Firewalls
Packet-filtering firewalls primarily operate at these OSI layers.
Network and Transport layers
Malware that requires a host program to spread.
A Virus
This term refers to anything valuable that needs protection in a system
asset
Why is default configuration not reliable?
Default configuration is set to maximize ease of use and functionality rather than security
Each function call creates one of these on the stack
stack frame
This network segment hosts public-facing services like web or email servers.
DMZ
These are the two broad ways malware is commonly classified
propagation method and payload
NIST describes this as the magnitude of harm expected from a threat event
impact
This Linux assessment tool identifies hosts and network services
nmap
Buffers may exist in these three memory regions of a process.
stack, heap, data section
An attacker splitting TCP headers into tiny pieces to evade filtering is performing this attack.
tiny fragment attack
This is one of the famous worms we learned about
Melissa, Code Red, Nimda, SQL Slammer, MyDoom, Stunt, Wannacry
A condition that increases the likelihood a vulnerability may be exploited
Predisposing condition
This principle recommends removing unnecessary services and applications to reduce risk
minimizing attack surface
In a classic stack smashing attack, the attacker’s primary goal is often to overwrite this value to redirect execution
return address
Stateful firewalls dynamically allow traffic to high-numbered ports only if it matches this.
an established connection
This type of virus changes its code appearance with every infection to avoid detection
polymorphic
According to NIST, risk is commonly determined by combining these two major factors.
likelihood and impact
Long-term storage maintained for compliance or historical access
archives
This infamous C function reads input without bounds checking
gets()
These are use cases for application level firewalls
Preventing Application Layer attacks (SQL injection, XSS)
Web Filtering & Content Control (Blocking Malicious websites)
Mitigating data exfiltration risks
Unlike worms and viruses, Trojans generally do not do this
Self Replicate
is a weighted risk factor based on an analysis of the probability that a given threat is capable of exploiting a given vulnerability
likelihood of occurrence
Logging is extremely useful but what is its fault?
It can only detect issues after they occur
This compiler-based defense places a random value before the return address to detect corruption.
Stack Canary