Hello and welcome back to Sai Buri. 2019 Comp Tier Security Plus Certification Preparation course.
This is a continuation on marginal one
and the top of discussions domain one threats, attacks and vulnerabilities.
Here again are the objectives which encompasses this particular main. In fact, we begin to price to discuss and explain the impact. Associate it with the types of barbers in a previous video. Let's not continue on in this discussion.
Here again are the topics which encompasses this particular objective, ranging from memory or buffer bone abilities ranging from memory leak, integrity, overflow
buffalo overflow, point of difference and also dll again interjection in their words. So again, these other items that fall with them what we call the memory or buffer vulnerabilities. These are some things we need to be a way off
now, some additional objectives. Other words. What we call top of discussion, which encompassed this particular objective, ranging them sisters ball, undocumented asset, architectural design, witnesses, zero threats in other words, zero day and also in proper certificate. Anke management
Let's begin. First of all, about to find exactly what is fact is a memory leak
is a type of resource, Lee that occurs when a computer program incorrectly imagine memory allocation in such a way that memory, which is no longer needed, is not release
a memory. It may also happen when an object is stored in memory but cannot be assessed by the running code.
Integrity. Overflow occurs when the other words arithmetic operation
attempts to create a numerical value that's outside of the range that can be represented with a given number digit either larger than the maximum or lord than a minimum representation value.
Ah, buffer overflow occurs when a program, a process, attempts to write more data to a fixed link of memory or buffer than the buffers allocate to hole.
Ah, ***. A difference is an object in program that stores the memory address of another value located in the computer memory.
Our dealer DLL injection is a technique used for running coat within the address space of another process by forcing it to lower a dynamic link library. In other words,
we're gonna get a system small. Our document assets. It occurs when organization have more system than it needs and the system it owns on other words under utilized in this case,
architecture, design and witnesses uses squired, network and other physical devices.
Then we have new threats or zero day a zero day attack happened. Once that flaw or software hardware vulnerability is exploited, an attacker release mayor where before a developer has an option, it create a patch to fix that Bombay. Hence the term zero day.
Now, when you look in India's first of all we have software contained is your day threat is released.
The attacker explores is your day vulnerably and to create demand where attacker use a software engineer. Other techniques to infect the system with man, where and last an attacker still sister data from the infected system or plan, form or attacks. In this case, Now you think about zero the attack. It can strike anywhere any time,
so we need to be opposite exercise some due diligence and be very proactive.
Then we haven't proper certificate and key management certificate are used for both encryption and authentication, and so it's important that we understand the differences
Key man to refer to the manager of cryptographic keys in the crypto system. This include dealing with generation exchange storage to use criminal shedding, destruction and replacement of keys and includes cryptographic all protocol design, key server use, a procedure, other relevant type protocols.
At this point, we have our post assessment quiz,
and the question is as follows. A. Blake occurs when a program or prices attempt to write more data to a fixed link block of down memory on the worst or buffer than the buffers allocate. The whole is a buffer overflow. Be memory leak, see Pointer Difference or DLL injection.
If you said, like the A being buffer overflow, you're absolutely correct. Let's not turn our teached or some key takeaways from this particular other words from this particular presentation
we learned in the race conditions where anywhere to incidents, instructions from a different threat access the same data at the same time when the developer wrote an application of threats should have been programmed, exit the data sequentially.
We also discussed vulnerably is a cybersecurity term that refers to a flown assistant that can leave it open to an attack, Avon. But it may also refer to any type of weakness in the computer system itself, and instead of procedure or anything that leaves the infamous security exposure to threat.
We learned that resource exhaustion is a simple denial of service condition that happens when the resource required to execute in action or entirely expended preventing that action from occurring.
Ah, business process of business method is a collection of related structure, activity or ties by people equipment, which in specific sequence produce a service or product for a particular customer of customers.
Some additional key takeaways we don't like a weak sight for is defined as an encryption decryption algorithm. They use a key off insufficient link use an insufficient linke in encryption or decryption opens up. A possible populated encryption scheme could be broken on, the words cracked.
We also learned that memory Lee is a type of resource leak that occurs when a computer program Ankara imagine memory Memory allocates in such a way that mirror, which is no longer media, is not released. We also learned that memory It may also happen when the object is stored in memory but cannot be access by the reading coat.
We learned it an imager overall, current swimming. In other words, we have arithmetic operation attempts to create a numerical value that is outside the range that it can be represented with a givens number of digits, either larger than a maximal lord in the minimum represent herbal type values.
We learned that Systems ball occurs when the owners A's have more systems than it needs and systems it owns are under utilized.
Where the zero day attack happens once the flaw or software hardware vulnerability is exploited and attack a release. Mayor where before developer has the opportunity this case to create a patch to fix the bubbly. Hence the term zero day
he managed. This is where department keys a sign out and sign back in to prevent someone from taking the keys of weight and cut him caught making copies. Other words. We were man's AKI's dealing, particularly at various systems as well.
In the upcoming top, it would be moving on to a brand remain, which is titled Remain to Technology and Twos. I look forward to seeing a very next video