How Much Do You Know About Cybersecurity?

Questions and Answers

Describe the following terms: (a) [1 mark] State actor attackers (b) [1 mark] Zero-day vulnerabilities (c) [1 mark] Script Kiddies

(a) [1 mark] Governments are increasingly employing their own state-sponsored attackers for launching cyberattacks against their foes. These attackers are known as state actors (b) [1 mark] Vulnerabilities can be exploited by attackers before anyone else even knows it exists. This type of vulnerability is called a zero day because it provides zero days of warning (c) [1 mark] Individuals who want to perform attacks, yet lack technical knowledge to carry them out. They download freely available automated attack software and use it to attack

In context of vulnerability scanning, explain: (a) Intrusive scan (b) nonintrusive scan

(a) An intrusive scan attempts to employ any vulnerabilities that it finds, much like a threat actor would (b) A nonintrusive scan does not attempt to exploit the vulnerability but only records that it was discovered

In context of memory vulnerabilities, explain buffer overflow attack and integer overflow attack

(a) Buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. This extra data overflows into the adjacent memory locations (b) Integer overflow attack changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow. For example, withdrawing $1 from an account that has a balance of 0, which could cause a new balance of $4,294,967,295

In context of ’application development concepts’, explain the waterfall model and agile model

(a) Waterfall model – uses a sequential design process: as each stage is fully completed, the developers move on to the next stage, i.e., once a stage is finished, developers cannot go back to previous stage without starting all over again (b) Agile model – takes an incremental approach; developers might start with a simplistic project design and begin to work on small modules. The work on these modules is done in short “sprints”, and at the end of each sprint, the project’s priorities are evaluated as test are being run. One specific type of software methodology that follows the agile model and heavily incorporates secure coding practices and techniques is called SecDevOps.

(a) [2 marks] In context of hash functions, describe collision, and collision attacks. (b) [1 mark] Provide at least one reason for which a hash algorithm that is subject to collision attacks no longer will be used in the cryptographic sector.

(a) When two inputs produce the same digest this is known as a collision. A collision attack is an attempt to find two input strings that produce the same digest. (b) A common usage of hash functions is in digital signatures, i.e., instead of signing the message (which is generally large) the hash value of the message is signed. If the hash function is subject to collision attack, the signed message can be replaced with another message.