Web Security Risks Flashcards
(36 cards)
Virus
malicious piece of software (malware) that inserts malicious code into a program and then continues to spread itself using a variety of methods
Trojan Horse
Malware attack that disguises itself as something innocent such as computer game, or YouTube search results page
Spam
makes up 70-84% of daily emails sent throughout the world.
Phishing
Spam emails designed to trick recipients into clicking a link to an insecure website; typically executed to steal account information for e-commerce sites
Phishers usually part of a larger crime organization (Russian mafia). Phisher pays someone who contraols a fleet of zombies to send out the phishing attack from zombie PCs. Phisher compiles a large list of bank accounts, credit card info, and similar info from phishing attack. Phisher frequently sells account info in bulk to intermediary, who then sells individual accounts to anyone who wants them. Person who buys the accounts can use them to empty bank accounts and participate in identity theft
Packet Sniffers
Capture data streams over a network, allowing for the capture of sensitive data like usernames, passwords and credit card numbers
When you make contact with the Internet, data is sent in slices to keep performance of Internet high. Slices = packets; sniffer allows people to see these packets that are being sent or received.
Packet sniffers only work when they are on the same network on which the data is travelling to. Once it has the data, the sniffer can relay the info to different networks via honeypots.
information is sent from sniffer to a database where all the info is stored. can create reports out of the database such as site visits
Password Attacks (Types)
Brute-force- guess password by repeatedly entering new combination of words and phrases compiled from dictionary
Packet sniffers
IP-spoofing- similar to honeypots, involves interception of data packets by computer successfully pretending to be a trusted server/resource
Trojans
Internet passports
variety of technologies and standards that let people control which information about themselves they allow released to websites and how that information can be used
lives inside a web browser. user filles out profile in the browser determining what info can be made available
buffer overflow attack (browser attack)
buffer= area of memory allocated for a certain function.
In a buffer overflow attack, the hacker writes code that downloads from a website and floods a specific area of memory with so much data that it overflows into a nearby area of memory.
The data that flows into a nearby area of memory contains malicious code, and that code can bypass normal security functions because of a flaw in the browser.
Zombie Computers & Botnets
Zombie computer- computer infected with malware that causes it to act as a tool of a spammer by silently sending out thousands of emails from the owner’s email address. Typically a single person controls a zombie network of infected computers
Infected zombie computers are organized by spammers into small groups called botnets which can send out spam
Spyware
Employs a user’s Internet connection in background without their knowledge and gathers/transmits info on that user or their behaviors
Used to make cash- (pop up ads, phishing)
Spywhere “phones home” at regular intervals to report to the spyware website on what sites you have been visiting
Directory Traversal & Browsing
method used by hacker to access sensitive data held on a web server where your web site is installed. Filtering HTTP data requests to the server is the best prevention of directory traversal attacks
Server Side Scripts
Important to validate forms and use good coding practices and standards to avoid holes in your code which can be exploited
SQL Injection
SQL is way to enter, modify, and retrieve information from a database. Information that is stored can be vulnerable to SQL injection which breaches the database security.
Cross Site Scripting
Technique used to gather personal information or run malicious code while a user is using their web browser. This is the majority of hacking attempts. Data is usually gathered in the form of a hyperlink which contains malicious content within it. User will click the link from another website, IM, or reading a web board or email message.
Active X
Used by Microsoft IE on Windows systems, allows applications or parts of applications to be utilized by web browser. Web page can use ActiveX components that may already reside on a Windows system, or a site may provide the component as a downloadable object. Gives extra functionality to web browsing but increases vulnerability
Java Security Issues
Java Virtual Machine (applet) is used to execute Java code provided by the web site. Soem operating systems come with a JVM, while others require a JVM to be installed before Java can be used; Java applets are operating system independent
Java applets usually execute within a “sandbox” where the interaction with the rest of the system is limited. However, various implementations of JVM contains vulnerabilities that allow an applet to bypass these restrictions
Plugins
apps intended for use in the web browser (ie: Adobe Flash). Can contain programming flaws such as buffer overflows
Cookies
Files placed on your system to store data for specific web sites. can contain any info that a website is designed to place in it. May contain information about the sites you visited, or credentials for accessing the site.
When visiting a site, CGI script on the server takes the information the user has entered and then writes the cookie onto the hard disk. When you leave a site, your cookie info remains on hard disk so site can recognize you next tiem you decide to visit (unless cookie has been written to expire when you leave)
If website uses cookies for authentication, then an attacker may be able to acquire unauthorized access to that site by obtaining the cookie. Persistent cookies higher risk than session cookies because they remain on the computer longer
web bugs
piece of HTML code placed on web pages or in email messages, used to trace people’s pathes through a website. “wiretap”- can be included in email, and can enable people to view some of your email
small piece of Java Script that has capability to read the entire contents of an email message
Firewall
Protects the ports on which computers use to communicate and offers Intrusion protection
corporate firewalls
hardware and software combinations that are built using routers, servers, and a variety of software; sit at the most vulnerable point between a corporate network and the Internet, can be as simple or complex as system administrators want to build them
proxy servers
commonly used in firewalls. Server software that runs on a host in a firewall, such as a bastion host. Because only the single proxy server (instead of many individual computers on the network) interacts with the Internet, security can be maintained. Single server can be kept more secure than hundereds of individual computers on a network
proxy servers can be used as a way to log the Internet traffic between an internal corporate network and the Internet
can be used to speed up performance of some Internet services by caching data- keeping copies of the requested data
Personal firewall
Personal firewalls are software that runs on the computer and protects computer against Internet attacks. Data packets come in through Internet ports (virtual entrance between your comp & Internet)
Personal firewalls examine data packets your computer receives and can filter out packets being sent to certain ports
war driver
people drive through areas of cities and suburbs known for having WiFi networks searching for unprotected networks they can break into
use program like NetStumbler to search for unsecured Wifi network. Once the war driver connects to network, has same access rights as any other user, so can use all the network’s resources and data. If he is a hacker, he can also try to take control of the network or damage it
