CySec Foundations Teil 2
CySec Foundations Teil 2
CySec Foundations Teil 2
Set of flashcards Details
| Flashcards | 210 |
|---|---|
| Language | Deutsch |
| Category | Computer Science |
| Level | University |
| Created / Updated | 31.07.2020 / 10.08.2020 |
| Weblink |
https://card2brain.ch/box/20200731_cysec_foundations_teil_2
|
| Embed |
<iframe src="https://card2brain.ch/box/20200731_cysec_foundations_teil_2/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is special about Stuxnet?
It was the first time that malicious code caused physical damage and it was the first time code was used in warfare between nations
What does Spyware do?
monitors actions and transmits important details to a remote system
What is Adware?
displays ads on infected computers
may monitor shopping patterns and redirect to competitors
Give a definition of an antivirus
program used to prevent, detect and remove malware
What does an AV do if it detects an infection?
if possible, eradicate the virus, disinfect affected files, restore machine to safe condition
if the software doesn't know how to remove, quaranties virus
if it cannot be quarantied, the files are deleted
How does signature based AV work?
AV maintains a large DB of signatures which it looks for
What is heuristic based AV?
analyse the behaviour of software
What is data integrity AV?
designed to alert sysadmins of unauthorized file modifications
e.g. sudden changes in executable files
How does a buffer overflow attack work?
give an input that is too large for a datastructure -> memory of other structures is overwritten
What does TOCTTOU or TOC/TOU stand for?
Time of Check to Time of Use
How does a TOCTTOU attack work?
e.g. file permissions that are loaded upon logon, after which alterations in permissions don't have any effect
What is a Back Door attack?
backdoors are undocumented command sequences that allow attackers to bypass normal access restrictions
- may be created by malicious code
- may be created by devs in order to debugg and then not removed in production
What is Escalation of privilege and what are rootkits?
EoP -> attacker expands from normal user account to admin
rootkit exploit known vulnerabilities in OS an increase access to root
What is XSS?
Cross site scripting
may have effect upon reflection of user generatec content in webpages
What is XSRF or CSRF?
Cross-Site Request Forgery
- attacker embeds code in website that sends commands to a seconds website
- if users logged on second website, command may succedd
In which network zone are webservers often located?
The DMZ = demilitarized zone
What is a SQL Injection attack?
SQL is entered in an input field -> SQL statement may be created dynamically -> SQL entered by attacker is executed by server
How does one protect against SQL Injection?
- use of prepared statements
- limit account privileges
- perform input validation
How does SYN flooding work?
- send TCP SYN segments to open ports with spoofed IP
- server replies with SYN/ACK
-> results in 'half-open connections' until the server cannot accept new connections
What does a botnet consist of?
bots / zombies
botmaster
What is a man-in-the-middle attack?
attacker inserts himself between client an server
-> traffic is forced through the attacker machine
- attacker can view and control all network traffic
What is a man-in-the-browser attack?
- trojan horse installed as plugin
-> capture formdata
-> inject JS into websites
-> hijack authentication sessions
What are replay attacks?
an attempt to reestablish a communication session by replaying captures traffic
What is a modification attack?
packages are captured, altered and then replayed against a system
List the steps of the TLS 1.2 Handshake
C -> S
1. ClientHello
C <- S
2. ServerHello
3. [Certificate]
4. [ServerKeyExchange]
5. ServerHelloDone
C -> S
6. [Certificate]
7. ClientKeyExchange
8. [CertificateVerify]
9. ChangeCipherSpec
10. Finished
C <- S
11. ChangeCipherSpec
12. Finished
What is sent in the ClientHello message during the TLS Handshake?
- supported TLS version
- random number
- supported Ciphers by the client
- [Extensions]
- [Session ID] (optional)
What is sent in the ServerHello?
- TLS version
- random number
- CipherSuite
- [Session ID]
Which is the first encrypted message during the TSL 1.2 Handshake?
The Finished message; it's sent after the ChangeCipherSpec message
What are some differences between the TLS 1.2 and TLS 1.3 handshake?
- ECDH keys are sent in ClientHello / ServerHello
- no ChangeCipherSpec message
Which is the first encrypted message in the TSL 1.3 handshake?
The second message
What is the 0-RTT Resumption in TLS 1.3?
During application data, server can send a pre-shared key for use next time
- allows to resume sessions very quickly
A CA hands out signatures. What is signed by the CA and what does this signature imply?
The CA signs the public key of a server / user to verify the confidence of authenticity of a server / user.
What parts of a certificate are confidential and should be encrypted?
The private key with which encryption happens
What is an issuer and what is a subject in X.509 certs? How are they called?
Issuer: the CA releasing the cert. CA is part of the trust chain
Subject: cert holder.
What happens if the client receives a CertificateRequest during a TLS handshake and doesn't send a Certificate and CertificateVerify?
The server blocks the rest of the communication and sends a fatal error
Why should a digital certificate be signed by a third party?
because any server can create a pirvate and public key and pretend to be a certain server
Where does the chain of trust always end?
On a root cert that is located on the clients machine
How is a root cert signed and why is it trustworthy?
it is self-signed
its trustworthy because it is pre-installed on the clients machine
What is the problem with ciphertexts that haven't been secured with a MAC?
The integrity cannot be guaranteed
In the TLS 1.2 handshake, which information will the Finished mesage sent by the client contain?
hash or MAC of the entire handshake so far
