Type Vulnerability Additional Information Definition Examples Risk Countermeasures Defense in Depth
1. Hardware (Electromagnetic) Emanations Tempest: a US Gov project Energy that escapes an electronic Van Eck radiation 1. can read the 1. STP (Shielded Twisted
to study EMR systems and can be captured by phenomenon contents of he Pair)
(electromagnetic radiation) capacitance motion detector and be computer screen
or EMI (electromagnetic monitored remotely remotely 2. Fiber Optic Cable
Interference) (Confidentiality) (uses light instead of
electricity, no EMI)
2. Cross Talk
(Integrity of the 3. Faraday cage: a metal
communication) skin that prevents
electromagnetic
emanation from
existing. It's expensive
but effective
3. Sofware virus need to attach to a carrier MBR (Master Boot and assessment, such as
Record):redirect the boot
process to load malware penetration test: usually
during the OS loading can identify OS
process Tools:
*Nmap (TCP/UDP port
scanning tool, to detect
Multipartite: use open/closed/filtered
multipropagation process ports; only scan a
mechanism to spread limited number of
between systems ports )
*Metasploit (a general
Macrovirus: written in the purpose tool)
same language used for MS
Office products (email etc) &
Malicious code Antimalware SW:
1. Signature Based vulnerability scanning
*Advanced Persitent Threat (APT): refer (known vulnerabilities)
to zero day exploit, no vendor supplied worms self propagation 2. Behavioral (Heuristic) Tools:
patch 3. Statically
1. Signature Based
*Advanced Persitent Threat (APT): refer (known vulnerabilities)
to zero day exploit, no vendor supplied 2. Behavioral (Heuristic) Tools:
patch Trojans perform two functions: one benign, Login Spoofing: the user is to steal user's 3. Statically
one malicious presented with a normal credentials - use *sql map (for detecting
looking login prompt trusted path sql
login, such *Nikito: web
alt+Del+Ctrl applications
*Nessus
Rootkits enable access to a computer or system removal is difficult privilege MBSA (Microsof
that is not otherwise allowed and ofen especially if the rootkis escalation baseline Security
mask its existence resides in the Kernel Analyzer): close source
*OpenVAS (open
Packer a tool to compress/modify/encrypt a source)
malicious file's format to avoid
detection
Logic Bomb trigger when a logical condition is met
Time of Check/Time of Use (TOC/TOU) RACE condition ofen missed in test Code Review/Analysis
environment
Covert Storage Channel Used shared storage to allow 2 subjects gain
to signal each other unauthorized
access to
sensitive
information
Covert channel Covert Timing Channel Rely on the clock system to infer 1. Typing with the rhythm gain
sensitive information of Morse Code unauthorized
2. guessing password one access to
letter at a time based on sensitive
the system response time information
Back Door a short cut in the system to allow a user Maintenance hook Code Review
to bypass security check
XSS (cross site scripting) allow for codes execution, access cookies, 1. input validation, and
: take advantage of reflected input more harmful session tokens should be placed in the
where input provided by one user can backend of the
be seen by another webserver, not on the
client side.
