CISS 310 Modules 8-9 Flashcards

Questions and Answers

List 3 reasons a threat actor may want to hack into something like the View IoT window.

Entry point into the owner's corporate network, Attack point against other networks, Backflow into View's own network.

Why would a threat actor want to attack a network?

Exploiting a single network vulnerability can expose hundreds or thousands of devices.

What are 3 of the most common interception attacks?

Man-in-the-middle, session replay, man-in-the-browser.

Describe a man-in-the-middle attack (MITM).

A threat actor is positioned in a communication between two parties, undetected, and aims to eavesdrop or impersonate one of the parties. Signup and view all the answers

Describe how a man-in-the-middle (MITM) attack works.

It intercepts traffic by altering packet headers, directing users to the attacker's site and subsequently decrypts transmissions to access data. Signup and view all the answers

A replay attack is a variation of a(n) ______________ attack.

man-in-the-middle (MITM) Signup and view all the answers

How does a replay attack work?

It makes a copy of the legitimate transmission to send later to the recipient. Signup and view all the answers

Describe a session replay attack.

It involves intercepting a session ID to impersonate a user, as these IDs are unique for each user's session. Signup and view all the answers

Each time a user visits a website, the web server issues a ___________ session ID that usually remains active as long as the browser is open.

new Signup and view all the answers

In some instances, after several minutes of inactivity, the server may generate ____________________.

a new session ID Signup and view all the answers

Closing the browser terminates the active session ID, and it should __________________.

not be used again Signup and view all the answers

List 3 places where a session ID can reside.

Part of a URL extension, hidden form fields, cookies. Signup and view all the answers

List several techniques for stealing an active session ID.

Network attacks (hijacks), endpoint attacks (cross-site scripting, Trojans, and malicious JavaScript coding). Signup and view all the answers

What can a hacker do with a hacked/stolen session ID?

The hacker can impersonate the user. Signup and view all the answers

Describe a man-in-the-browser attack.

It intercepts communication to steal or manipulate data between the web browser and security mechanisms. Signup and view all the answers

What is a key difference between a man-in-the-middle and man-in-the-browser attack?

MITM occurs between two endpoints, while MITB occurs between a browser and the underlying computer. Signup and view all the answers

Explain how a man-in-the-browser attack could work.

It usually begins with a Trojan infecting the computer, installing an extension that activates when the browser is opened. Signup and view all the answers

Study Notes

Threat Actor Motivation

Hackers may target the View IoT window to gain an entry point into a corporate network.
Attacking the IoT window can create backflow into View's internal network.
It serves as an attack point against other connected networks.

Network Vulnerabilities

A single vulnerability in a network can potentially expose thousands of devices to exploitation.

Common Interception Attacks

Man-in-the-middle (MITM) attacks.
Session replay attacks.
Man-in-the-browser (MITB) attacks.

Man-in-the-Middle Attacks

In a MITM attack, the attacker secretly positions themselves in the communication channel between two parties.
Both legitimate parties remain unaware of the attacker's presence, believing they are only communicating with each other.
The attacker's goals include eavesdropping on conversations or impersonating a legitimate party.

MITM Attack Phases

Phase One: Intercepting traffic by impersonating a legitimate web application, altering packet headers, and redirecting users to the attacker's site.
Phase Two: Decrypting transmissions using a fake digital certificate, tricking the victim's computer into verifying authenticity.

Replay Attacks

A replay attack is a type of MITM attack that captures and reuses legitimate transmissions.
It involves copying and later sending the initial transmission to impersonate the original sender.

Session Replay Attack

This attack captures a session ID to impersonate a legitimate user during their session with a web server.
Session IDs are unique identifiers assigned by servers, often composed of various user-specific variables, and securely hashed.

Session ID Dynamics

Upon visiting a website, a new session ID is issued, active as long as the browser remains open.
Inactivity may trigger a new session ID; closing the browser invalidates the current session ID.

Session ID Locations

Session IDs can be included as URL extensions.
They may reside in hidden form fields or be stored in cookies.

Session ID Theft Techniques

Active session IDs can be stolen through network attacks (e.g., hijacks) and endpoint attacks (e.g., cross-site scripting, Trojans).

Consequences of Stolen Session IDs

A stolen session ID allows hackers to impersonate the user, gaining unauthorized access.

Man-in-the-Browser Attacks

MITB attacks focus on intercepting and manipulating data between a web browser and the computer’s security mechanisms.
Typically initiated by a Trojan that installs a browser extension, enabling data interception upon browser activation.

Key Differences

MITM attacks occur between two endpoints (e.g., devices), while MITB attacks take place between a browser and the underlying computer.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Test your knowledge on cybersecurity concepts covered in CISS 310, specifically in Modules 8 and 9. This quiz features flashcards that explore the motivations behind threat actors and the implications of network vulnerabilities. Enhance your understanding of how various attacks can affect corporate and IoT networks.