ch15

Question 1

computer system is attacked for one of two general reasons:

Answer 1

1. Specifically targeted by an attacker –
   * Attacker chose the target not because of the hardware or software the organization is running, but
   for another reason, such as a political reason.
2. A target of opportunity.
   * launched against a site that has hardware or software that is vulnerable to a specific exploit.

Question 2

Minimizing Possible Avenues of Attack:

Answer 2

• By understanding the steps an attacker can take, you can limit the exposure of your
  system and minimize the possible avenues an attacker can exploit.
• By limiting the number of services that are running on the system (to provides two
  safeguards: it limits the possible avenues of attacks, and it reduces the number of
  services the administrator has to worry about patching in the first place).
• By limiting public disclosure of private information about your organization and its
  computing resources.

Question 3

Malicious code (Malware)

Answer 3

refers to software that has been designed for some nefarious purpose.
- Malware include viruses, trojan horses, logic bombs, spyware, and worms, and ransomware.

Question 4

Multipartite

Answer 4

When malware has multiple different objects that it specifically
attacks.

Question 5

Polymorphic

Answer 5

Many types of malware can include a changing encryption layer to
resist pattern-matching detection.

Question 6

Metamorphic

Answer 6

If the malware actually changes the code at the time of infection

Question 7

Types of Malicious Software

Answer 7

1. Ransomware
2. Trojan Horses
3. Worms
4. Viruses
5. Botnets
6. Logic Bombs
7. Spyware
8. Adware
9. Rootkit
10. Backdoors and Trapdoors

Question 8

Ransomware

Answer 8

• Ransomware is a form of malware that locks the user out of their files
  or even the entire device until an online ransom payment is made to
  restore access.
• In most cases, the best solution is to have a complete and accurate
  backup available to recover the lost files.

Question 9

Trojan Horses

Answer 9

A trojan horse, or simply trojan, is a piece of software that appears to
do one thing (and may, in fact, actually do that thing) but hides some
other functionality.

Question 10

Worms

Answer 10

• Worms are pieces of code that attempt to penetrate networks and
  computer systems. Once a penetration occurs, the worm will create a new
  copy of itself on the penetrated system.

Question 11

Viruses

Answer 11

• A virus is a piece of malicious code that replicates by attaching itself to
  another piece of executable code. When the other executable code is run,
  the virus also executes and has the opportunity to infect other files and
  perform any other nefarious actions it was designed to do.

Question 12

Botnets

Answer 12

• Hackers create armies of machines by installing malware agents on the
  machines, which then are called zombies.
• These collections of machines are called botnets.
• These zombie machines are used to conduct other attacks and to spread
  spam and other malware.

Question 13

Logic Bombs

Answer 13

• Logic bombs are a type of malicious software that is deliberately installed
  by an authorized users and, in particular, by administrators who are also
  often responsible for security.
• A logic bomb is a piece of code that sits dormant for a period of time until
  some event invokes its malicious payload.

Question 14

Spyware

Answer 14

• Spyware is software that “spies” on users, recording and reporting on their
  activities. Typically installed without user knowledge.
• Spyware can perform a wide range of activities:
• It can record keystrokes (keylogging) when the user logs in to specific
  websites.
• It can monitor how a user uses a specific piece of software (for example,
  monitoring attempts to cheat at games).

Question 15

Adware

Answer 15

• Software that is supported by advertising is called adware.
• Adware can also refer to a form of malware that is characterized by
  software that presents unwanted ads.

Question 16

Rootkit

Answer 16

• Rootkits are a form of malware that is specifically designed to modify the
  operation of the operating system in some fashion to facilitate nonstandard
  functionality.
• Rootkits modify the operating system kernel and supporting functions.
• Rootkits are designed to avoid the security functions of the operating system.

Question 17

Backdoors and Trapdoors

Answer 17

• Backdoors are methods used by software developers to ensure that they can gain
  access to an application even if something were to happen in the future to
  prevent normal access methods.
• Also, Backdoor refers to programs that attackers install after gaining unauthorized
  access to a system to ensure that they can continue to have unrestricted access
  to the system, even if their initial access method is discovered and blocked.

Question 18

Malware in all forms—virus, worm, spyware, botnet, and so on—can
be defended against by following these simple steps:

Answer 18

** check p10
* Use an antivirus/anti-malware program.
* Keep your software up to date.

Question 19

Attacks on computer systems and networks can be grouped into two
broad categories:

Answer 19

• Attacks on specific software such as an application or the
  operating system (which are generally possible because of a defect
  in the design or implementation of the software).
• Attacks on a specific protocol or service (which attempts to take
  advantage of a specific feature of the protocol or service or to use
  the protocol or service in a manner for which it was not intended).

