Chapter 3 network security

Zero Day AttacksAttacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks. XML AttacksInjects scrips into web application server that will then direct attacks at clientsDirectory Traversal AttackTakes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directoriesCommand Injection AttackThe ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a serverClient-side attacksTargets vulnerabilities in client applications that interact with a compromised server or process malicious dataCookiesCreated from the Web site that a user is currently viewingAccess RightsPrivileges that are granted to users to access hardware and software resources are calledPrivilege EscalationExploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining is calledTransitive AccessAn attack involving using a third party to gain access rights is called a/anSQLis a language used to view and manipulate data that is stored in a relational databaseTagsHTML is a markup language that uses specific ____ embedded in bracketsHTMLis designed to display data, with the primary focus on how the data looksXMLis for the transport and storage of data, with the focus on what the data isrootUsers who access a Web server are usually restricted to the ____ directoryinetpubwwwrootThe default root directory of the Microsoft Internet Information Services (IIS) Web server is/var/wwwFor a Web server using a Linux operating system, the default root directory is typically../traversesThe expression ____ up one directory level. server-sideWeb application attacks are considered ____ attacks. drive-by-downloadA client-side attack that results in a user’s computer becoming compromised just by viewing a Web page and not even clicking any content is known as aHTTP headerThe ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmittedsession hijackingA/an____ is an attack in which an attacker attempts to impersonate the user by using his session token. replayA/an ____ attack is similar to a passive man-in-the-middle attack. DNSWhen TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as theDNS posoningsubstitutes DNS addresses so that the computer is automatically redirected to another device. zone transferWhen DNS servers exchange information among themselves it is known as aDNS poisoningThe Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry. HTTPAll Web traffic is based on the ___________ protocol. markup languageA(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself. SessionA(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site. ARPRANETThe predecessor to today’s Internet was a network known as ONCHAPTER 3 NETWORK SECURITY SPECIFICALLY FOR YOUFOR ONLY$13. 90/PAGEOrder Now