Threats, Attacks, and Vulnerabilities
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Know the characteristics and types of viruses used to disrupt systems and networks.
Several different types of viruses are floating around today. The most common ones are polymorphic viruses, stealth viruses, retroviruses, multipartite viruses, and macro viruses.
- Threats, Attacks, and Vulnerabilities - spyware
Software programs that work—often actively—on behalf of a third party.
- Threats, Attacks, and Vulnerabilities - ransomware
Software that demands payment before restoring the data or system infected.
- Threats, Attacks, and Vulnerabilities - adware
Software that gathers information to pass on to marketers or that intercepts personal data such as credit card numbers and makes it available to third parties.
- Threats, Attacks, and Vulnerabilities - antivirus software
Software that identifies the presence of a virus and is capable of removing or quarantining the virus
- Threats, Attacks, and Vulnerabilities - scareware
Software that tries to convince unsuspecting users that a threat exists.
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Know how a spoofing attack occurs.
Spoofing attacks occur when a user or system masquerades as another user or system. Spoofing allows the attacker to assume the privileges and access rights of the real user or system.
- Threats, Attacks, and Vulnerabilities - rogueware
A form of malware that tries to convince the user to pay for a fake threat.
- Threats, Attacks, and Vulnerabilities - multipartite virus
A virus that attacks a system in more than one way.
- Threats, Attacks, and Vulnerabilities - Which type of attack denies authorized users access to network resources? A. DoS B. Worm C. Logic bomb D. Social engineering
A. A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.
- Threats, Attacks, and Vulnerabilities - Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred? A. Logic bomb B. Worm C. Virus D. ACK attack
A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.
- Threats, Attacks, and Vulnerabilities - An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? A. Man-in-the-middle attack B. Backdoor attack C. Worm D. TCP/IP hijacking
A. A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end.
- Threats, Attacks, and Vulnerabilities - You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to? A. Armored virus B. Malevolent virus C. Worm D. Stealth virus
A. An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.
- Threats, Attacks, and Vulnerabilities - An attacker has placed an opaque layer over the Request A Catalog button on your web page. This layer tricks visitors into going to a form on a different website and giving their contact information to another party when their intention was to give it to you. What type of attack is this known as? A. Clickjacking B. Man-in-the-middle C. XSRF D. Zero-day
A. Clickjacking involves an attacker using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they were intending to click the top-level page.
- Threats, Attacks, and Vulnerabilities - Karl from Accounting is in a panic. He is convinced that he has identified malware on the servers—a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and yet still displays back the user's intended transaction. What type of attack could he have stumbled on? A. Man-in-the-browser B. Man-in-the-castle C. Man-in-the-code D. Man-in-the-business
A. Man-in-the-browser is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms yet still displaying back the user's intended transaction.
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Be able to describe the various types of attacks to which your systems are exposed.
Your network is vulnerable to DoS attacks caused by either a single system or multiple systems. Multiple system attacks are called DDoS. Your systems are also susceptible to access, modification, and repudiation attacks.
- Threats, Attacks, and Vulnerabilities - Xmas attack
An advanced attack that tries to get around detection and send a packet with every single option enabled.
- Threats, Attacks, and Vulnerabilities - DNS poisoning
An attack method in which a daemon caches DNS reply packets, which sometimes contain other information (data used to fill the packets). The extra data can be scanned for information useful in a break-in or man-in-the-middle attack.
- Threats, Attacks, and Vulnerabilities - zero-day exploit
An attack that begins the very day an exploit is discovered.
- Threats, Attacks, and Vulnerabilities - replay attack
An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection.
spoofing
An attempt by someone or something to masquerade as someone/something else.
- Threats, Attacks, and Vulnerabilities - malicious code
Any code that is meant to do harm.
- Threats, Attacks, and Vulnerabilities - password attacks
Attempting to ascertain a password that you should not know.
