats.

Defensive measures

_____________________ for securing systems include: Protecting elevated access roles: Secure powerful accounts (like "Administrator" in Windows, # prompts in Cisco, or root (/) in Linux) because they have control over the whole system. Building strong, layered defenses: Use multiple security layers to make it harder for attackers to breach your system (like firewalls, passwords, and encryption working together). Maintaining control: Always know and manage what's happening in your system (command and control). However, even with all precautions, complete security cannot be guaranteed.

Pretty Good Privacy, 1990s

______________________ (PGP) was developed in the late ________ by Phil Zimmerman, a professor at MIT. It is a package of cryptographic tools for use with email and includes encryption and decryption, digital signature generation and verification, and key management services.

Open Authorization

_______________________ (OAuth) allows third-party services to exchange your information without you having to give away your password.

man-in-the-middle (MITM), SSL

_______________________ Attacks are what they sound like, but the results can be disastrous - personal information can be captured in real-time. ___________ (Secure Sockets Layer) protects against this...mostly

Trampolining

is a sneaky trick hackers use during a stack buffer overflow attack: The attacker finds a way to point to a specific location in the program's memory (the vulnerable buffer). They calculate where their malicious code (shellcode) is stored relative to that location. Instead of jumping directly to their malicious code, they use an existing instruction already in the program's memory to make a second jump, which then lands on their shellcode. This two-step jumping method helps avoid detection and makes use of already available instructions in the program or system memory. Tools like Metasploit make it easier for attackers by providing pre-collected lists of these useful instructions (for example, in Windows systems).