1
Q
MAC Spoofing
- Type of attack
- An exploitation
A
MAC Spoofing
- Use software to change MAC address of NIC
- MAC flood attack overwhelms switch with spoofed MACs
- Attacker can use to bypass MAC filtering
2
Q
IP Spoofing
A
IP Spoofing
- Attacker changes source IP address of packet
- Attack from single systems seems to come from many
3
Q
SYN Flood Attack
A
SYN Flood Attack
- Against server on internet
- Disrupt three-way handshake
- Attacker sends many SYN’s
- Never completes with ACK’s
- Many half-open connections
- Servers can limit number of connection, but may deny connections to legit clients
- One attacker spoof IP for DoS
- Many attackers are DDoS
4
Q
Man-In-The-Middle
-What can prevent and how?
A
Man-In-The-Middle
- Third computer intercepts comms and forwards
- Can insert malicious code
- Kerberos helps prevent with mutual authentication
5
Q
ARP Poisoning
-Two kinds of attack
A
ARP Poisoning
- Attacker creates fake ARP reply with spoofed MAC address to poison ARP cache
- ARP Man-In-The-Middle - make traffic of router go to attacker. Attacker uses IP forwarding to send traffic to router
- ARP DoS - send ARP reply with bogus MAC address for default gateway - stops traffic out of network
6
Q
DNS Poisoning
-What prevents?
A
DNS Poisoning
- Replace IP address of legit website with that of malicious site
- DNS-SEC prevents
7
Q
DDoS DNS Attack
A
DDoS DNS Attack
-Botnet machines repeatedly send queries to DNS servers, overwhelm them
8
Q
Amplification Attack
A
Amplification Attack
- DoS
- Increase traffic sent to or from victims
- smurf attack
- DNS amplification attack
- NTP attack
9
Q
Smurf Attack
A
Smurf Attack
- An amplification attack
- broadcast ping to all computers in subnet, spoof source IP to victim, so victim gets
10
Q
DNS Amplification Attack
A
DNS Amplification Attack
- An amplification attack
- Send DNS requests spoofing IP address of victim; request as much zone data as possible
11
Q
NTP Attack
A
NTP Attack
- An amplification attack
- Request monlist (last 600 systems requesting time) using spoofed IP address of victim
12
Q
Pass The Hash Attack
- What is susceptible and why?
- Use what instead?
A
Pass The Hash Attack
- Password attack
- Discover password hash and use to log on
- LM and NTLM susceptible because hash not encrypted
- Use NTLMv2 or Kerberos instead
13
Q
Birthday Attack
- Type of attack
- How to prevent
- What is susceptible
- What is not susceptible
A
Birthday Attack
- Password attack
- Attacker creates hash that produces same hash as actual password (hash collision)
- Prevent by increasing bits in hash
- MD5 has 128 bits - susceptible
- SHA-3 has 512 bits - not susceptible
14
Q
Rainbow Table Attack
-How to prevent
A
Rainbow Table Attack
- Database of passwords and their hashes
- Compare hash of original password vs hashes in table
- When match, password discovered
- Salting prevents - random data (extra characters) before hashing
15
Q
Replay Attack
-What prevents
A
Replay Attack
- Password attack
- Attacker intercepts authentication credentials and replays to impersonate
- Timestamps and sequence numbers can prevent - Kerberos
16
Q
Known Plaintext Attack
A
Known Plaintext Attack
- Attacker has sample of plaintext and its ciphertext
- Use both to discover encryption method
- Use to decrypt other cyphertexts
17
Q
Chosen Plaintext Attack
A
Chosen Plaintext Attack
- Choose part of encrypted message you know, try to decrypt that
- If it works, use same method to decrypt whole message
18
Q
Session Hijacking
A
Session Hijacking
-Attacker uses user’s session ID (cookie) to impersonate user
19
Q
Domain Hijacking
A
Domain Hijacking
- Change registration of domain name
- Likely using social engineering
20
Q
Man-In-The-Browser
A
Man-In-The-Browser
- Proxy trojan horse infecting web browsers
- Can capture session data: keystrokes, data sent from browser (bank login info)
21
Q
Buffer Overflow Attack
A
Buffer Overflow Attack
- Use buffer overflow to overwrite memory with malicious code
- Ex: long string, first part causes buffer overflows, then string of no-op commands (NOP or x90) followed by malicious code
22
Q
Directory Traversal
A
Directory Traversal
- Webserver vulnerability
- Injection attack
- Enter directory path into web form or text box
23
Q
Cross Site Scripting (XSS)
A
Cross Site Scripting (XSS)
- Webserver vulnerability
- Attackers embed malicious HTML or Javascript into website’s code
- Or email link that takes advantage of website that allows scripts to run in user input
- Executes when user visits
- Can capture cookies
- Prevent with
- input validation
- security encoding library to sanitize HTML
24
Q
Cross-Site Request Forgery (XSRF)
-How to prevent
A
Cross-Site Request Forgery (XSRF)
- Webserver vulnerability
- Attacker tricks user into performing action on website
- Attacker creates HTML link that performs action if clicked, ie, www.foo.com/edit?action=badstuff
- attacker makes request on behalf of the authenticated user
- Prevent by
- expiring cookie
- forcing re-authentication when performing action
- sending token with form submission and check on server
25
Kerberos prevents these attacks
Kerberos prevents these attacks
- Replay attack - timestamps and sequence numbers
- Pass the hash attack - encrypts hash
- Man-In-The-Middle - mutual authentication
Security+
flashcards
Decks in class (20)
# Cards
-
Tools & Random Stuff13
-
Protocols12
-
Protocols & Ports (Memorize)27
-
Network Devices21
-
Securing Your Network7
-
Wireless Protocols (Memorize)11
-
Wireless Attacks10
-
VPN7
-
Securing Hosts & Data19
-
Threats, Vulnerabilities, Common Attacks7
-
Advanced Attacks25
-
Risk Management Tools34
-
Controls To Protect Assets18
-
Cryptography36
-
Test Questions38
-
Ports Only (Quick Study)20
-
Ports (Reversed)21
-
Wireless Protocols (Quick Study)0
-
Identity And Access Services14
-
EAP6
