1
Q
Define Intrusion Detection Systems
A
Intrusion Detection Systems Monitor network traffic for malicious packets or patterns.
They are passive, i.e., monitor only (and maybe raise alarm) but do not filter/block.
Just detect!
2
Q
Intrusion Prevention Systems
A
Unlike Intrusion Detection Systems, Intrusion Prevention Systems take actions to filter or block malicious traffic.
They disable the port / link and is dynamically setting rules to block traffic flow.
3
Q
Define a Firewall:
- How does it handle packets
- Where are they placed within a network
A
- Inspects packets entering or leaving a network/computer
- Can be hardware or software
- Hardware firewall are usually placed between the LAN and WAN
- Software firewalls are installed on the system and inspect packets in/out
- Uses rules to allow or deny packets based on protocols - IP, TCP/UDP, Port, etc.
- Content filter can inspect the data in a packet and filter out malicious content.
- Block based on protocol or IP. Ex. Block web browsing from 8-4 work hours.
4
Q
Honeypot (or Host-based Intrusion Detection System)
A
- A decoy server to lure potential attackers
- Configured with HIDS installed to log info about attacker and attack techniques.
- Logs can be studied to set up proper counter measures.
5
Q
VIRUS:
A
- A program that replicates itself into other documents or programs
- Designed to disrupt computer / network operations.
- Needs the virus file to be open or a program to run before it becomes active (Dormant until you open the file)
browser to a different URL than intended. Precursor to Ransomware
6
Q
Types of virus
A
- Types
- File infector – targets files, altering or deleting files
- Boot sector – loads on system power on and targets the boot sector
- Macro – infects documents containing macros*.
- Browser hijack / phishing – cameo pages that redirects the
7
Q
Anti-virus.
A
- They also have a database of known viruses
- watch out for suspicious patterns, mostly for file/boot/Macro viruses
8
Q
Worms
A
- Unlike Viruses, Worms do not need to be attached to another file to spread.
- Self-contained program that simply needs a computer to be connected to a network.
- Spread via emails or Instant Messaging
- Performs similar destruction as Virus, with the main difference being how it spreads.
- Worms are notorious for creating “backdoors” into a computer
- Backdoor – a program that permits access into a computer bypassing the normal authentication process.
- Worms have in history caused damages valued in billions $
9
Q
Spyware:
A
- allows monitoring of activities on a system by third parties
- Noticeable strange increase in network activates
- Not all are “bad”, some focus on your web activities in order to provide targeted advertisement. (Not always harmful) (log in details)
- They do not install themselves like Worms, instead are installed by computer users either mistakenly (just clicking ok ..ok.. Ok, without reading in full)
- Installing Free software - be wary of free music, movies sites!
10
Q
Spams
A
- mostly annoying nuisances, such as unsolicited emails
- They do not delete or damage files, rather just take up storage space
- Bloatware on laptops and phones could also be classified as a form of spam*
- Be careful on the web and do not open strange emails or FREEBIES!!
11
Q
Denial of Service (DoS) :
A
- An attempt to clog up or bottle neck network bandwidth with bogus traffic, thereby preventing legitimate users from accessing the network.
Ola used people loitering at a bank as a example
12
Q
Packet storm (DoS)
A
– runs on UDP (being connection-less) and sends streams of UDP packets with spoofed host address (different computer’s host address), preventing that computer from being able to respond to other traffic.
13
Q
Ping Flood (DoS)
A
- large number of PING messages sent to a host.
- The host is kept busy responding to PING. * An alternative called SMURF ATTACK
- The attacker sends pings to a broadcast address using the IP address of another host in the network as the source address
- All computers in the network then reply to the “victim host” (the one who’s IP address was used)
- The victim host is then overwhelmed with PING response traffic
14
Q
Half-open SYN
A
- Exploits the 3-way handshake of TCP.
- The attacker sends series of SYN messages with spoofed (or fake) source address to a server in a bid to start a conversation.
- The server then keeps waiting for the acknowledgement packet to arrive from the fake source address.
- When multiple SYNs are sent, the server could use all available connections to attend to all these fake requests and not be able to deal with legitimate requests.
- Timeouts can be specified to help deal with this
15
Q
Distributed Denial of Service (DDoS) :
A
- Use of multiple systems to carry out DoS.
- Sometimes carried out by Malwares that have earlier been installed on a system
16
Q
Man-in-the-Middle Attack:
A
- A type of attack where an attacker gets in between a client and server.
17
Q
Man-in-the-Middle Attack Type:
WiFi Eavesdropping:
A
- attackers set up a legit looking Wi-Fi connection and wait for users to connect their device.
- this is also commonly called “Evil Twin”
- common in public places (coffee shops, parks) - you might connect to an unpassworded free WiFi and the attacker is able to snoop/sniff on all packets go through the network
18
Q
Man-in-the-Middle Attack Type:
Session Hijacking:
A
- Hijacking web sessions between clients and servers.
- Commonly done by stealing browser cookies.
- Cookie contain information that provide good browsing experience such as not having to re-login every minute.
- Can contains login credentials, online activities, pre-filled forms
COSC 118
flashcards
Decks in class (16)
# Cards
