• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/20

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

20 Cards in this Set

  • Front
  • Back

Attack Vector

1. Path or means which a hacker can gain access to a computer in order to deliver a payload of malicious outcome.

Hacker vs Cracker

1. Hacker: A person who enjoys exploring the details of a programmable system and how to stretch their capabilities.


2. Cracker: Someone whose purpose is to circumvent or break security measures. Can be good or bad. White Hat = Good, Black hat = bad.

What is an attack?

1. Motive (Goal) + Method + Vulnerability


2. Motive = Reason, Method = Techinque

Network Threats

1. Information Gathering: By using tools to force application to leak information.


2. Sniffing: Capture data packets over a network.


3. Spoofing: Impersonating as another to gain access to data.


4. Man in the Middle: A person in the middle relays or alters communication between two parties.

Host Threats
1. Malware: Umbrella term used for intrusive software (Worms, viruses, trojan horses, ransomware)

2. Footprinting: To learn as much as you can about a computer system (OS version, software running etc) to find holes in security.


3. Arbitrary code execution: Ability to execute any command of the attackers choice on a target machine.

Application Threats

1. Input Validation: is the correct testing of any input that is supplied by something else.


2. Security Misconfiguration: When security settings are defined, implemented, and maintained as defaults.

What is Malware?

1. Software specifically designed to Damage, disrupt or infiltrate a system.


2. Written to take advantage of a known vulnerability.


3. Origin 1980s

Malicious Software Categories

1. Virus, passive propagation(Requires execution) and needs a host.


2. Worm, active propagation(Self execution)


3. Trojan Horse, Software with hidden functionality(Adware/Spyware)


4. Backdoor, unauthorized access

Infectious Malware: Viruses

1. A small application or string of code which infects applications.


2. Primary function: To reproduce.


3. Requires a Host application.


4. Must be executed (By a computer process or user.)


5. Often targets: Boot Sector, Memory Resident, Applications, Compilers/debuggers.

Macro Virus

1. Written in a scripting language, such as VBScript, Javascript, MS Word Basic.


2. Can infect your system by opening documents such as a word document.


3. Macro viruses do not infect programs, they infect documents.


4. Examples of Macro Viruses, ILOVEYOU.

Compression Virus

1. Appends itself to an executable and compresses the file (e.g zip file)


2. When file is executed it decompresses usually causing the malicious code to execute.

Stealth Virus

1. Hides it's file modifications to avoid detection.


2. For example, after infection the file size is larger. The virus returns the original file size fooling virus scanners that rely on this method of scanning.

Infectious Malware: Worm

1. Is self contained application which does not require a host executable. Is self replicating.


2. Propagates via a network connection using application such as email and HTTP

Detection Types: Signature

1. Effective on "ordinary" malware.


2. Can be slow as signature files can be large. These must also be kept up to date.


3. Cannot detect unknown viruses.


4. Cannot detect advanced types of malware.

Detection Types: Change

1. Viruses must live somewhere, if you detect a file has changed it might have been infected.

2. Uses hash files to detect changes.


3. No false negatives but files change and they do often which causes many false alarms.

Detection Types: Anomely

1. Monitors system for anything unusual, e.g high network traffic when there usually isn't or CPU running at high all the time when it usually is not.


2. First must define a normal system and realise this may change over time.


3. Has a chance of detecting unknown malware but has no proven track record.

Polymorphic Vs Metamorphic Malware

1. Polymorphic frequently changes attack states, or uses different file names, hashes or signatures to hide its code. Is encrypted.


2. Metamorphic worm mutates before infecting a new system and is not encrypted

Flash Worm

1. Is a worm that is designed with pre-configured ip-addresses of vulnerable systems that allows immediate infection of all these systems.


2. It is said to be able to infect the entire Internet almost instantly if one created was capable of that.

How are vulnerabilities in software made?

1. Vulnerabilities result from poor programming practices.


2. Resulting from insufficient checking and validation of data and error codes.

Program Flaws

1. An error is a programming mistake.


2. The error may lead to incorrect state: fault


3. A fault may lead to a failure where a system departs from expected behavior. A failure is externally observable.