Database Security Attack Terms Q2

Type of databases

  • Flat file-No structure
  • Hierarchical-Father and Son – LDAP, Active Directory (AD)
  • Relational- Base on primary and secondary key-Oracleo

Structured Query Language (SQL)  is the programming language used to manage data in a database; more appropriately, a relational database management systems(RDBMS).

The types of management systems that employ StructuredQuery Language include Microsoft SQL Database, Oracle, MySQL, and PostgreSQL.

SQL Injection-is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution

A simple example to get basic table name information would be the following: Select * from table name

Cookies: are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific ( user name, password, browsing preferences, etc.) to a particular client and website, and can be accessed either by the web server or the client computer.

Buffer Overflow : Moving data around in memory without properly checking its size or giving the program more than the developers of the program allocated for it.

Cross Site Scripting (XSS): is a security exploit in which the attacker inserts malicious coding into a link that appears to be from atrustworthy source. When someone clicks on the link, the embeddedprogramming is submitted as part of the client’s Web request and can execute on the user’s computer, typically allowing the attacker to steal information.

Security Attack Terms

—Password Guessing attack: Find user ID, Create list of possible password, and Try each of them until you get access—

Password Cracking: Determine a password when you have the password file with cipher text; Find user ID, Find encryption/Hash algorithm, Obtain encrypted/Hashed password, Create list of possible password, Encrypt password, and Found out whether they match—

A rainbow table is used to attack a hashed password in reverse. I have a table with possible hashes/ cipher text with corresponding password. I compare these hashes/ cipher text to hashes/ cipher text from the victim machine.

—Dictionary attack: Using a list of word found in the dictionary—

Brute force Attack: A brute force attack is Usually combine letter, symbols, special characters and numbers . In theory, brute force attack will discover the password, however, it could take very long to try all possible combinations.

—Example: In this case the dictionary attack will try to use a list of common used PIN codes such as: 0123, 2000, 4444 and so on (see the list of most common pin codes).Conversely, a brute force attack will try all possible PIN codes which means it will try 10^4 = 10000 times until it finds the right PIN code with probability 100%. (4 because we have 4 digits and 10 because each digit can be any value between 0 and 9)

Policy-High level objectives by Senior Management
Program Policy-Organization
Issue Specific- Email
Specific(system)-Technical

Standard-Mandatory
Procedure-Step by Step instruction
Guideline– When no standard exists

Cryptography is most often associated withscrambling plain text(ordinary text, sometimes referred to as clear text) into cipher text(a processcalled encryption), then back again (known as decryption).

The three types of algorithms used for cryptography are:o

  • Hashing-MD5/SHA
  • Symmetric, also called private or secret key (AES, DES, IDEA, Twofish, RC5/6, Rijndael) -One key involves private or secret key
  • Asymmetric, also called public key(RSA, El Gamal, Elliptic Curve, Diffie- Hellman), Two keys involve public and private keys
error: Content is protected !!