Podcast
Questions and Answers
What is the primary purpose of the TLS session?
What is the primary purpose of the TLS session?
The HTTPS protocol is a combination of HTTP and TLS.
The HTTPS protocol is a combination of HTTP and TLS.
True
What is the most complex part of TLS?
What is the most complex part of TLS?
TLS Handshake
IPsec provides security services at the __ layer.
IPsec provides security services at the __ layer.
Signup and view all the answers
Define control as mentioned in the text.
Define control as mentioned in the text.
Signup and view all the answers
Which classification of controls focuses on security policies, planning, and standards?
Which classification of controls focuses on security policies, planning, and standards?
Signup and view all the answers
Preventative controls aim to inhibit attempts to violate security policies or exploit vulnerabilities.
Preventative controls aim to inhibit attempts to violate security policies or exploit vulnerabilities.
Signup and view all the answers
_______ provides a secure remote logon facility to replace TELNET and other remote login schemes.
_______ provides a secure remote logon facility to replace TELNET and other remote login schemes.
Signup and view all the answers
According to NIST 800-83, how is malware defined?
According to NIST 800-83, how is malware defined?
Signup and view all the answers
Which of the following are information security properties that malware can attack?
Which of the following are information security properties that malware can attack?
Signup and view all the answers
What is the purpose of persistent malware?
What is the purpose of persistent malware?
Signup and view all the answers
____ malware requires a host program to run and cannot run independently.
____ malware requires a host program to run and cannot run independently.
Signup and view all the answers
Match the Malware Classification Dimension with its Description:
Match the Malware Classification Dimension with its Description:
Signup and view all the answers
What does malware consist of?
What does malware consist of?
Signup and view all the answers
Which of the following are main types of malware?
Which of the following are main types of malware?
Signup and view all the answers
What is a virus?
What is a virus?
Signup and view all the answers
A virus infects fles that the operating system or shell considers to be ___________.
A virus infects fles that the operating system or shell considers to be ___________.
Signup and view all the answers
Match the virus classifications with their description:
Match the virus classifications with their description:
Signup and view all the answers
How are payloads classified?
How are payloads classified?
Signup and view all the answers
What is the purpose of Attack Agents Bots?
What is the purpose of Attack Agents Bots?
Signup and view all the answers
Rootkits can hide the presence of a malware process by removing it from the list of active processes.
Rootkits can hide the presence of a malware process by removing it from the list of active processes.
Signup and view all the answers
What is the main purpose of Information Theft- Phishing?
What is the main purpose of Information Theft- Phishing?
Signup and view all the answers
SQL injection attacks are designed to exploit the nature of Web application pages by insertion of a ____ query via the input data.
SQL injection attacks are designed to exploit the nature of Web application pages by insertion of a ____ query via the input data.
Signup and view all the answers
What is the main purpose of XML External Entity Processing?
What is the main purpose of XML External Entity Processing?
Signup and view all the answers
Cross-site scripting (XSS) attacks involve injecting code fragments into input fields on the server side.
Cross-site scripting (XSS) attacks involve injecting code fragments into input fields on the server side.
Signup and view all the answers
What does SQLi stand for?
What does SQLi stand for?
Signup and view all the answers
In a SQL Injection attack, the attacker can terminate the injected string with a comment mark ___
In a SQL Injection attack, the attacker can terminate the injected string with a comment mark ___
Signup and view all the answers
Match the following SQL Injection types with their descriptions:
Match the following SQL Injection types with their descriptions:
Signup and view all the answers
What are the two broad defense approaches against buffer overflows?
What are the two broad defense approaches against buffer overflows?
Signup and view all the answers
Security is no longer an 'add-on' but a requirement in software engineering.
Security is no longer an 'add-on' but a requirement in software engineering.
Signup and view all the answers
What is the main concept of defensive programming?
What is the main concept of defensive programming?
Signup and view all the answers
______ and reliability are common design goals in most engineering disciplines.
______ and reliability are common design goals in most engineering disciplines.
Signup and view all the answers
Match the following SDLC phases to their descriptions:
Match the following SDLC phases to their descriptions:
Signup and view all the answers
What is the ultimate goal for the attacker in a Buffer Overflow attack?
What is the ultimate goal for the attacker in a Buffer Overflow attack?
Signup and view all the answers
What does the NIST recommend to reduce software vulnerabilities?
What does the NIST recommend to reduce software vulnerabilities?
Signup and view all the answers
What is an additional concern when input data represents numeric values? Internally stored in _ sized value.
What is an additional concern when input data represents numeric values? Internally stored in _ sized value.
Signup and view all the answers
Using strongly typed languages limits the interpretation of data variables.
Using strongly typed languages limits the interpretation of data variables.
Signup and view all the answers
Match the SQL countermeasures with their types:
Match the SQL countermeasures with their types:
Signup and view all the answers
Study Notes
Security Controls
- Security control is defined as an action, device, procedure, or other measure that reduces risk by eliminating or preventing a security violation, minimizing harm, or discovering and reporting it to enable corrective action.
