Page 8 - Security+ (635 notes by Nikkhah)
P. 8
87- Insecure FTP, Telnet, or Rlogin sessions are usually targets of TCP/IP hijacking.
88- Use of secure session keys can prevent hijacking of TCP/IP sessions.
Weak keys
89- Weak keys result from encryption algorithms that use short keys.
90- Keys used in DES, RC4, IDEA, and Blowfish are known to have some weakness.
91- The selected encryption algorithm should set all keys as equally strong.
Password attacks
92- The attacker tries to obtain a user’s password using a variety of methods.
93- Weak passwords are vulnerable to password guessing attacks.
94- Dictionary attacks use all possible combinations of words listed in a dictionary.
95- A brute force attackuses software applications to decrypt an encrypted message by trying
different combinations of encryption keys.
96- The attacker must have the username and hashed password in order to launch a brute
force attack.
Buffer overflow
97- In a buffer overflow attack, the attacker tries to exploit security breaches or memory usage
by applications and then tries to crash the target host.
98- The attacker executes malicious code to fill all memory spaces in the target.
99- Applications with privileged access levels may terminate exposing vulnerabilities to
attackers.
100- Buffer overflows can also result from incorrect selection or use of a programming
language.
Software exploitation
101- Software exploitation is used by attackers to take advantage of software glitches, bugs, or
inappropriately written code.
102- It may also result in giving escalated privileges to an unauthorized user.
Back door
103- A backdoor attackis the process of bypassing normal authentication processes to gain
www.hrnikkhah.com by : Hamid Reza Nikkhah Page 6
