Drawing on what you learned in this chapter, in most cases, in which order would the following attacks be launched by an attacker: Probe/scan, buffer overflow, rootkit, web application, data scavenging?

The attacks would likely be launched in this order: data scavenging, probe/scan, web application, buffer overflow, rootkit.

Looking at the top five attacks in Table 3-29, which one(s) would you expect to drop out of the top five category if the ratings were adapted specifically to an Internet edge design?

War dialing and driving would not appear in the top five because most Internet edges do not make use of WLAN technology or have insecure modems.

Think about how virus, worm, and Trojan horse attacks propagate. Which kinds of attacks have the best chance of getting past traditional antivirus software?

Attacks commonly called zero-day attacks have the best chance of getting past antivirus software. Because antivirus software uses pattern matching and a known signature database (which must be kept current), zero-day attacks, of which little is known, often slip past traditional antivirus systems. Also, since a Trojan horse can be almost anything, traditional antivirus software often does not detect the attack unless it is a known attack for which the software has a signature. The speed with which you can update signatures on your systems should be a critical factor in selecting an antivirus software.

If you discover that a rootkit has infected your system, what is the best course of action to take to secure your system?

Since the rootkit could have infected nearly any application, your best bet is to rebuild your system from scratch. After installing the OS, follow the host-hardening guidelines appropriate for your OS and applications. Also, install the latest security fixes from your OS and application suppliers.

Even though DDoS is classified as a flooding attack, which other attack types does it use in launching the flood?

Spoof Many DDoS attacks randomize their source IP address to make it harder to trace back the attack to the source.

Remote control software DDoS tools have a lot in common with remote control software. Their method of instructing systems to attack is just like the method remote control software uses to send instructions to victim PCs.

Download and run Nmap on your computer (assuming you aren't violating your organization's security policy by doing so). Was it able to detect your OS? Were you running any services you were not expecting to see?

In Table 3-29, find at least three places where you disagree with the assigned values. Consider building the table yourself and assigning your own values. Did the top five attacks change?