Security+ Chapters 1-3 Study Guide

6 attackers

1. Hackers

2. Spies

3. Insiders

4. Script kiddies

5. Cyber terrorists

6. Cyber criminal

5 principals

1. Layering

2. Limiting

3. Diversity

4. Obscurity

5. Simplicity

5 steps of attack

1. Probe

2. Penetrate

3. Modify

4. Circulate

5. Paralyze

Words to know:

Rootkit: a set of software tools used but an attacker to hide the actions or presence of other types of malicious software.

Trojan: an executable program advertised as performing one activity, but does something else (or may do both)

Worm: a malicious program designed to take advantage of vulnerability in an application or an operating system in order to enter a computer and then self-replicate to other computers

Buffer overflow: an attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

Client side attack: an attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data

Server side attack: web application attack

Cookies

1. First party: A cookie that is created from the website that is currently being viewed

2. Third party: a cookie that was created by a third party that is different from the primary website

3. Session: a cookie that is stored in RAM instead of on the hard drive, and only lasts for the duration of visiting a website

4. Flash: a cookie named after the adobe flash player

5. Persistent: a cookie that is recorded on the hard drive of the computer and does not expire when the web browser closes

6. Secure: a cookie that is only used when a browser is visiting a server using a secure connection

Zero day attack: attacks that exploit previously unknown vulnerabilities, so victims have no time to defend against attacks.