Control Classifications
- Management controls:
- Focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and protect the organization's mission.
- Address issues that management needs to address.
- Operational controls:
- Address the correct implementation and use of security policies and standards, ensuring consistency in security operations and correcting identified operational deficiencies.
- Relate to mechanisms and procedures that are primarily implemented by people rather than systems.
- Used to improve the security of a system or group of systems.
- Technical controls:
- Involve the correct use of hardware and software security capabilities in systems.
- Range from simple to complex measures that work together to secure critical and sensitive data, information, and IT systems functions.
Control Classes
- Each of the control classes may include:
- Supportive controls:
- Pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.
- Preventative controls:
- Focus on preventing security breaches from occurring, by inhibiting attempts to violate security policies or exploit a vulnerability.
- Detection and recovery controls:
- Focus on the response to a security breach, by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.
- Supportive controls:
Application Layer Controls
- Email Security:
- MIME (Multipurpose Internet Mail Extension) and S/MIME (Secure/Multipurpose Internet Mail Extension) provide security enhancements to the Internet e-mail format.
- S/MIME provides the ability to sign and/or encrypt e-mail messages.
- Pretty Good Privacy (PGP) Cryptography:
- A standard for electronic-mail encryption and digital signatures.
- Uses a Public Private Keys (PPK) method.
- DNS Threats Prevention:
- DNS Security (DNSSEC) is deployed to ensure the authenticity of DNS answers, integrity of replies, and authenticity of denial of existence.
- Accomplishes this by signing DNS replies at each step of the way using public-key cryptography.
- Secure Shell (SSH):
- A protocol for secure network communications designed to be relatively simple and inexpensive to implement.
- Provides a secure remote logon facility, file transfer, and email.
Host to Host/Transport Layer Controls
- Transport Layer Security:
- A definition of the transport layer protocol.
- TLS (Transport Layer Security) Protocol Stack:
- TLS is designed to make use of TCP to provide a reliable end-to-end secure service.
- The TLS Record Protocol provides basic security services to various higher-layer protocols.
- TLS Concepts:
- TLS Session: created by the Handshake Protocol, defines a set of cryptographic parameters, and is used to avoid the expensive negotiation of new security parameters for each connection.
- TLS Connection: a transport layer protocol that provides a suitable type of service, peer-to-peer relationships, and every connection is associated with one session.
- TLS Handshake Messages:
- The most complex part of TLS, used before any application data are transmitted, allows server and client to authenticate each other, negotiate encryption and MAC algorithms, and negotiate cryptographic keys to be used.
Network Layer Security
- IP Security (IPsec):
- Provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services.
- IPsec Services:
- Access control, connectionless integrity, data origin authentication, rejection of replayed packets (integrity), and confidentiality (encryption/confidentiality).
- Benefits of IPsec:
- Provides strong security that can be applied to all traffic crossing the perimeter.
- Traffc within a company or workgroup does not incur the overhead of security-related processing.
- IPsec is below the transport layer (TCP, UDP) and so is transparent to applications.
- There is no need to train users on security mechanisms.
- The Scope of IPsec:
- Provides two main functions: a combined authentication/encryption function called Encapsulating Security Payload (ESP) and a key exchange function.
- Also provides an authentication-only function, implemented using an Authentication Header (AH).
- Transport Mode:
- Provides protection primarily for upper-layer protocols.
- Examples include a TCP or UDP segment or an ICMP packet.
- Typically used for end-to-end communication between two hosts.
- Tunnel Mode:
- Provides protection to the entire IP packet.
- Used when one or both ends of a security association (SA) are a security gateway.
- A number of hosts on networks behind firewalls may engage in secure communications without implementing IPsec.### Malicious Software
- Malware is a program that is inserted into a system to compromise the confidentiality, integrity, or availability of the victim's data, applications, or operating system.
- Malware can be classified based on how it spreads or propagates through an information system environment.
Malware Taxonomy
- The NCSC approach to classifying malware considers the following dimensions:
- Host dependent or independent
- Persistent or transient
- Where it installs itself
- How it is triggered
- Static or dynamically updated
- Act alone or coordinated attack
Malware Types
- Virus: a piece of software that infects programs, modifies them to include a copy of the virus, and replicates and goes on to infect other content.
- Worm: a program that actively seeks out more machines to infect and each infected machine serves as an automated launching pad for attacks on other machines.
- Rootkit: a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
- Trojans: a type of malware that disguises itself as a legitimate program.
- Spyware: a type of malware that monitors and collects information about a user's activities without their consent.
- Adware: a type of malware that displays unwanted advertisements.
Malware Components
- Infection mechanism: the means by which a virus spreads or propagates.
- Trigger: the event or condition that determines when the payload is activated or delivered.
