42 Questions
What is the goal of security researchers?
To find vulnerabilities before attackers do
What is a characteristic of a zero-day attack?
It is a type of attack that uses a previously unknown vulnerability
Why is it difficult to mitigate a zero-day attack?
Because it is very difficult to stop something that you had no idea existed
What is the motivation of attackers to find vulnerabilities?
To use them to attack networks or sell them to the highest bidder
What is hidden in the code of many applications?
A potential way for an attacker to get into your network
What is the goal of attackers when it comes to finding vulnerabilities?
To find them before security researchers do
What is the primary purpose of the CVE database?
To identify and document vulnerabilities
What is the result of leaving data open on the internet without security?
It makes it easy for anyone on the internet to access the data
What was the outcome of Verizon's misconfigured Amazon S3 data repository in 2017?
A researcher found the data and closed the hole before it was exploited
What can happen if an attacker gains access to an administrator or root account?
They will have full control over the operating system
Why should access to root or administrative accounts be closely monitored?
Because an attacker may have full control over the operating system
What can be a problem with error messages in applications?
They may show sensitive information that can be used against us
What was the outcome of the Patreon website error in 2015?
Attackers were able to access the debugger and transfer customer data
Why is it important to encrypt data?
To protect the data from being accessed or transferred
What is a common problem with cloud repositories?
They are often misconfigured and left open
Why should policies and procedures be in place for administrative accounts?
To prevent casual use of these accounts
What is the importance of using strong encryption protocols?
To ensure that data is well protected
What is the common purpose of AES and triple DES?
To encrypt data
What is the purpose of using hashes in encryption?
To verify data integrity
What is the purpose of using TLS protocol?
To encrypt data during transport
What is the problem with using encryption keys of 128 bits or smaller?
They are not secure enough
What is the purpose of capturing packets and analyzing them?
To determine if data is being sent in the clear
What is the consequence of not configuring applications to use secure protocols?
Data will be sent in the clear
What is the purpose of the Wall of Sheep at Defcon?
To display a list of applications that are sending data in the clear
What is the problem with default usernames and passwords on IoT devices?
They are not secure enough
What is the purpose of the Mirai botnet?
To take control of IoT devices
What is the primary concern with legacy systems?
They are running software that has reached end of life.
Why might a security administrator decide to keep legacy equipment on the network?
Because it is still necessary for a particular function.
What is one way to protect a legacy system that cannot be patched?
Add a firewall around the system.
What happens when software reaches end of life?
It is no longer supported by the vendor.
Why is it important to assess the advantages and disadvantages of keeping a legacy system on the network?
To determine the security risks and benefits of keeping the system.
What is the goal of adding security tools around a legacy system?
To keep the system as secure as possible.
Why do attackers modify software to control more IoT devices?
To gain unauthorized access to the devices
What is the purpose of opening ports on a server?
To allow communication between the server and applications
What is the main function of a firewall?
To control and manage traffic to the network
What is the purpose of auditing a firewall's rule base?
To ensure that all rules are up to date and correct
What is the main reason organizations release software updates?
To fix security vulnerabilities in the software
What type of systems are referred to as legacy systems?
Older systems that may be running outdated operating systems
What was the consequence of Equifax not patching their systems in 2017?
They suffered a massive data breach, resulting in fines and reputational damage
What is the role of a group of people who test patches in an organization?
To test patches to ensure they operate properly in the environment
What is the purpose of patching a system?
To fix security vulnerabilities and keep the system up to date
What can happen if patches are not kept up to date?
The system may be vulnerable to attacks and breaches
Study Notes
Common Vulnerabilities and Exposures (CVE)
- CVE is a database of common vulnerabilities and exposures, located at cve.mitre.org.
- It serves as a resource to stay up-to-date on the latest vulnerabilities.
Open Permissions Problem
- An open permissions problem occurs when information is put on the internet without applying security, allowing anyone to access it.
- This is becoming more common as data is increasingly stored in the cloud.
- Example: Verizon's 2017 exposure of 14 million records due to misconfigured Amazon S3 data repository.
Administrator Accounts
- Leaving administrator accounts open can allow attackers to gain full control over an operating system.
- Proper security and policies should be in place to prevent casual use of administrator accounts.
Error Messages
- Error messages can reveal sensitive information, such as service and application details, version information, and debug information.
- Example: Patreon's 2015 error message vulnerability allowed attackers to execute code on their web server.
Encryption
- Encrypting data is essential, but it's not enough; encryption protocols and keys must be strong and up-to-date.
- Examples of strong encryption protocols include AES and triple DES.
- Wireless encryption protocols should also be kept up-to-date.
Legacy Systems
- Legacy systems, including devices with default usernames and passwords, can be vulnerable to attacks like the Mirai botnet.
- These systems may be running outdated software with known vulnerabilities.
- A security administrator must weigh the advantages and disadvantages of keeping these systems on the network.
Vulnerabilities and Zero-Day Attacks
- There are hidden vulnerabilities in software that attackers or security researchers can discover and exploit.
- A zero-day attack occurs when an unknown vulnerability is exploited, and it's difficult to mitigate.
Firewalls and Network Security
- Firewalls are used to manage traffic flow and keep bad actors out, but rule sets can become complex and unwieldy.
- Regular audits are necessary to ensure the rule base is up-to-date and correct.
Patching and Updates
- Patches are released to address security vulnerabilities, and organizations should prioritize keeping systems up-to-date.
- Example: Equifax's 2017 data breach due to an unpatched Apache Struts vulnerability.
Legacy Devices and IoT
- Legacy devices and IoT devices can be vulnerable to attacks if not properly secured.
- A transition plan is necessary to remove legacy software and replace it with more secure alternatives.
Learn about the different types of vulnerabilities that can be exploited by attackers to gain access to your network. This quiz covers common weakness in computer applications and how security researchers work to identify and fix them.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
