File Extension Attack
Give this one a try later!
The Windows New Technology File System (NTFS) allows filenames to
extend up to 235 characters. These extremely long filenames are usually
abbreviated on directory displays and in other presentations, thus hiding
the fact that there may be a double file extension or other hidden
filenames.
When performing system hardening, what are the two primary phases or operations
to be performed?
Give this one a try later!
, Remove what is unnecessary, and lock down whatever remains. When
performing system hardening, the two primary phases or operations to be
performed are remove what is unnecessary and lock down whatever
remains. These two operations are the basis of all forms of hardening,
whether labeled as system, software, network, organizational, or code. The
goal is to strip down to only the essential mission critical elements of a
system. If something is present that is not necessary to support an essential
task or function, it should be removed or disabled. This will minimize the
attack surface. Then, whatever remains should be secured as best as
possible, based on knowledge, skill, and budget.
Covert Channel
Give this one a try later!
Any means of communication other than the standard channel of
communication is referred to as using a covert channel, such as, for
instance, sending messages on a control channel of a device.
How does a Trojan horse get past security mechanisms to harm a victim?
Give this one a try later!
, By seeming to be a benign item. A Trojan horse is able to get past security
mechanisms to harm a victim by seeming to be a benign item. A Trojan
horse is a combination of a technological attack as well as a social
engineering attack. The technological attack component is the integration
of a malicious payload with an otherwise benign host. The host could be a
utility, game, screensaver, browser plug-in, document, or even an image
file. When the host is accessed or used, the malicious payload is delivered
to the system. The social engineering component is tricking the victim into
believing that the file being offered to them is just the obvious host item. A
Trojan horse is a very effective mechanism because it causes human victims
to bring the malware into their environment, often bypassing any security
filters that otherwise would have prevented an externally initiated attack or
intrusion.
Answer C is incorrect. A Trojan horse does NOT get past security by
attaching itself to an existing file. This is the operation of a virus. A virus
attaches itself to an existing file in order to be activated into memory when
the host file is accessed by a user.
Answer D is incorrect. A Trojan horse does NOT get past security by using
system resources to distribute itself to other networked devices. This is the
operation of a worm. A worm attempts to replicate and duplicate itself,
often consuming significant system resources, as it attempts to spread to
other networked devices.
Answer B is incorrect. A Trojan horse does NOT get past security by
displaying advertisements for intriguing applications. This is the operation
of Web pop-ups. They often advertise fake security programs or phishing
attack scams. When a user clicks to accept or reject an offer, the malicious
code is installed anyway. This is because the standard browser control
frame and operation buttons have been disabled and only a graphic is
actually being displayed. However, the graphic includes re-creations of
control frame and standard buttons so they visually look real, but all pixels
on the graphic are programmed to trigger malware installation.
Rapid Elasticity
Give this one a try later!
, Any IT department that has managed a corporate "shared drive" knows how
these can fill up very quickly. Also, it is usually very difficult to determine
the owner of files and information stored on the shared drive. It's not
unusual to find, for example, a series of PowerPoint presentations from
2002 with no information about whether they can be deleted or not. The
same is absolutely true of cloud-based storage. Once storage space
begins to expand, it is very difficult to contract it. Unlike the simple shared
drive on an in-house network, cloud-based storage containing the same
information will be incrementally more expensive.
ActiveX
Give this one a try later!
is a technology implemented by Microsoft to customize controls, icons,
and other features to increase the usability of web-enabled systems. It
allows full access to the Windows operating system.
Pharming
Give this one a try later!
a type of social engineering attack to obtain access credentials, such as
usernames and passwords. In practice, it's a type of attack that redirects the
user to an unexpected website destination. Pharming can be conducted
either by changing the hosts file on a victim's computer or by exploiting a
vulnerability in DNS server software.
Rogue Software
Give this one a try later!
Give this one a try later!
The Windows New Technology File System (NTFS) allows filenames to
extend up to 235 characters. These extremely long filenames are usually
abbreviated on directory displays and in other presentations, thus hiding
the fact that there may be a double file extension or other hidden
filenames.
When performing system hardening, what are the two primary phases or operations
to be performed?
Give this one a try later!
, Remove what is unnecessary, and lock down whatever remains. When
performing system hardening, the two primary phases or operations to be
performed are remove what is unnecessary and lock down whatever
remains. These two operations are the basis of all forms of hardening,
whether labeled as system, software, network, organizational, or code. The
goal is to strip down to only the essential mission critical elements of a
system. If something is present that is not necessary to support an essential
task or function, it should be removed or disabled. This will minimize the
attack surface. Then, whatever remains should be secured as best as
possible, based on knowledge, skill, and budget.
Covert Channel
Give this one a try later!
Any means of communication other than the standard channel of
communication is referred to as using a covert channel, such as, for
instance, sending messages on a control channel of a device.
How does a Trojan horse get past security mechanisms to harm a victim?
Give this one a try later!
, By seeming to be a benign item. A Trojan horse is able to get past security
mechanisms to harm a victim by seeming to be a benign item. A Trojan
horse is a combination of a technological attack as well as a social
engineering attack. The technological attack component is the integration
of a malicious payload with an otherwise benign host. The host could be a
utility, game, screensaver, browser plug-in, document, or even an image
file. When the host is accessed or used, the malicious payload is delivered
to the system. The social engineering component is tricking the victim into
believing that the file being offered to them is just the obvious host item. A
Trojan horse is a very effective mechanism because it causes human victims
to bring the malware into their environment, often bypassing any security
filters that otherwise would have prevented an externally initiated attack or
intrusion.
Answer C is incorrect. A Trojan horse does NOT get past security by
attaching itself to an existing file. This is the operation of a virus. A virus
attaches itself to an existing file in order to be activated into memory when
the host file is accessed by a user.
Answer D is incorrect. A Trojan horse does NOT get past security by using
system resources to distribute itself to other networked devices. This is the
operation of a worm. A worm attempts to replicate and duplicate itself,
often consuming significant system resources, as it attempts to spread to
other networked devices.
Answer B is incorrect. A Trojan horse does NOT get past security by
displaying advertisements for intriguing applications. This is the operation
of Web pop-ups. They often advertise fake security programs or phishing
attack scams. When a user clicks to accept or reject an offer, the malicious
code is installed anyway. This is because the standard browser control
frame and operation buttons have been disabled and only a graphic is
actually being displayed. However, the graphic includes re-creations of
control frame and standard buttons so they visually look real, but all pixels
on the graphic are programmed to trigger malware installation.
Rapid Elasticity
Give this one a try later!
, Any IT department that has managed a corporate "shared drive" knows how
these can fill up very quickly. Also, it is usually very difficult to determine
the owner of files and information stored on the shared drive. It's not
unusual to find, for example, a series of PowerPoint presentations from
2002 with no information about whether they can be deleted or not. The
same is absolutely true of cloud-based storage. Once storage space
begins to expand, it is very difficult to contract it. Unlike the simple shared
drive on an in-house network, cloud-based storage containing the same
information will be incrementally more expensive.
ActiveX
Give this one a try later!
is a technology implemented by Microsoft to customize controls, icons,
and other features to increase the usability of web-enabled systems. It
allows full access to the Windows operating system.
Pharming
Give this one a try later!
a type of social engineering attack to obtain access credentials, such as
usernames and passwords. In practice, it's a type of attack that redirects the
user to an unexpected website destination. Pharming can be conducted
either by changing the hosts file on a victim's computer or by exploiting a
vulnerability in DNS server software.
Rogue Software
Give this one a try later!
