Threats and Attacks Flashcards

1
Q

What type of security threats and attacks are there?

A
  • Unintentional
  • Intentional
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some examples of unintentional threats and attacks?

A
  • Coding faults
  • Operational faults
  • Environmental faults
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some examples of intentional security threats and attacks?

A

(Malicious code)
- Trojan horses
- Trap doors
- Viruses
- Worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is physical security?

A

It’s when we restrict access to an object by physical means.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why is it bad to neglect physical security?

A

This can undermine other security mechanisms that protect a system. Pointless to have a good file-protection system if the hardware the file is stored on is easily accessible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are is a human factor that contribute to weak security?

A

Users can undermine system security through their naivete, laziness or dishonesty.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is program security?

A

A set of conditions that programs that run on a computer are:
- written correctly
- installed and configured properly
- used in the way they were intended
- properly behaved (malicious code)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some examples of malicious code?

A
  • Trojan horses
  • Traps doors
  • viruses
  • worms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are trojan horses?

A

A trojan horse is a program that is disguised as legitimate program but secretly has a malicious feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a root kit?

A

A collection of Trojan Horse programs that replace a range of system utility programs. With the goal to secretly take over a users system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a trap door?

A

Flaws that designers place in programs so that specific security checks are not performed under certain circumstances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a virus?

A

A fragment of code created to spread copies of itself to other programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does a virus require to spread?

A

A host (typically a program)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the goal of a virus?

A

To spread and infect as many hosts as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can viruses also do apart from spread?

A

They may have added malicious instructions that are run every time the viruses code is executed, such as deleting files or killing other running programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do you detect for viruses?

A

Virus scanning programs check files for signatures of know viruses.

17
Q

What is a virus signature?

A

Some unique fragment of code from the virus that appears in every infected file.

18
Q

What are polymorphic viruses?

A

Viruses that change their appearance each time they infect a new file.

19
Q

What is a worm?

A

A stand-alone program that can replicate itself and spread.

20
Q

What is the difference between a worm and a virus?

A

A worm remains on a single machine whereas viruses spreads from host to host, network to network.

21
Q

What is buffer overflow attack?

A

Put more data into a variable than the space has to hold, making it leak out and overwriting other data.

22
Q

What is the result of a buffer overflow attack?

A

Alteration of data or execution of arbitrary code.

23
Q

What are digital signatures?

A

Digital signatures are cryptographic techniques used to provide authenticity, integrity, and non-repudiation for digital messages or documents

24
Q

Describe digital signatures authentication property:

A

Authentication verifies the identity of the user. Ensuring the origin of the signed message is legit and can be trusted.

25
Q

Describe the integrity property of digital signatures:

A

Digital signatures ensure integrity of the signed data. Integrity ensures that the content of the message has not been tampered with.

26
Q

Describe the non-repudiation property of digital signatures:

A

Non-repudiation prevents the signer from denying their involvement of the signed message. Crucial in legal and business contexts.

27
Q

What is Cross Site Scripting (XSS)?

A

Attacker injects client-side scripts into web pages viewed by other users.

28
Q

Give an overview of the XSS procedure:

A
  1. Attack discovers website vulnerability allowing script injections
  2. Attack injects website with a malicious script that steals visitor’s session cookies
  3. For each visit the malicious script is activated
  4. Visitor’s session cookie send to attacker.
29
Q

What is Cross-Site Request Forgery (CSRF)?

A

An attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated

30
Q

What is phishing attacks?

A

The attempt to obtain sensitive information for malicious reasons by disguising themselves as a trustworthy entity in electronic communication

31
Q

What are various forms of phishing attacks?

A
  • Spear
  • Clone
  • Phone
32
Q

What is a spear phishing attack?

A

Attackers gather personal information about their target to increase their probability of success

33
Q

What is a clone phishing attack?

A

Attacks clone an earlier legitimate email and alter

34
Q

What is a phone phishing attack?

A

Attacker attempts to get user to call a number and then enter sensitive data

35
Q

What is a distrusted denial-of-service (DDoS) attack?

A

When an attacker tries to temporarily or permanently disrupt a service provided by a host, by making thousands of legitimate requests.