- Threats, Attacks, and Vulnerabilities - Pass-the-hash attacks take advantage of a weak encryption routine associated with which protocols? A. NetBEUI and NetBIOS B. NTLM and LanMan C. Telnet and TFTP D. Chargen and DNS
B. Pass-the-hash attacks take advantage of a weak encryption routine associated with NTLM and LanMan protocols.
- Threats, Attacks, and Vulnerabilities - The command monlist can be used with which protocol as part of an amplification attack? A. SMTP B. NTP C. SNMP D. ICMP
B. The command monlist can be used with an NTP amplification attack to send details of the last 600 people who requested network time.
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Be able to describe the methods used to conduct a backdoor attack.
Backdoor attacks occur using either existing maintenance hooks or developmental tools to examine the internal operations of a program. These hooks are usually removed when a product is prepared for market or production. Backdoor attacks also refer to inserting into a machine a program or service that allows authentication to be bypassed and access gained.
- Threats, Attacks, and Vulnerabilities - You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Man-in-the-middle attack B. Backdoor attack C. Replay attack D. TCP/IP hijacking
C. A replay attack attempts to replay the results of a previously successful session to gain access.
- Threats, Attacks, and Vulnerabilities - An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? A. DoS B. DDoS C. Backdoor D. Social engineering
C. In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.
- Threats, Attacks, and Vulnerabilities - The new head of software engineering has demanded that all code be tested to identify the design flow and then modified, as needed, to clean up routines without changing the code's visible behavior. What is this process known as? A. Straightening B. Sanitizing C. Refactoring D. Uncluttering
C. Refactoring involves testing to identify the design flow and then modifying, as needed, to clean up routines without changing the code's visible behavior.
- Threats, Attacks, and Vulnerabilities - What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A. Patch infiltration B. XML injection C. Session hijacking D. DTB exploitation
C. Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.
- Threats, Attacks, and Vulnerabilities - With which of the following is the DNS server given information about a name server that it thinks is legitimate when it isn't? A. DNS tagging B. DNS kiting C. DNS poisoning D. DNS foxing
C. With DNS poisoning, also known as DNS spoofing, the DNS server is given information about a name server that it thinks is legitimate when it isn't.
- Threats, Attacks, and Vulnerabilities - typo squatting
Creating domains that are based on the misspelling of another.
- Threats, Attacks, and Vulnerabilities - Which of the following is a small library that is created to intercept API calls transparently? A. Chock B. Wedge C. Refactor D. Shim
D. A shim is a small library that is created to intercept API calls transparently.
- Threats, Attacks, and Vulnerabilities - What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? A. SQL tearing B. SQL manipulation C. SQL cracking D. SQL injection
D. SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.
- Threats, Attacks, and Vulnerabilities - It has been brought to your attention that a would-be attacker in Indiana has been buying up domains based on common misspellings of your company's name with the sole intent of creating websites that resemble yours and prey on those who mistakenly stumble onto these pages. What type of attack is this known as? A. Watering hole B. Poisoned well C. Faulty tower D. Typo squatting
D. Typo squatting involves creating domains that are based on the misspelling of another.
- Threats, Attacks, and Vulnerabilities - When a hole is found in a web browser or other software, and attackers begin exploiting it before the developer can respond, what type of attack is it known as? A. Polymorphic B. Xmas C. Malicious insider D. Zero-day
D. When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one to-two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack.
- Threats, Attacks, and Vulnerabilities - Which of the following involves unauthorized commands coming from a trusted user to the website? A. ZDT B. HSM C. TT3 D. XSRF
D. XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some type of social networking to pull it off.
- Threats, Attacks, and Vulnerabilities - watering hole attack
Identifying a site that is visited by those whom they are targeting, poisoning that site, and then waiting for the results.
- Threats, Attacks, and Vulnerabilities - IP spoofing
Making the data look as if it came from a trusted host when it didn't (thus spoofing the IP address of the sending host).
- Threats, Attacks, and Vulnerabilities - rootkit
Software program that has the ability to obtain root-level access and hide certain things from the operating system.
