CISS 310 Modules 8-9 Flashcards

Questions and Answers

List 3 reasons a threat actor may want to hack into something like the View IoT window.

Entry point into the owner's corporate network, Attack point against other networks, Backflow into View's own network.

Why would a threat actor want to attack a network?

Exploiting a single network vulnerability can expose hundreds or thousands of devices.

What are 3 of the most common interception attacks?

Man-in-the-middle, session replay, man-in-the-browser.

Describe a man-in-the-middle attack (MITM).

A threat actor is positioned in a communication between two parties, undetected, and aims to eavesdrop or impersonate one of the parties.

Describe how a man-in-the-middle (MITM) attack works.

It intercepts traffic by altering packet headers, directing users to the attacker's site and subsequently decrypts transmissions to access data.

A replay attack is a variation of a(n) ______________ attack.

man-in-the-middle (MITM)

How does a replay attack work?

It makes a copy of the legitimate transmission to send later to the recipient.

Describe a session replay attack.

It involves intercepting a session ID to impersonate a user, as these IDs are unique for each user's session.

Each time a user visits a website, the web server issues a ___________ session ID that usually remains active as long as the browser is open.

new

In some instances, after several minutes of inactivity, the server may generate ____________________.

a new session ID

Closing the browser terminates the active session ID, and it should __________________.

not be used again

List 3 places where a session ID can reside.

Part of a URL extension, hidden form fields, cookies.

List several techniques for stealing an active session ID.

Network attacks (hijacks), endpoint attacks (cross-site scripting, Trojans, and malicious JavaScript coding).

What can a hacker do with a hacked/stolen session ID?

The hacker can impersonate the user.

Describe a man-in-the-browser attack.

It intercepts communication to steal or manipulate data between the web browser and security mechanisms.

What is a key difference between a man-in-the-middle and man-in-the-browser attack?

MITM occurs between two endpoints, while MITB occurs between a browser and the underlying computer.

Explain how a man-in-the-browser attack could work.

It usually begins with a Trojan infecting the computer, installing an extension that activates when the browser is opened.

Study Notes

Threat Actor Motivation

• Hackers may target the View IoT window to gain an entry point into a corporate network.
• Attacking the IoT window can create backflow into View's internal network.
• It serves as an attack point against other connected networks.

Network Vulnerabilities

• A single vulnerability in a network can potentially expose thousands of devices to exploitation.

Common Interception Attacks

• Man-in-the-middle (MITM) attacks.
• Session replay attacks.
• Man-in-the-browser (MITB) attacks.

Man-in-the-Middle Attacks

• In a MITM attack, the attacker secretly positions themselves in the communication channel between two parties.
• Both legitimate parties remain unaware of the attacker's presence, believing they are only communicating with each other.
• The attacker's goals include eavesdropping on conversations or impersonating a legitimate party.

MITM Attack Phases

• Phase One: Intercepting traffic by impersonating a legitimate web application, altering packet headers, and redirecting users to the attacker's site.
• Phase Two: Decrypting transmissions using a fake digital certificate, tricking the victim's computer into verifying authenticity.

Replay Attacks

• A replay attack is a type of MITM attack that captures and reuses legitimate transmissions.
• It involves copying and later sending the initial transmission to impersonate the original sender.

Session Replay Attack

• This attack captures a session ID to impersonate a legitimate user during their session with a web server.
• Session IDs are unique identifiers assigned by servers, often composed of various user-specific variables, and securely hashed.

Session ID Dynamics

• Upon visiting a website, a new session ID is issued, active as long as the browser remains open.
• Inactivity may trigger a new session ID; closing the browser invalidates the current session ID.

Session ID Locations

• Session IDs can be included as URL extensions.
• They may reside in hidden form fields or be stored in cookies.

Session ID Theft Techniques

• Active session IDs can be stolen through network attacks (e.g., hijacks) and endpoint attacks (e.g., cross-site scripting, Trojans).

Consequences of Stolen Session IDs

• A stolen session ID allows hackers to impersonate the user, gaining unauthorized access.

Man-in-the-Browser Attacks

• MITB attacks focus on intercepting and manipulating data between a web browser and the computer’s security mechanisms.
• Typically initiated by a Trojan that installs a browser extension, enabling data interception upon browser activation.

Key Differences

• MITM attacks occur between two endpoints (e.g., devices), while MITB attacks take place between a browser and the underlying computer.

Description

Test your knowledge on cybersecurity concepts covered in CISS 310, specifically in Modules 8 and 9. This quiz features flashcards that explore the motivations behind threat actors and the implications of network vulnerabilities. Enhance your understanding of how various attacks can affect corporate and IoT networks.