2. web application
firewall (WAF)
CSRF (cross site request forgery) only happens in steal credentials, 1. input validation
forces the end user to execute authenticated session when not data
unwanted/unaware actions on a web server trusts the 2. Can be prevented by
application in which they are currently user/browser - not the creation and
authenticated validating input exchange of ant forgery
4. Web Architecture state token during the
authentication
Dynamic web
languages make
webpages more
powerful, ex:
1. PHP (Hypertext
Preprocessor):
2. XML (Extensible 1. Nikito: great for
Markup Language): scanning web servers
encoding and applications related
documents in a vulnerabilities
format that's both
readable be 2. OWASP: free
machines and resources for web
humans. application security
3. Applets: Java and
ActiveX
3.SOA (Service
Oriented
Architecture):not
Dynamic web
languages make
webpages more
powerful, ex: SQL Injection target data driven 1. a malicious code is injected into an dump the entire database spoof identity 1. sqlmap (for
1. PHP (Hypertext applications, mostly known entry field for execution content to the attacker tamper data detection)
Preprocessor): for attacking websites but 2. single quotation mark repudiation
2. XML (Extensible can be used to attack any (voiding 2. input validation: filter 1. Nikito: great for
Markup Language): SQL database transaction) for escape characters (a scanning web servers
encoding character which invokes and applications related
documents in a an alternative on vulnerabilities
format that's both subsequent character in
readable be a character sequence) 2. OWASP: free
machines and resources for web
humans. 3. parameterization application security
3. Applets: Java and
ActiveX 4. limiting database
3.SOA (Service permission
Oriented
Architecture):not
dependent on a
particular
programming
language
Buffer Overflow AKA: Ping of Death (sending programs failed to perform bounds write into areas that holds privilege escation 1. Code
malformed ping packet that checking, causing the transaction to executable codes and gain Review/Analysis, such
target system can't write past end of the buffer replace with malicious unauthorized as Fuzzing Testing (Tool:
reassemble and cause code, causing unintended access to the ZZUF) which is a
bufferoverflow) behavior system dynamic testing, black
box testing to test
boundary checking
2. Input validation
3. parameterization
2. allow
polyinstantiation (allow
two entries with the
same primary key)
Transport Segment (TCP) TCP 1. three step handshake for Teardrop: a DOS Transport
Datagram (UDP) (Transmission each session attack, sending
Control Protoco) 2. acknowledge the state of fragmented packet
Proxy Firewall: the communication that can't be
terminate the 2. requires more overhead reassemble at the
connection, no target machine
passing through like Xmas Tree: attack all
packet filter and TCP flags on a packet
stateful firewalls
Data Link frame 1. Bridge 1. network device that connet network segments ARP 1. uses an IP address to obtain ARP Poisoning = Hardcoding ARP Link
2. Switch together (Address a MAC address MITM: providing fake entries
2. bridge that has more than two ports. Resolution MAC address; only
*Bridge can be used to create VLANs. Protocol) works in LAN
*Port isolation is useful for multitenants
environment to separate customers served by the EAP 1. part of 802.1X port based
same hypervisor (Extensible authentication
*SPAN (Switched Port Analyzer) aka port Authentication 2. nod needs to be
mirroring/monitoring, which will allow IPS to see Protocol) authenticated before
the traffic inside the VLAN. Virtulization causes connecting to the network
losing the visibility within the same VLAN. 3. LEAP (dated) and PEAP
(Secure)
CHAP (Challenge
Handshake
Authentication
Protocol)
Physical bit (Presented by 1. Repeater 1. receives bit on one port and repeat it out the
energy, such as Amplifier other port
light, elecricity, and 2. Hubs 2. A repeter that has more than two ports
radio waves 3. NIC 3. enables a computer to connect to a network
(Network
Interface Card) or
Ethernet cars
20
FTP (File Transfer)
21
22 SSH
23 Telnet
25 SMTP
53 DNS
80 HTTP
TCP 110 POP3
137-139 NetBIOS
143 IMAP (Internet Message Access Protocol)
445 AD
443 HTTPS
515 LPD (Printing)
636 LDAP (Light Weight Directory Access Protocol)
1433 SQL Server
NIST
SP 800-12 Introduction to Computer Security
SP 800-34 Contigency Planning
SP 800-53A Assessing Security and Privacy Control
SP 800-61 Guide to Handle Computer Security Incidents
SP 800-86 Guide to Integrating Forensic Technique into Incident Response
SP 800-115 Guide to Information Security Testing and Assessment
SP 800-137 Information Security Continuous Planning (ISCM)
Digital Signature
(Integrity+Authentica
tion)
CSMA
(Carrier Sense Multiple Access)
Bluetooth
SDN decouple
(Software networking from
Defined hardware; treating
Network) network like codes
Remote ISDN
Access DSL (Digital 1. Last mile solution; use existing
Subcriber Line copper pairs to provide digital
services to home and small offices
2. User got highspeed bandwidth
from a phone walljack
Screen Scraping
RDT (Remote
Desktop)
Protocol Information Vulnerability Countermeasures
a bus topology
token ring
uses a pair of token ring with
the traffic flowing opposite
direction
designed to address collision
since Ethernet is a baseband
media. Once collision is
detected, all host stop
transmitting and waits a
random of period before
resending
Storage Protocol
spreadspectrum technique to
transmit more than one
frequency at the same time
the first wireless security
standard that provides
reasonable security
such as MS RDT