- Threats, Attacks, and Vulnerabilities - Domain Name System (DNS)
The network service used in TCP/IP networks that translates hostnames to IP addresses.
- Threats, Attacks, and Vulnerabilities - distributed denial-of-service (DDoS)
A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target to reduce its availability to the public. This can be accomplished through the use of compromised systems, botnets, and other means.
- Threats, Attacks, and Vulnerabilities - cross-site request forgery (XSRF)
A form of web-based attack in which unauthorized commands are sent from a user that a website trusts.
- Threats, Attacks, and Vulnerabilities - ping of death
A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host's buffer. A ping of death usually causes the remote host to reboot or hang.
- Threats, Attacks, and Vulnerabilities - least privilege
A permission method in which users are granted only the privileges necessary to perform their job function.
- Threats, Attacks, and Vulnerabilities - virus
A program intended to damage a computer system.
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Be able to describe a replay attack.
A replay attack captures information from a previous session and attempts to resend it to gain unauthorized access. This attack is based on the premise that if it worked once, it will work again. This is especially effective in environments where a user ID and password are sent in the clear across a large network.
- Threats, Attacks, and Vulnerabilities - shim
A small library that is created to intercept API calls transparently.
- Threats, Attacks, and Vulnerabilities - macro virus
A software exploitation virus that works by using the macro feature included in many applications, such as Microsoft Office.
- Threats, Attacks, and Vulnerabilities - malicious insider threat
A threat from someone inside the organization intent on doing harm.
- Threats, Attacks, and Vulnerabilities - denial-of-service (DoS)
A type of attack that prevents any users —even legitimate ones—from using a system.
- Threats, Attacks, and Vulnerabilities - buffer overflow
A type of denial-of-service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it (as the name implies).
- Threats, Attacks, and Vulnerabilities - retrovirus
A virus that attacks or bypasses the antivirus software installed on a computer.
stealth virus
A virus that attempts to avoid detection by masking itself from applications.
- Threats, Attacks, and Vulnerabilities - companion virus
A virus that creates a new program that runs in the place of an expected program of the same name.
- Threats, Attacks, and Vulnerabilities - armored virus
A virus that is protected in a way that makes disassembling it difficult. The difficulty makes it "armored" against antivirus programs that have trouble getting to, and understanding, its code.
- Threats, Attacks, and Vulnerabilities - phage virus
A virus that modifies and alters other programs and databases.
- Threats, Attacks, and Vulnerabilities - Address Resolution Protocol (ARP) poisoning
An attack that convinces the network that the attacker's MAC (Media Access Control) address is the one associated with an allowed address so that traffic is wrongly sent to attacker's address.
- Threats, Attacks, and Vulnerabilities - man-in-the-middle
An attack that occurs when someone/something that is trusted intercepts packets and retransmits them to another party. Man-in-the-middle attacks have also been called TCP/IP hijacking in the past.
- Threats, Attacks, and Vulnerabilities - polymorphic
An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to the viruses.
- Threats, Attacks, and Vulnerabilities - bot
An automated software program (network robot) that collects information on the web. In its malicious form, a bot is a compromised computer being controlled remotely.
- Threats, Attacks, and Vulnerabilities - backdoor
An opening left in a program application (usually by the developer) that allows additional access to data. Typically, a backdoor is created for debugging purposes and is not documented. Before the product ships, the backdoors are closed; when they aren't closed, security loopholes exist.
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Be able to describe how antivirus software operates.
Antivirus software looks for a signature in the virus to determine what type of virus it is. The software then takes action to neutralize the virus based on a virus definition database. Virus definition database files are regularly made available on vendor sites.
- Threats, Attacks, and Vulnerabilities - Trojan horse
Any application that masquerades as one thing in order to get past scrutiny and then does something malicious. One of the major differences between Trojan horses and viruses is that Trojan horses tend not to replicate themselves.
