25 Questions
What is a common way for attackers to decrypt data flowing over an encrypted channel?
SSL stripping
How does an attacker perform an HTTP downgrade attack?
By sitting in the middle of communication and modifying the data flow
What method might attackers use to be in the middle of client-server communication for SSL stripping?
ARP spoofing
Why might a victim not notice an SSL stripping attack?
The attacker ensures everything looks normal on the screen
How can organizations mitigate the risk of SSL stripping attacks?
By upgrading and maintaining software on client and server workstations
What can attackers potentially gain access to during an SSL stripping attack?
Unencrypted data flowing between client and server
What does it mean when a software is deprecated?
Industry best practices recommend not using it.
When was SSL version 2.0 released?
1995
Which version of SSL was found to be vulnerable to cryptographic vulnerabilities and deprecated in June 2015?
SSL 3.0
What is the current name for the encryption method that was previously known as SSL?
Transport Layer Security (TLS)
Which version of TLS was released in 2006 but deprecated in January 2020?
TLS 1.1
What communication method does an attacker intercept in an SSL stripping attack to initiate an on-path attack?
HTTP communication
What is the main objective of an SSL stripping attack?
To decrypt encrypted data
How does an attacker initiate an SSL stripping attack?
By sitting in the middle of client-server communication
What visual clue might indicate an SSL stripping attack to a victim?
The absence of encryption indicators in the browser
Which technique might an attacker use to be in the middle of client-server communication for an SSL stripping attack?
DNS poisoning
Why is maintaining software important in preventing SSL stripping attacks?
To address vulnerabilities and security flaws
What can an attacker achieve by successfully executing an SSL stripping attack?
Modify communication between client and server
What action can help in preventing an SSL stripping attack?
Ensuring web servers only respond to HTTPS requests
Why was SSL version 3.0 deprecated in June 2015?
Because it was susceptible to cryptographic vulnerabilities
What is the primary goal of an SSL stripping attack?
To intercept and modify communication between client and server
Which version of TLS effectively replaced SSL 3.0?
TLS 1.0
What method does an attacker use during an SSL stripping attack to initiate communication with the web server?
Requesting the web server to switch from HTTP to HTTPS
In an SSL stripping attack, what does the attacker do after intercepting an encrypted page from the web server?
Sends it unchanged to the website visitor
What is one role of the attacker in an SSL stripping attack?
To decrypt and modify web server responses
Learn about how attackers can manipulate data flows in encrypted channels like HTTPS through techniques such as SSL stripping and HTTP downgrade attacks. Understand the risks involved in these attacks and how to protect against them.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free