Malware and Web Security
How are stateful and stateless firewalls different?
Stateless: fixed set of rules to follow; static
Stateful: monitors behavior on active connections; dynamic
Command (and flag!) for showing hidden files in a directory
ls -a
What is the valid range of numbers that may appear as part of an IPv4 address?
0-255
What does DNS stand for, and what does it do?
Domain Name System, relates text URLs to IP addresses
Derek says "data sent over HTTPS is encrypted." Anh says "nah bro, it's hashed."
Who's right, and why?
Tariq is - encrypted content can be un-encrypted by the recipient, but hashed content cannot ever be un-hashed.
How are viruses and worms different?
Viruses require a host to spread (like an infected email attachment); worms can propogate and spread themselves.
What does the "file" command do?
Displays information about the file, most notably its type
What information is stored in the first 6 digits of a MAC address?
Manufacturer of the computer's NIC (network interface card)
What are the default port numbers for HTTP and HTTPS?
80 and 443
How is a switch different from a router?
A switch can send packets between computers on a LAN; routers can convert between IP configurations and pass packets between networks.
Why is logging crucial for mitigating attacks on systems, when it cannot prevent or detect intrusion?
Logs keep track of actions taken by bad actors to help harden the system against future attacks.
Linux command for searching for text within a file
grep
Why are MAC addresses considered "physical" and IPs considered "logical" addresses?
MACs are embedded into the physical firmware of a network card, whereas IPs are dynamic and determined algorithmically (a.k.a. "logically")
What's a PAN network? Give an example pls!
Personal Area Network; your AirPods connecting to your phone, or NFC when paying with Apple Pay or a tap credit card
What is a "SOHO" network?
Small Office/Home Office; usually small company networks managed in-house (and thus vulnerable to attacks!)
What is the "back end" of a website, and which type of web attack targets it?
"cat" prints file contents to a terminal. What is "cat" short for?
concatenate
Describe the role of DHCP in networking.
Dynamic Host Configuration Protocol; used by the router to assign IPs to computers on the network.
How do VLANs and subnets improve security?
Subnets are separated from each other, helping contain malicious networking activity
Name the purpose of the two reserved IPs on a network (.0 and .255)
.0 is for the router ("network address") .255 is "broadcast" i.e. messages sent to every computer on the network
Describe the difference between a fork bomb and a zip bomb.
Fork bombs recreate themselves until RAM is overwhelmed; zip bombs expand files until "hard disk" storage space is overwhelmed.
What is the point of "piping" a command into less? For example: cat myfile.txt | less
Makes the contents of long files scrollable in the terminal
Why must you often spoof a MAC before spoofing an IP on a network?
The router won't give you a new IP unless your MAC has changed (and you appear to be a new computer)
Name three pieces of information stored in a typical networking packet.
Source IP, Destination IP, Data, TTL, version number, length, source/dest port, flags...
Describe how a "MAC flood" works.
Use ARP to fill a router's CAM table with too many MAC/IP addresses; cause the router to "fail open" and potentially leak information or behave erratically.