CSEC EXAM VOCAB

“Sensitive” Information

Any information that, if accessed by unauthorized personnel, could damage your organization in any way.

White Hat Hacker

A person who attempts to hack systems in order to find vulnerabilities and make recommendations for improvement, also known as an "ethical hacker."

Session Hijacking

The technique of intercepting the traffic between a server and a client in order to impersonate the client or otherwise gain unauthorized access or information:

 Intrusion Detection System (IDS) (or Intrusion Prevention System (IPS))

A system that monitors traffic on a network and helps identify threats and breaches by looking for abnormalities or known threats:

Internet of Things (IoT)

Refers to devices such as a car, refrigerator, HVAC system, microwave, etc, that are connected to the internet:

Netstat

A utility that provides a list of all the connections a computer currently has. AKA Network Status:

Signal Bits

Single bit flags that are turned on to indicate some type of communication

Switch

A device that connects computers together, but when it receives messages from a computer can send the message to the appropriate connected computer rather than broadcasting the message to all computers on the network:

IPconfig

A utility that provides information about a machine's network configuration including IP address and IP address of any gateway connecting it to the outside world:

(Internet) Backbones

The main transmission lines that run across the world connecting networks:

Multicloud

The practice of employing several cloud vendors in order to make use of the specific services each provider offers:

IPv4

A protocol for identifying particular nodes on the Internet that uses four bytes to identify the address:

Auction Fraud

Defrauding people through the interaction on an online auction

Personally Identifiable Information (PII)

Information that can be used to pick out an individual from others, such as name, address, phone number, SSN, DL number, etc:

SYN Cookies

This method of dealing with SYN floods sends a hash of the client's request information (IP address, port information, etc.) along with the SYN/ACK message, and doesn't allocate resources until after the ACK has been received along with that information, which is then verified:

IPS

A process often used by ISPs to protect networks by examining traffic in order to determine whether or not it is part of a DoS attack, and blocking all suspect messages:

DDoS

An attack involving a flood of requests where the aim is not so much to bring down the server, but merely to slow its service and render it inconvenient:

Polymorphic Virus

A virus that is similar to another type, but has been changed in some way:

Land Attack

An attempt to confound (and thus crash) the target by sending a packet with the target's IP as both source and destination. (Most modern computers are immune to this.):

HTML

Code that is portable to all operating systems or platforms because it is used to operate web pages and is often transmitted through websites wherein it is embedded: