Study sets, textbooks, questions
Upgrade to remove ads
Terms in this set (78)
What are the seven OSI layers?
Please Don't Neck Tonight Said Preacher Allen (1. physical, 2. datalink, 3. network, 4. transport, 5. Session, 6. presentation, 7. application)
What are the four most common/significant OSI layers?
Datalink, Network, Transport, Application
Example of Datalink layer protocols
Examples of Network layer protocols
IP (internet protocol), ARP (address resolution protocol), ICMP, BGP
Examples of Transport layer protocols
TCP (transmission control protocol), UDP (user datagram protocol)
Examples of Application protocols
HTTP (hyper text transfer protocol), DNS (domain name system), SMTP (simple mail transport protocol)
How many bits are there in an IP address and what does it look like?
32 bits; 184.108.40.206 or 192.168.1.1 (basically n.n.n.n)
How many bits in a MAC/Ethernet address and what does it look like?
48 bits; aa:bb:cc:dd:ee:ff or 11:22:33:44:55:66 (can have both letters and numbers, but there are six doubles)
---- connects at least two different networks together
----- connects lots of computers on the same network together
---- protects a network from rogue traffic entering and connecting to internal services
The ---- protocol translates name to IP address and vice versa. This protocol is set up hierarchically
DNS (domain name service)
At the basic level, computers use a base-2 numbering system known as -----. Dealing with such small quantities is annoying and impractical and thus it is much more common to group the base-2 numbering into 8 bit quantities known as ------- and reference those quantities via a base-16 numbering system known as --------.
1. binary, 2. bytes, 3. hexadecimal
What does ARP do?
In the network layer, ARP (address resolution protocol) translates ethernet addresses into IP addresses.
What is ICMP and what does it do?
Internet Control Messaging Protocol; used for troubleshooting, can be used to sneak information around the internet
Difference between TCP and UDP?
TCP has sessions and port numbers; lots of overhead, but really useful for data that you want to be sure is delivered.
UDP has no session and port numbers; low overhead, and therefor useful for real-time protocols like voice (faster?)
What is a load balancer?
balances the traffic load amongst lots of different servers
How many root servers does DNS have?
What are some laws commonly brought up when dealing with surveillance issues?
1. FISA (foreign intelligence surveillance act 1978) - the USG can't spy domestically unless there is an exception
2. FISA Amendments Act, USA Patriot Act - the USG can access domestically held data to/from/about foreigners, but must follow procedures
3. Computer Fraud and Abuse Act 1984 - you can't access someone's computer that isn't yours
4. Electronic Communications Privacy Act 1986 - you can't record someone's communications unless there is an exception
Data about data is called ----. The actual conversation is called -----.
1. metadata, 2. content
What are three different types of metadata?
1. descriptive - information about who created a resource, what it's about, and what it includes
2. structural - additional data about the way data elements are organized, their relationship and the structure they exist in
3. administrative metadata - provides info about the origin of the resources, their type and access rights
What are some examples of the kinds of analysis one can do with content?
1. malware analysis
2. intellectual property theft
3. read email
4. listen to phone calls
What can wireshark be used for?
1. reading metadata
2. reading content
3. troubleshooting network problems
5. capturing packets and analyzing protocols
Name three older, unencrypted protocols that we have examined in class. ----- is for moving files. ----- is for remotely commanding computers. ------ is for transferring and requesting web pages.
1. FTP (file transfer protocol), 2. Telnet, 3. HTTP
What are the modern, encrypted equivalents of FTP, Telnet, and HTTP?
SCP (secure copy), SSH (secure shell?), HTTPS (secure web)
the art and science of keeping messages SECURE
the art and science of BREAKING ciphertext
Those who make codes, break codes, or both
the message in its original, clear form
an encrypted message
disguising a message to hide the content of the message
turning ciphertext back into plaintext
the security of the algorithm is based on keeping the algorithm secret
a necessary piece of information used to encrypt or decrypt a message
Symmetric key crypto
using the same key for both encryption and decryption
Asymmetric (public key) crypto
using different keys for encryption and decryption
each character in the plaintext is substituted for another in the ciphertext
the order of the output is shifted
The only perfect encryption method is called a -----. This method depends on three things to maintain its perfect secrecy:
one time pad; 1. key length = message length; 2. the key is truly random; 3. the key remains secret
Good crypto algorithms never rely on ----- of the algorithm
secrecy or privacy
A ------- secure algorithm means it is breakable, but not with the currently available computing power.
Trying every possible key in the key space is called a -------- attack.
If I am using a list of likely words as my key choices, I am performing a ----- attack.
hide a message inside of another medium (eg a photo); useful to disguise the existence of encrypted message
changes plaintext into ciphertext by moving the alphabet some number of positions to the left or right and then substituting the plaintext letter for the cipher text letter
Four general types/situations of cryptanalysis attack:
1. ciphertext-only attack: attacker has several encrypted messages all encrypted with the same algorithm. hardest situation
2. known-plaintext attack: attacker has some ciphertext messages and their associated plaintext messages. have to figure out the key used to convert
3. chosen-plaintext attack: same as known-plaintext, but attacker gets to pick the plaintext that's encrypted. More powerful than the prior
4. Adaptive Chosen-plaintext attack: attacker gets to change how and what plaintext she wants based on the previous request; this provides even more insight
Describe the basics of TOR.
TOR is a special kind of VPN.
Your traffic is unencrypted a layer at a time as you go through hops, and the final layer is stripped off on the last hop.
All connections have at least three hops.
What is compromise vs. attack in regards to cryptography?
compromise - someone leaks the key, usually by accident
attack - an attempt to discover the key or algorithm
Cyber Kill Chain Steps (7) and what they are
1. Recon: find what you want to attack (e.g. scanning, shodan, banner grabbing)
2. Weaponization: Combing an exploit and a payload which will work for the target
3: delivery: getting your weaponized package to the target
4. exploitation: getting your package to run on the target
5. installation: install software in a way that the host doesn't notice
6. command and control: need a way to issue commands
7. action on objective/target: take data or do whatever it is you came for
What is cross site scripting (XSS)?
Two types of XSS?
Watering hole attack
designed to catch a member of a particular group of people by figuring out what they have in common and then poisoning their commonly visited service
when we insert SQL commands into the query being offered by the browser to the server and the server executes those extra commands (eg. example done in class with bank info)
A successful SQL injection can:
1. read from a database
2. write to the database
3. delete/trash the database
Four key ways to defend against XSS and SQLi
1. good development practices
2. web application firewalls
3. egress alerting
4. log monitoring
Define a vulnerability
a weakness in the computation logic (code) found in software and some hardware (eg firmware) that, when exploited, results in a negative impact to 1. CONFIDENTIALITY, 2. INTEGRITY, or 3. AVAILABILITY
Coding malfunction vs. logic bug
Coding malfunction: a vulnerability where the software was written using some language feature or coding practice which resulted in an exploitable bug
Logic bug: a vulnerability where the code is written correctly, but the way the software executes results in something the developer didn't expect
Two negative consequences of vulnerabilities are:
1. gaining execution
2. denial of service - type of vulnerability
A type of software that can automatically search for potential vulnerabilities:
A computer always executes instructions in order. That order is determined by placing them in a special kind of list where new instructions are added to the top of the list so that the last thing added is the first thing executed. This kind of special list is called a -----
Describe how a buffer overflow works
A buffer overflow writes past the end of the STACK FRAME onto the RETURN POINTER, which then points back the the SHELL CODE at the front of your buffer, causing the computer to jump to this code and execute from there instead of returning to where it was supposed to be.
when you overwrite the boundary of a chunk of memory on the heap such that we get the computer to execute some code which the original program wasn't expecting
exploitation technique by which the attacker allocates large blocks of memory and then fills them with shell code starting at various points in the blocks of memory, which makes the computer likely to execute one of these chunks
Return Oriented Programming
when we push pieces of machine code instructions which are already present in a process onto the stack as arguments to a function which will then mark the section of memory where we have our shell code as executable
Remote code execution
throw some packets across the wire and gain execution on the target host purely from across the network
interactive vs. programmatic operations
interactive ops: when an operator sits down at a keyboard and types in commands
programmatic ops: when you launch a program that will automatically do all the work for you
implants vs. exploits
implants need an exploit to get started; implants are just pieces of software that accomplish an attacker's goal; exploit is just a means to an end
What are some features you might want in an implant?
stealth, get and put file, execute file, log clean up, geolocation, key logger, ability to screenshot, process list, camera, microphone
What are "effects?"
any change to the adversary/target infrastructure in the physical world
malicious software designed to help an attacker accomplish their goal (same as an implant really)
convincing a target to do something against their best interest/manipulating them
To prepare for a social engineering attack, you should think about these three things:
1. medium - how you convey your message
2. compliance principles - what will cause the victim to comply with your goals?
3. technique - what exactly are you going to say/do?
targeting a specific victim with an email message to get them to click on a link or execute a file
creating a reasonable reason to connect with someone
taking advantage of someone's greed to get them to take your offering
What are some ways to counter social engineering?
two factor authentication
using a completely separate network
----- is made up of DKIM and SPF and is used by mail servers to prevent spearphishing attacks. It uses DNS and the mail servers are digitally signed.
----- is following closely after someone as they enter a secure area
Other Quizlet sets
Adaptive Practice Ch 7
Bible test review John 9-13
info Mang 3778
Lesson 2: TKAM Chapters 2-5