Question 20

Types of Computer and Network Attack

Answer 20

1. Denial-of-Service Attacks (DoS Attack)
2. Sniffing
3. Spoofing
4. TCP/IP Hijacking (Session Hijacking)
5. Man-in-the-Middle Attacks

Question 21

Denial-of-Service Attacks (DoS Attack)

Answer 21

is an attack designed to prevent a system or service from functioning normally.
- In a DoS attack, the attacker attempts to deny authorized users access
either to specific information or to the computer system or network itself.
* This can be accomplished by crashing the system—taking it offline—or by sending so
many requests that the machine is overwhelmed.

Question 22

DOS Examples:

Answer 22

1. SYN Flood: a website gets a lot of attention in a very short amount of time)​
2. Distributed Denial-of-Service (DDoS): Dozens or even hundred of computers
   (known as zombies) are compromised, loaded with DOS attack software, and then
   remotely activated by the hacker to conduct a coordinated attack.
3. Smurf​: attacker sends a spoofed packet to the broadcast address for a network,
   which distributes the packet to all systems on that network.

Question 23

To defend against DoS attacks:

Answer 23

• Make sure that you have applied the latest patches and
  upgrades to your systems and the applications running
  on them.
• Change the timeout option for TCP connections so that
  attacks such as the SYN flooding attack are more difficult
  to perform, because unused connections are dropped
  more quickly.
• Distribute your own workload across several systems so
  that any attack against your system would have to target
  several hosts to be completely successful.
• To prevent a DDoS attack, you must either be able to
  intercept or block the attack messages or keep the DDoS
  network from being established in the first place.

Question 26

A network sniffer

Answer 26

is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media.

Question 27

The sniffer device can be used to:

Answer 27

The sniffer device can be used to: * view all traffic. * target a specific protocol, service, or even string of characters (looking for logins, for example). * modify network traffic.

Question 28

Network sniffers can be used by:

Answer 28

* Network Administrators to monitor network performance. * i. e. traffic analysis, network bandwidth analysis, troubleshoot certain problems like finding duplicate MAC addresses * Attackers to gather information that can be used in penetration attempts. * i.e. Username and password, content of email messages,

Question 29

Spoofing

Answer 29

is making data look like it has come from a different source. 1. E-mail Spoofing: a message is sent with a From address that differs from that of the sending system. 2. IP Address Spoofing: IP is designed to work so that the originators of any IP packet include their own IP address in the From portion of the packet. Although this is the intent, nothing prevents a system from inserting a different address in the From portion of the packet. 3. MAC Spoofing: MAC spoofing is the act of changing a MAC address to bypass security checks based on the MAC address.

Question 30

TCP/IP Hijacking (Session Hijacking)

Answer 30

refers to the process of taking control of an already existing session between a client and a server.

Question 33

advantage to an attacker of hijacking

Answer 33

** check p16 attacker doesn't have to circumvent any authentication mechanisms since the targeted user has already authenticated and established the session.

Question 34

Man-in-the-Middle Attacks

Answer 34

* Generally occurs when attackers are able to place themselves in the middle of two other hosts that are communicating. * The attacker can then observe all traffic before relaying it and can actually modify or block traffic. * To the target host, it appears that communication is occurring normally, since all expected replies are received.

Question 35

Advanced Persistent Threat (APT)

Answer 35

** check p18 * APT is a method of attack that primarily focuses on stealth and continuous presence on a system. * Techniques are then employed to develop backdoors and multiple account access routes. * The skill level of the attackers is typically exceedingly high, and their aim is to completely own a system without being detected.

Question 36

Types of Password Attacks

Answer 36

1. Password Guessing 2. Poor Password Choices 3. Spraying 4. Dictionary Attacks 5. Brute Force Attack 6. Rainbow Table

Question 37

Password Guessing

Answer 37

* People tend to pick things easy to remember and also reuse these secrets. This makes the password guessing attack possible. * If a site has a leak of password data and users have reused a password, attackers can start with disclosed passwords associated with data breaches and many times can guess a password.

Question 38

Poor Password Choices

Answer 38

* The attacker simply attempting to guess the password of an authorized user of the system or network. * People pick simple passwords that they can remember (e.g., birthday, father’s name) which makes password guessing very simple

Question 39

Spraying

Answer 39

* Password spraying is an attack that uses a limited number of commonly used passwords and applies them to a large number of accounts.

Question 40

Dictionary Attacks

Answer 40

* Uses a list of dictionary words to try to guess the password. * Can employ a variety of methods to crack passwords, including using variations on the user ID.

Question 41

Brute Force Attack

Answer 41

* The password-cracking program attempts all possible character combinations. * The length of the password and the size of the set of possible characters in the password will greatly affect the time a brute force attack will take.

Question 42

Rainbow Table

Answer 42

* Rainbow tables are precomputed tables or hash values associated with passwords. * Using rainbow tables can change the search for a password from a computational problem to a lookup problem. * The best defense against rainbow tables is salted hashes. * A salt is merely a random set of characters designed to increase the length of the item being hashed, effectively making rainbow tables too big to compute