- Threats, Attacks, and Vulnerabilities - logic bomb
Any code that is hidden within an application and causes something unexpected to happen based on some criteria being met. For example, a programmer could create a program that always makes sure her name appears on the payroll roster; if it doesn't, then key files begin to be erased.
- Threats, Attacks, and Vulnerabilities - zombie
Any system taking directions from a master control computer. Zombies are often used in distributed denial of-service (DDoS) and botnet attacks.
- Threats, Attacks, and Vulnerabilities - attack
Any unauthorized intrusion into the normal operations of a computer or computer network. The attack can be carried out to gain access to the system or any of its resources.
- Threats, Attacks, and Vulnerabilities - As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DoS B. DDoS C. Worm D. UDP attack
B. A DDoS attack uses multiple computer systems to attack a server or host in the network.
- Threats, Attacks, and Vulnerabilities - What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? A. Trojan horse virus B. Stealth virus C. Worm D. Polymorphic virus
B. A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Be able to describe a man-in-the-middle attack.
Man-in-the-middle attacks are based on the principle that a system can be placed between two legitimate users to capture or exploit the information being sent between them. Both sides of the conversation assume that the man in the middle is the other end and communicate normally. This creates a security breach and allows unauthorized access to information.
- Threats, Attacks, and Vulnerabilities - attack surface reduction (ASR)
Minimizing the possibility of exploitation by reducing the amount of code and limiting potential damage.
- Threats, Attacks, and Vulnerabilities - ARP spoofing
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.
- Threats, Attacks, and Vulnerabilities - NOTE: An older term generically used for all man-in-the-middle attacks is TCP/IP hijacking.
NOTE: An older term generically used for all man-in-the-middle attacks is TCP/IP hijacking.
- Threats, Attacks, and Vulnerabilities - NOTE: The best defense against a virus attack is up-to-date antivirus software that is installed and running. The software should be on all workstations as well as the server. A whitelist of allowed applications should also be created and adhered to.
NOTE: The best defense against a virus attack is up-to-date antivirus software that is installed and running. The software should be on all workstations as well as the server. A whitelist of allowed applications should also be created and adhered to.
- Threats, Attacks, and Vulnerabilities - Address Resolution Protocol (ARP)
Protocol used to map known IP addresses to unknown physical addresses.
- Threats, Attacks, and Vulnerabilities - integer overflow
Putting too much information into too small of a space that has been set aside for numbers.
- Threats, Attacks, and Vulnerabilities - URL hijacking
Registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
- Threats, Attacks, and Vulnerabilities - cross-site scripting (XSS)
Running a script routine on a user's machine from a website without their permission.
- Threats, Attacks, and Vulnerabilities - DNS spoofing
The DNS server is given information about a name server that it thinks is legitimate when it isn't.
- Threats, Attacks, and Vulnerabilities - dictionary attack
The act of attempting to crack passwords by testing them against a list of dictionary words.
- Threats, Attacks, and Vulnerabilities - attack surface
The area of an application that is available to users—those who are authenticated and, more importantly, those who are not.
- Threats, Attacks, and Vulnerabilities - least privilege policy
The policy of giving a user only the minimum permissions needed to do the work that must be done.
- Threats, Attacks, and Vulnerabilities - privilege escalation
The result when a user obtains access to a resource that they wouldn't normally be able to access. Privilege escalation can be done inadvertently by running a program with Set User ID (SUID) or Set Group ID (SGID) permissions or by temporarily becoming another user (via su or sudo in Unix/Linux or RunAs in Windows). It can also be done purposefully by an attacker seeking full access.
- Threats, Attacks, and Vulnerabilities - Exam Essentials: Be able to explain the characteristics of Trojan horses and logic bombs.
Trojan horses are programs that enter a system or network under the guise of another program. Logic bombs are programs or snippets of code that execute when a certain predefined event occurs.
- Threats, Attacks, and Vulnerabilities - clickjacking
Using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page.