Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by Luke Mcmahon

Threats, Attacks and Vulnerabilities

advertisement 
Malware is anything you didn’t install on your computer and you didn’t authorize.
Malware is an umbrella term.
A virus is a piece of code the runs on your computer and causes undesired effects.
Viruses require a host. They need a way to get onto your system.
How does a virus gain a host? [DON’T OPEN EMAILS WITH ATTACHMENTS]
Downgrade Attack
Weak Cipher considerations:
SSL 2.0 vs 3.0 (should really be implementing SSL these days)
TLS 1.0 vs TLS 1.1 vs TLS 1.2 (Should be using TLS 1.2)
WEP vs WPA vs WPA2 (Shouldn’t be using WEP)
TKIP vs CCMP [types of WPA] (lets you take advantage of AES rather than a stream cipher)
PPTP/MPPE vs L2TP/IPsec [not too worried about the tunnelling protocol/Not worried about what’s
before “/”] (Microsoft Point2Point Encryption is weak. Important to use L2TP because that tunnelling
protocol because it utilizes IPsec encryption)
RC4 vs RC5 (Rc4 is a stream cipher. Rc5 is a block cipher)
DES vs 3DES vs AES (DES shouldn’t be used. 3Des used with things like IPsec. Should be using AES 256bit)
Be aware when implementing a system that clients can’t downgrade, know security technologies, pick
the right one to make sure your systems are secure!
Cross-site request forgery (CSRF) - Validate both the client side & server
Cross-site scripting (XSS) - Implement input validation
Session hijacking – Encrypt communications between the two parties
Malicious add-ons – Implement application white-listing
Impact of Various Vulnerabilities
Race conditions =
In our modern computing, we have multi-threaded CPU’s which can handle a lot of info simultaneous.
Race condition is about a system that is trying to multi-task. Two tasks at the same time, but these tasks
much be done in the correct order. If they are done out of order maybe the app will crash or BSOD
occurs, can cause data corruption. Maybe data gets overwritten
End of life systems =
Windows XP no longer supported by Microsoft. Microsoft will publish EOL (end of support) document.
If your system doesn’t get updates, you’re vulnerable/ Server 2003 also EOL / why not upgrade? $$$
If you have to use EOL systems, isolate them on the network
Improper input handling
Sometimes when you try to use certain characters in file / website sign up pages you’re denied.
This is because some strings of characters may be read by the web server/system which can allow the
execution of code to be ran, thus gaining access to SQL database. Inputs, outputs, corrupts, encrypts etc
etc
The larger the data/application may have several entry points for data to the server/system
Why are we still vulnerable?
Improper Error handling
Things such as “invalid password” Thanks buddy, now I know the password is wrong and the user name is
probably right.
“Login failed: account disabled” So maybe the login details were correct
Giving more information than you need to.
Misconfiguration/weak configuration
Unused services/protocols. Change Default settings. Change Admin account name to something else.
Disable remote administration. Firmware update might reset some settings back to default.
Memory leaks can cause problems if you overload a system.
Misconfigured accounts / considerations
Guest Accounts, Administrator Accounts, Shared Account, Service accounts
In xp, the first user account would be the system admin. That user will have access to the entire machine.
Security Identifier = Doesn’t matte what admin was called, I just find the security ID therefore I can
execute an escalation privilege attack Only give end users enough they need, no reason to make users
admins!
These days, management is much each easier to manage things like services accounts in windows 10
Setting a “No expire” passwords is bad because you can give a brute force attack everything they need to
crack your password! Don’t be lazy. Don’t take shortcuts. There are no shortcuts in security!
Memory and Buffer
Memory leak = When an app holds a portion of memory, when the app doesn’t need to anymore, it
doesn’t remove that data, it holds onto that data in that portion of memory This process builds up which
will end up using the system resources. Can cause memory to spill over over (Buffer overflow)
Buffer overflow = Sending more information than the buffer can hold. If we fill up this buffer and it spills
over, we get our code to unchecked portions of memory. We can overwrite app data, crash the
application, crash the OS or worse of all, it can execute unsigned code.
Integer overflow = Bug in software. Humans read in BASE TEN, decimal system. Computers read in BASE
two, binary.
To store decimal value 155 = 8 Bits // 101 = 8 Bits (256 possibilities / 0 – 255)
Well, If it takes 9 bits to store 256, what happens to the other bit? Well that’s an Integer overflow
What happens? Some random event, Data loss Glitch maybe? However, worst case scenario is the
execution of unsigned code
Improper certificate and key management:
Multi back up password databases and keys to offsite backs as well as an onsite backup.
Have one person assigned to backups and another assigned to recovery of said backups
Related documents
Final Exam - Topic Outline
Final Exam - Topic Outline
Homework 1.
Homework 1.
Download
advertisement