- Payload: what the virus does (besides spreading).
Malware Classifications
- By targets: boot sector infector, file infector, macro virus, multipartite virus.
- By concealment strategy: encrypted virus, stealth virus, polymorphic virus, metamorphic virus.
Malvertising
- Places malware on websites without compromising them.
- Uses malicious ads to infect visitors to the targeted websites.
Clickjacking
- Also known as a user-interface (UI) redress attack.
- Uses a similar technique to hijack keystrokes.
- Vulnerability used by an attacker to collect an infected user's clicks.
Social Engineering
- "Tricking" users to assist in the compromise of their own systems.
Macro and Scripting Virus
- Infects scripting code used to support active content in a variety of user document types.
- Threatening because they are platform-independent, infect documents, and are easily spread.
Active Content Virus
- Active content refers to dynamic objects that do something when the user opens a webpage.
- Has potential weaknesses that malware can exploit.
Worm Technology
-
Multi-platform: worms are not operating system specific.
-
Multi-exploit: worms penetrate systems using a variety of methods.
-
Ultrafast spreading: exploits various techniques to optimize the rate of spread of the worm.
-
Polymorphic: to evade detection, worms adopt the virus polymorphic technique.
-
Metamorphic: in addition to changing their appearance, metamorphic worms have a collection of behavior patterns that are unleashed at different stages of propagation.
-
Zero-day exploit: to achieve maximum surprise and distribution, a worm should exploit an unknown vulnerability that is only discovered by the general network community when the worm is launched.### Types of Malware
-
Memory-based malware: Has no persistent code, survives only in memory, and cannot survive a reboot, making it hard to detect.
-
User mode malware: Intercepts API calls and modifies returned results.
-
Kernel mode malware: Intercepts native API calls in kernel mode, can hide malware process presence, and remove it from the kernel's list of active processes.
-
External mode malware: Located outside the normal system operation, in BIOS or system management mode, allowing direct hardware access.
Payload Classifications
- System Corruption: Causes damage to physical equipment, such as Stuxnet worm, targeting specific industrial control system software.
- Attack Agents (Bots): Takes over another internet-connected computer, using it to launch or manage attacks, creating a botnet capable of coordinated actions.
- Remote Control Facility: Implements remote control using an IRC server, allowing bots to join a specific channel and receive commands.
- Information Theft (Keyloggers and Spyware): Captures keystrokes to monitor sensitive information, or subverts the compromised machine to monitor system activity.
- Information Theft (Phishing): Exploits social engineering, masquerading as a trusted communication, to capture login credentials.
- Stealthing (Backdoor): A secret entry point into a program, allowing an attacker to bypass security access procedures.
- Stealthing (Rootkit): A set of hidden programs, giving an attacker administrator privileges, allowing them to add/remove programs, monitor processes, and access the system.
Malware Countermeasures
- Prevention: The ideal solution to malware threats, involving policy, awareness, vulnerability mitigation, and threat mitigation.
- Detection, Identification, and Removal: Technical mechanisms used to support threat mitigation options.
Generations of Anti-Virus Software
- Multiple generations of anti-virus software: Developed to combat evolving malware threats.
Web Application Attacks
- OWASP Top 10: A standard awareness document for developers and web application security, highlighting critical security risks.
- Security Flaws: Include handling program handling, buffer overflow, injection flaws, cross-site scripting, and improper error handling.
- CWE/SANS Top 25 Most Dangerous Software Errors: A list of poor programming practices causing the majority of cyber attacks.
Software Security, Quality, and Reliability
- Software quality and reliability: Concerned with accidental program failures, improved through structured design and testing.
- Software security: Triggered by unusual inputs, rarely identified by common testing approaches.
Handling Program Input
- Unvalidated input: A common failing in web application security, leading to vulnerabilities.
- Program input interpretation: May be binary or text, requiring care to identify character sets and encoding.
SQL Injection Attacks
- SQL injection attacks: Exploit web application pages, inserting or "injecting" a SQL query via input data.
- Attack goals: Include bulk data extraction, modifying database data, executing administration operations, and recovering file system content.
XML External Entity Processing
- XML external entity injection attack: Accepts data from the client without validation, allowing tampering with an existing XML page and parsing different commands.
Cross-Site Scripting (XSS) Attacks
- XSS attacks: Use the web server to attack the client side, injecting code fragments into input fields.
- Types of XSS attacks: Include persistent, reflected, and DOM-based XSS attacks.
SQL Injection Techniques
- Tautology: Injects code into conditional statements to always evaluate to true.
- End-of-line comment: Nullifies legitimate code using end-of-line comments.
- Piggybacked queries: Adds additional queries to the intended query.
- Inferential attack: Reconstructs information by observing the website's behavior.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers security controls, application layer controls, host to host/transport layer controls and network layer security in the context of cyber security. It is part of the 6COSC019W course at the University of Westminster.