Threats and Vulnerabilities

About this set

Created by: Created by: thmass Subjects: Subjects: Security+

on January 7, 2013

51 terms

Order by

Default

English
Trojan horse

French
program that appears to be a legitimate application, utility, game, or a screensaver unprotected access method or pathway program that has no useful purpose another name for a logic bomb name for a backdoor that was left in a product by the manufacturer by accident occurs when a name serveer receives malicious or misleading data that incorrectly maps host names and IP addresses allows a user to take advantage of a software bug or design flaw in an application to gain access to system resources ex. A user accidentally deletes the new product designs ex. Fragle and Smurf The threat agent will obtain information about open ports on the system and the system will be unavailable to respond to legitimate requests hoax virus information e-mails

Backdoor Virus Asynchronous attack Maintenance hook

DNS poisoning

Privilege escalation

Internal threat

DoS attack Xmas tree attack conducts reconnaissance by scanning for open ports

Form of social engineering attack Social engineering If the cordless phones are

ex. shoulder surfing and dumpster diving bluetooth and 802.11b

causing interference, the network could be using Buffel overflow form of software exploitation that transmits or submits a longer stream of data than the input can handle. when a programmer fails to check the length of input before processing. do NOT operate within a security sandbox occurs when an attacker includes database commands within user data input fields on a form, and those commands subsequently execute on the server. performing input validation

Vulnerability to buffer overflow attack Cookies SQL injection attack

SQL injection attacks are prevented by Hijacking attack

where the TCP/IP session is manipulated so that a third party is able to insert alternate packets into the communication stream. buffer overflow attack

Having a poor software development practices and failing input validation checks can result in Buffer overflow

is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target. disable unused services

To reduce the attack surface on a server Baseline

list of common security settings that a group or all devices share. 802.1x authentication and remediation servers

802.1x authentication and remediation servers A firewall log identifies traffic that has been allowed or denied through Performance log

a firewall

records information about the use of system resources.

The best protection is to save log files through The most important considerations to use a syslog to send log entries from multiple servers to central logging server is Turnstiles

using syslog to send log entries to another server. clock synchronization between all devices and disk space on the syslog receiver.

allow easy egress from a secured environment but actively prevent re-entrance through the exit portal. allow for easy exit from an area in the event of an emergency but prevent entry. use the event log can detect and respond to security events can discover unadvertised servers and determine which ports are open on a firewall. use a packet sniffer

Turnstile and double-entry door To see a record of past events IPS Port scanner

To monitor network traffic and sort traffic based on protocol TCP SYN scan

listens only for eaither SYN/ACK or RST/ACK packets. identifies an operating system or network service based upon its ICMP message. use a port scanner

Fingerprinting

To check for open ports on a system or a firewall To gather information about system such as the application or services running on the system To see packets on a network, including source and destination of each packet To scan a system for vulnerabilities including open ports, running services, and missing patches

use a vulnerability scanner

use a wireshark

use Nessus and Retina tools

MBSA Definition

checks for open ports and for missing patches contains a specific vulnerability or security issue that could be present on a system. use a packet sniffer

To examine the content of individual frames sent to the firewall To enable the packet sniffer to capture frames sent to other devices To examine network traffic To enumerate the devices on your network and display the configuration details on the network Activities associated with a penetration test Main difference between vulnerability scanning and penetration testing A zero knowledge team

configure promiscuous mode

use a protocol analyzer use nmap

running a port scanner and attempting social engineering vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. penetration testing team which most closely simulate a real-world hacker attack. Port scanner

Implement [what] to make sure that the servers will not accept packets sent to those services. To scan the content of the encrypted traffic to prevent any malicious attacks

use Host-based IDS

Set Champions
There are no high scores or champions for this set yet. You can sign up or log in to be the first!
2013 Quizlet
Sign Up Inside Quizlet How it Works