Flashcards in Vol 2 Part 2: Security Services Deck (47)
THIS is anything that can be considered a weakness that can compromise something else
THIS is a means of taking advantage of a vulnerability to compromise something else
THIS is the actual potential to use an exploit IOT take advantage of a vulnerability
What do we call the measures we take in order to counteract threats?
Spoofing attacks involve an attacker spoofing what two items in order to gain unauthorized access to something?
IP Addresses and MAC addresses
This attack refers to an attacker looking to leave server resources depleted and unavailable?
Denial of Service Attack
During a DOS attack, the attacker opens up the *BLANK* connection, and then uses a fake address so that the server continues to send a *BLANK* expecting a reply of a *BLANK*
1. TCP Connection
An attacker can use a master computer and take control of other computers during a DOS attack, so that these other computers can take part in the DOS. What are these other computers referred to as, and what kind of attack is this known as?
bots, distributed denial of service (DDoS)
During a spoofing attack, the attacker uses a spoofed or "stolen" address. However, a reflection attack uses a *BLANK* instead of their own.
a legitimate host's address
What kind of attack involves packets being sent to a server and then the server sending a reply to a different host, the target.
An amplification attack differs from the reflection attack, because in an amplification attack, the attacker uses a protocol or service that does what with respect to the target host?
It sends a large volume of traffic
This kind of attack involves an attacker wedging themselves in between the communication path of two systems
Man in the middle
During a MitM attack, an attacker could be in between a host and a server without notice. What is this known as?
During a MitM attacker, the attacker will commonly reply as if it is the device the original host was trying to contact. The attacker sends an ARP reply last so that the ARP table on the source host points to the attacker's computer. This kind of attack is known as what?
ARP table poisoning
What command is used during a reconnaissance attack in order to reveal the owner of the domain and IP address space?
What two commands are used as a compliment during a reconnaissance attack in order to query DNS information to reveal domain owners, contact info, mail servers, and more?
whois and dig
This kind of attack involves sending a large amount of data to a device with the intent to fill up the memory and crashing the device?
Malicious software is also known as what?
A trojan horse involves the hiding of an executable file within what appears to be legitimate software. When the seemingly legitimate software is installed, the malware is installed as well. What is required in order for this to happen?
The user must open the file or software and execute it
This kind of malware propagates between systems more readily and must inject itself into another application, relying on user to transport the software to other victims. What is this malware known as, and how does it differ from a trojan horse?
A virus. It differs from a trojan horse as it is actual code that is hidden inside of software.
This kind of malware is self-propagating, replicating itself over and over without any user interaction
This kind of vulnerability is a more drastic approach of phishing. It involves the attacker modifying a DNS entry to a valid link, leading to a victim visiting a site via a link but getting sent to a malicious site instead of the legitimate one.
Explain the difference between the online and offline attack with regards to password vulnerabilities.
Online involve the attacker trying each time at the login prompt, offline occurs when an attacker obtains the password ahead of time
What is AAA and explain what each letter of the abbreviation means.
Authentication- who is the user
Authorization- what can they access or do
Accounting- where have they been and what have they done
An effective security program consists of three main items. What are they?
User awareness, user training, physical access control
The enable secret command sets a privileged exec credential using a hashing algorithm. What was the old algorithm used and what is currently used?
MD5 (old) SHA-256 (new)
What command is used if you want to enable a password using the SHA-256 algorithm? What about the scrypt encryption?
enable algorithm-type sha-256 secret *password*
enable algorithm-type scrypt secret *password*
What is used in order to deny host devices outside of an IP range for telnet and SSH into a network device?
Access Control Lists (ACL)
Firewalls sit in the forwarding path of all packets for inspection, functioning similarly to an ACL, but they can do much more! What can firewalls do that make them more useful than just an ACL?
-Deeper packet inspection
-Intelligent decision making based on data flow with regards to whether or not an attack is on going
-Application layer flows to know what TCP and UDP ports are being used by the flow
-Can match URI of an HTTP request
-Keep state information about each packet for historical analysis (Stateful Firewall)