Chapter 3 Network Security

Zero Day Attacks
Attacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks.
XML Attacks
Injects scrips into web application server that will then direct attacks at clients
Directory Traversal Attack
Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
Command Injection Attack
The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server
Client-side attacks
Targets vulnerabilities in client applications that interact with a compromised server or process malicious data
Cookies
Created from the Web site that a user is currently viewing
Access Rights
Privileges that are granted to users to access hardware and software resources are called
Privilege Escalation
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining is called
Transitive Access
An attack involving using a third party to gain access rights is called a/an
SQL
is a language used to view and manipulate data that is stored in a relational database
Tags
HTML is a markup language that uses specific ____ embedded in brackets
HTML
is designed to display data, with the primary focus on how the data looks
XML
is for the transport and storage of data, with the focus on what the data is
root
Users who access a Web server are usually restricted to the ____ directory
inetpubwwwroot
The default root directory of the Microsoft Internet Information Services (IIS) Web server is
/var/www
For a Web server using a Linux operating system, the default root directory is typically
../traverses
The expression ____ up one directory level.
server-side
Web application attacks are considered ____ attacks.
drive-by-download
A client-side attack that results in a user’s computer becoming compromised just by viewing a Web page and not even clicking any content is known as a
HTTP header
The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted
session hijacking
A/an____ is an attack in which an attacker attempts to impersonate the user by using his session token.
replay
A/an ____ attack is similar to a passive man-in-the-middle attack.
DNS
When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the
DNS posoning
substitutes DNS addresses so that the computer is automatically redirected to another device.
zone transfer
When DNS servers exchange information among themselves it is known as a
DNS poisoning
The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.
HTTP
All Web traffic is based on the ___________ protocol.
markup language
A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.
Session
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
ARPRANET
The predecessor to today’s Internet was a network known as