Ch7: Protecting Against Advanced Attacks Flashcards
Spoofing attacks
typically change data to impersonate another system or person
ARP poisoning attacks
attempt to mislead systems about the actual MAC address of a system. Sometimes used in MITM attacks
DNS poisoning attacks
attempt to corrupt DNS data
Amplification attacks
A type of DDoS attack that increases the amount of traffic sent to or requested from a victim and can be used against a wide variety of systems, including individual hosts, DNS servers, and NTP servers
Brute force attacks
Attempt to guess passwords by trying every combination. Online attacks guess the password of an online system. Offline attacks guess the password stored in a file, such as a database
Dictionary attacks
use a file of words and common passwords to guess a password
These protect against brute force attacks
Account lockout policies
These can help prevent dictionary attacks
Complex passwords
Pass the hash attack
attempts to use an intercepted hash to access an account
Salting
adds random text to passwords before hashing them and thwarts many password attacks, including rainbow table attacks
Hash collision
occurs when the hashing algorithm creates the same hash from different passwords
Birthday attacks
exploit collisions in hashing algorithms
To defeat replay attacks, use
timestamps and sequence numbers
Typo squatting/URL hijacking
Attackers purchase similar domain names. Users visit the typo squatting domain when they enter the URL incorrectly with a common typo
Session hijacking attack
attacker utlizes the user’s session ID to impersonate the user
Domain hijacking attack
attacker changes the registration of a domain name without permission from the owner
Buffer overflows
occur when a program receives more data than it can handle, or receives unexpected data that exposes the system memory
Buffer overflow attacks often include
nop sleds followed by malicious code. Input validation helps prevent buffer overflow attacks
Input validation protects against
buffer overflow, SQL injection, command injection, and cross-site scripting attacks
Error and exception handling helps
protect the integrity of the OS and controls the errors shown to users
When errors occur, applications should…
show generic errors to the users but log detailed information
Static vs dynamic code analysis
Static analysis examines the code without running it and dynamic analysis checks the code while it is running
Fuzzing
sends random strings of data to applications looking for vulnerabilities
Stress testing
verifies an application can handle a load
