The true security + chapter 4 flashcards

Protocol Analyzer

A tool that captures and inspects network traffic to troubleshoot issues and detect malicious activity.

Intrusion Detection System (IDS)

Monitors network or host activity and alerts administrators when suspicious or malicious behavior is detected.

Intrusion Prevention System (IPS)

Monitors traffic and actively blocks or rejects malicious traffic in real time.

Active IDS

An IDS that can automatically respond to threats, such as resetting connections or sending alerts.

HIDS (Host-based IDS)

Monitors activity on a single host, including logs, files, and system calls.

NIDS (Network-based IDS)

Monitors traffic flowing across a network segment.

Signature-Based IDS

Detects attacks by comparing activity to known attack signatures.

Signature-Based IPS

Blocks traffic that matches known attack signatures.

Heuristic-Based HIDS

Detects threats using rules, behavior analysis, and experience rather than signatures.

Anomaly-Based HIDS

Detects attacks by identifying deviations from a normal baseline.

False Positive

Normal activity incorrectly identified as malicious.

False Negative

Malicious activity that is not detected.

IDS vs IPS Application

IDS detects and alerts; IPS detects and blocks traffic inline.

Baseline

A known normal state used to detect abnormal behavior.

SCADA

Systems that control industrial processes; often targeted due to legacy security.

Honeypot

A decoy system designed to attract and study attackers.

Honeynet

A network of honeypots used to analyze attack methods.

Honeyfile

A fake file used to detect unauthorized access.

Honeytoken

A fake credential or data element used to detect misuse.

Wireless Access Point (WAP / AP)

Connects wireless devices to a wired network.

SSID (Service Set Identifier)

The broadcast name that identifies a wireless network.

SSID Broadcast

The act of advertising the SSID so devices can discover the network.

MAC Filtering

Allows or blocks devices based on MAC addresses.

MAC Spoofing

Changing a device’s MAC address to impersonate an authorized device.

Wireless Footprinting

Identifying wireless networks, security settings, and signal ranges.

Channel Overlap Map

A diagram showing overlapping wireless channels that cause interference.

Heatmap

A visual representation of wireless signal strength coverage.

Hotspot

An area where wireless network access is available.

Dead Spot

An area with weak or no wireless signal.

Wi-Fi Analyzer

A tool that identifies signal strength, channels, and interference.

Wireless Frequency Channels

Specific radio frequencies used by Wi-Fi to transmit data.

WPA2 (Wi-Fi Protected Access 2)

A wireless security protocol using AES with CCMP for encryption.

WPA3

A wireless security protocol that improves protection against password and replay attacks.

AES (Advanced Encryption Standard)

A strong symmetric encryption algorithm used to protect data.

CCMP

An encryption protocol that provides confidentiality and integrity using AES.

Open Mode

A wireless mode with no authentication and minimal security.

Pre-Shared Key (PSK) / Personal Mode

A shared secret used for authentication.

Enterprise Mode

A mode using individual authentication via 802.1X and RADIUS.

802.1X Authentication

Port-based access control requiring authentication before access.

Authentication Server

A server that validates user or device credentials.

RADIUS Server

A centralized authentication server used with 802.1X and EAP.

RADIUS

Centralized authentication, authorization, and accounting service.

RADIUS Federation

A trust relationship allowing authentication across organizations.

RADIUS Port

UDP 1812 for authentication and UDP 1813 for accounting.

Simultaneous Authentication of Equals (SAE)

A secure WPA3 handshake that prevents offline password attacks.

EAP (Extensible Authentication Protocol)

A framework supporting multiple authentication methods.

PEAP

Uses a TLS tunnel to protect credentials during authentication.

EAP-TTLS

Uses a secure tunnel to protect inner authentication methods.

EAP-TLS

Uses mutual certificate-based authentication.

EAP-FAST

Cisco EAP method using protected tunnels without certificates.

Most Secure EAP

EAP-TLS because it uses mutual certificate authentication.

Captive Portal

A web-based login page required before network access is granted.

Disassociation Attack

Forces clients to disconnect and reauthenticate.

Wi-Fi Protected Setup (WPS)

A convenience feature that weakens wireless security.

Rogue Access Point

An unauthorized access point on a network.

Evil Twin

A malicious system impersonating a legitimate access point.

Jamming Attack

Disrupts wireless communication using interference.

Initialization Vector (IV)

A random value used to prevent encryption repetition.

IV Attack

Exploits weak or reused IVs to break encryption.

Wireless Replay Attack

Capturing and retransmitting valid traffic to impersonate a user.

Near Field Communication (NFC)

Short-range wireless communication technology.

NFC Reader

A device that reads NFC data.

NFC Jamming Attack

Disrupting NFC communication using interference.

Radio Frequency Identification (RFID)

Uses radio waves to identify tagged objects.

Active RFID Tags

RFID tags with their own power source.

Passive RFID Tags

RFID tags powered by the reader.

RFID Eavesdropping

Intercepting RFID communications.

RFID Cloning

Copying RFID data to impersonate a legitimate tag.

RFID Denial of Service

Preventing RFID systems from functioning.

Bluetooth

Short-range wireless communication protocol.

Bluejacking

Sending unsolicited messages over Bluetooth.

Bluesnarfing

Stealing data from a device over Bluetooth.

Bluebugging

Gaining remote control of a Bluetooth device.

VPN (Virtual Private Network)

Encrypts traffic to securely connect over untrusted networks.

Remote Access VPN

Allows individual users to securely connect to a private network.

Site-to-Site VPN

Securely connects two networks over the internet.

IPsec Authentication Header (AH)

Provides integrity and authentication but not encryption.

Encapsulating Security Payload (ESP)

Provides confidentiality, integrity, and authentication.

IPsec Tunnel Mode

Encrypts the entire IP packet.

IPsec Transport Mode

Encrypts only the payload.

Full Tunnel VPN

Encrypts all traffic through the VPN.

Split Tunnel VPN

Encrypts only private network traffic.

On-Demand VPN

Automatically connects when needed.

Always-On VPN

Maintains a constant VPN connection.

TLS

Secures data in transit using encryption.

L2TP

A tunneling protocol often combined with IPsec.

HTML5 VPN

A browser-based VPN solution without client software.

Network Access Control (NAC)

Evaluates device health before allowing access.

Remediation Network

A restricted network for noncompliant devices.

Persistent NAC Agent

A permanently installed NAC agent.

Dissolvable NAC Agent

A temporary NAC agent removed after the session.

Agentless NAC System

Evaluates devices without installing software.

Remote Access Authentication

Authentication for users connecting remotely.

Password Authentication Protocol (PAP)

Sends passwords in cleartext.

Cleartext

Unencrypted, readable data.

Challenge Handshake Authentication Protocol (CHAP)

Uses challenge-response authentication.

Cisco TACACS+

Encrypts the entire authentication process and uses TCP.

TCP (Transmission Control Protocol)

Reliable, connection-oriented transport protocol.

Architectural Diagram

A visual layout showing network components and connections.

BPDU Guard

A switch feature that disables ports receiving unauthorized BPDUs.