Threats & Vulnerabilities

Question 1

Denial of service

Answer 1

• Force a service to fail - Overload the service

• Take advantage of a design failure or vulnerability
• Keep your systems patched!
• Cause a system to be unavailable
• Competitive advantage
• Create a smokescreen for some other exploit
• Precursor to a DNS spoofing attack

• Doesn’t have to be complicated - Turn off the powe

Question 2

A “friendly” DoS

Answer 2

• Unintentional DoSing
• It’s not always a ne’er-do-well

• Network DoS - Layer 2 loop without STP

• Bandwidth DoS
• Downloading multi-gigabyte
Linux distributions over a DSL line

• The water line breaks - Get a good shop vacuum

Question 3

Distributed Denial of Service (DDoS)

Answer 3

• Launch an army of computers to bring down a
service
• Use all the bandwidth or resources - traffic spike

• This is why the bad guys have botnets
• Thousands or millions of computers at your
command
• At its peak, Zeus botnet infected over 3.6 million PCs
• Coordinated attack

• The attackers are zombies
• Many people have no idea they are
participating in a botnet

Question 4

Zero-day attacks

Answer 4

• Zero-day
• The vulnerability has not been detected or published
• Zero-day exploits are increasingly common

Question 5

Man-in-the-Middle

Answer 5

• How can a bad guy watch
without you knowing?
• Man-in-the-middle

• Redirects your traffic
• Then passes it on to the destination
• You never know your traffic was redirected

• ARP poisoning - ARP has no security

Question 6

Mitigating man-in-the-middle

Answer 6

• Use encrypted protocols
• HTTPS, SSH
• Communicate over a secure channel
• Client-based VPN
• Use encrypted wireless networks
• Avoid insecure networks
• Public WiFi, Hotels

Question 7

Brute Force Attacks

Answer 7

• The password is the key
• Secret phrase
• Stored hash

• Brute force attacks - Online
 • Keep trying the login process
 • Very slow
 • Most accounts will lockout after a
    number of failed attempts

• Brute force the hash - Offline
 • Obtain the list of users and hashes
 • Calculate a password hash,
    compare it to a stored hash
 • Large computational resource requirement

Question 8

Dictionary attacks

Answer 8

• People use common words as passwords
• You can find them in the dictionary

• If you’re using brute force, you should start with the
easy ones
• 123456, password, ninja, football

• Many common wordlists available on the ‘net
• Some are customized by language or line of work

• This will catch the low-hanging fruit
• You’ll need some smarter attacks for the smarter
people

Question 9

Rainbow tables

Answer 9

• An optimized, pre-built set of hashes
• Doesn’t need to contain every hash
• The calculations have already been done
• Remarkable speed increase
• Especially with longer password lengths
• Need different tables for different hashing methods
• Windows is different than MySQL
• Rainbow tables won’t work with salted hashes
• Additional random value added to the original hash

Question 10

Spoofing

Answer 10

• Pretend to be something you aren’t
• Fake web server, fake DNS server, etc.

• Email address spoofing
• The sending address of an email isn’t really the
sender

• Caller ID spoofing
• The incoming call information is completely fake

• Man-in-the-middle attacks
• The person in the middle of the conversation
pretends to be both endpoints

Question 11

MAC spoofing

Answer 11

• Your Ethernet device has a MAC address
• A unique burned-in address
• Most drivers allow you to change this

• Changing the MAC address can be legitimate
• Internet provider expects a certain MAC address
• Certain applications require a particular MAC
address

• It might not be legitimate
• Circumvent MAC-based ACLs
• Fake-out a wireless address filter
• Very difficult to detect
• How do you know it’s not the original device?

Question 12

What kind of general term is used to describe the process of securing a computer system?

Answer 12

Hardening

Question 13

Which of the following answers refers to the contents of a rainbow table entry?

Answer 13

Hash/Password

Question 14

Removing Malware

Answer 14

1. Identify malware symptoms
2. Quarantine infected systems
3. Disable System Restore
   4a. Remediate: Update anti-virus
   4b. Remediate: Scan and remove
4. Schedule scans and run updates
5. Enable System Protection
6. Educate the end use