Software Development Security Flashcards
Scanner
A program that identifies known viruses and removes the viruses or repairs infected objects.
Heuristic Scanner
A program that intelligently analyzes unknown code to identify suspicious commands and code sections
Activity Monitor
A program that monitors systems and programs for suspicious activity.
Change detection software
A program that stores baseline system information and then periodically checks for suspicious changes from the baseline values.
What are 2 countermeasures for a brute force attack?
Implement strict access controls
keep password length to a minimum of 8 characters
Code that a specific event triggers and that destroys data stored on a system’s hard disk
logic bomb
Code that may simultaneously attack the book sector and the executable files of a system
virus
Code embedded in a program and often used to promote backdoor attacks to access system resources
trojan
Rapidly replicating code that takes control of a system consuming vital network resources
worm
What is the purpose of software forensics in protecting system and data security?
To analyze code for characteristics of authorship and intent used as evidence against attackers and to minimize damage in future attacks.
What characteristics of current software development make information security difficult?
Complexity of modern applications
increased sharing of code and other resources
Low level languages
first and second generation languages
High level languages
third through fifth generation
When programming with high level languages, which factors can contribute to security weaknesses?
Automatic memory allocation and deallocation
A security management system with limited options
Define hackers
individuals or organizations who attempt to gain unauthorized access to information systems and network resources
Define crackers
individuals or organizations who break into computer systems by breaching security. Often a crackers motive is altruistic.
What are the 6 types of DoS attacks?
smurf and fraggle SYN flood teardrop distributed DoS DNS DoS Cache poisoning
Define smurf attack
sends ICMP packets to multiple computers which in turn reply to the single computer
Define fraggle attack
smurf attack which uses UDP instead of ICMP
Defenses against smurf and fraggle attacks
setup a firewall to block all broadcast and ICMP messages
configure all computers to drop ICMP messages
turn off the directed broadcast capability of the router
implement an IDS
Install latest patches
Define SYN flood attack
Waged by not sending the final ACK message
Defenses against a SYN flood attack
setup a firewall to limit the number of connection requests
implement and IDS
use SYN cookies to avoid the allocation of resources to half opened connections
install latest patches
Define teardrop attack
exploits bug in OS routine to reassemble fragmented packets
Defenses against teardrop attack
merge all fragmented packets in a full packet before routing them to the target system
Implement IDS to detect fragmented packets