Chapter 3 Network Security

Zero Day Attacks
Attacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks.
XML Attacks
Injects scrips into web application server that will then direct attacks at clients
Directory Traversal Attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Command Injection Attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Client-side attacks
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Created from the Web site that a user is currently viewing
Access Rights
Privileges that are granted to users to access hardware and software resources are called
Privilege Escalation
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining is called
Transitive Access
An attack involving using a third party to gain access rights is called a/an
is a language used to view and manipulate data that is stored in a relational database
HTML is a markup language that uses specific ____ embedded in brackets
is designed to display data, with the primary focus on how the data looks
is for the transport and storage of data, with the focus on what the data is
Users who access a Web server are usually restricted to the ____ directory
The default root directory of the Microsoft Internet Information Services (IIS) Web server is
For a Web server using a Linux operating system, the default root directory is typically
The expression ____ up one directory level.
Web application attacks are considered ____ attacks.
A client-side attack that results in a user’s computer becoming compromised just by viewing a Web page and not even clicking any content is known as a
HTTP header
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted
session hijacking
A/an____ is an attack in which an attacker attempts to impersonate the user by using his session token.
A/an ____ attack is similar to a passive man-in-the-middle attack.
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the
DNS posoning
substitutes DNS addresses so that the computer is automatically redirected to another device.
zone transfer
When DNS servers exchange information among themselves it is known as a
DNS poisoning
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
All Web traffic is based on the ___________ protocol.
markup language
A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
The predecessor to today’s Internet was a network known as