CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [71]
The best password-cracking countermeasure is to implement strong passwords that are at least eight characters long (the old standard was six) and that include alphanumeric characters. Usernames and passwords should be different, because many usernames are transmitted in cleartext. Complex passwords that require uppercase, lowercase, and numbers or special characters are harder to crack. You should also implement a strong authentication mechanism such as Kerberos or tokens to protect passwords in transit.
Exam Essentials
Know the types of web server vulnerabilities. Misconfiguration, operating system or application bugs and flaws, default installation of operating system and web server software, lack of patch management, and lack of proper security policies and procedures are all web server vulnerabilities.
Know common web application threats. Cross-site scripting, SQL and command injection, cookie poisoning and snooping, buffer overflow, authentication hijacking, and directory traversal are all common web application threats.
Understand Google hacking. Google hacking involves using the Google search engine to locate passwords, credit card numbers, medical records, or other confidential information.
Understand Patch Management Techniques Patch management is important for ensuring a system is up to date on the latest security fixes. A process for testing, applying, and logging patches to a system should be defined and followed.
Know the different authentication mechanisms for web servers. HTTP basic and digest authentication, NTLM, tokens, biometrics certificates are all methods of authenticating to a web server.
Understand how password crackers work. Password crackers use a hashed dictionary file to crack a password.
Know the types of password attacks. Dictionary, hybrid, and brute force are the three types of password attacks.
Review Questions
1. Which of the following are types of HTTP web authentication? (Choose all that apply.)
A. Digest
B. Basic
C. Windows
D. Kerberos
2. Which of the following is a countermeasure for a buffer overflow attack?
A. Input field length validation
B. Encryption
C. Firewall
D. Use of web forms
3. A hardware device that displays a login that changes every 60 seconds is known as a/an
A. Login finder
B. Authentication server
C. Biometric authentication
D. Token
4. Which is a common web server vulnerability?
A. Limited user accounts
B. Default installation
C. Open shares
D. No directory access
5. A password of P@SSWORD can be cracked using which type of attack?
A. Brute force
B. Hybrid
C. Dictionary
D. Zero day exploit
6. Which of the following is a countermeasure for authentication hijacking?
A. Authentication logging
B. Kerberos
C. SSL
D. Active Directory
7. Why is a web server more commonly attacked than other systems?
A. Always accessible
B. Does not require much hacking ability
C. Difficult to exploit
D. Simple to exploit
8. A client-server program that resides on a web server is called a/an
A. Internet program
B. Web application
C. Patch
D. Configuration file
9. Which is a countermeasure to a directory-traversal attack?
A. Enforce permissions to folders.
B. Allow everyone access to the default page only.
C. Allow only registered users to access the home page of a website.
D. Make all users log in to access folders.
10. What is it called when a hacker inserts programming commands into a web form?
A. Form tampering
B. Command injection
C. Buffer overflow
D. Web form attack
Answers to Review Questions
1. A, B. Digest and basic are the types of HTTP web authentication.
2. A. Validating the field length and performing bounds checking are countermeasures for a buffer overflow attack.
3. D. A token is a hardware device containing a screen that displays a discrete set of numbers used for login and authentication.
4. B. Default installation is a common web server vulnerability.
5. B. A hybrid attack substitutes numbers and special characters for letters.
6. C. SSL is a countermeasure for authentication hijacking.
7. A.