Network +

Mike Meyers

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access.

Integrity

The process that guarantees that the data received is the same as originally sent. Useful for situations when someone intercepts your data on-the-fly and makes changes.

Nonrepudiation

Means that a person can't deny he/she/they took a specific action

Authentication

verifying the identity of the person or device attempting to access the system

Authorization

The process of giving someone permission to do or have something in regards to the data access

Cleartext

The unencrypted form of data. Also known as plaintext

Cipher

the generic term for a technique (or algorithm) that performs encryption

Ciphertext

A string of text that has been converted to a secure form using encryption.

Symmetric Key Encryption

Encryption system in which a single key is used for both encryption and decryption.

asymmetric key encryption

Encryption system in which two keys are used: a public key used only to encrypt data, and a private key used only to decrypt it.

Block Cipher

An encryption algorithm in which data is encrypted in "chunks" of a certain length at a time. Popular in wired networks.

Advanced Encryption Standard (AES)

A block cipher created in the late 1990s that uses a 128-bit block size and a 128-, 192-, or 256-bit key size. Practically uncrackable.

Stream Cipher

An encryption method that encrypts a single bit at a time. Popular when data comes in long streams (such as with older wireless networks or cell phones).

public key cryptography

uses two keys: A public key the sender uses to create encrypted messages, and a mathematically-related private key that the receiver can use to decrypt messages encrypted by that public key.

RSA Encryption

RSA (Rivest-Shamir-Adleman) is the most common internet encryption and authentication system. The system used an algorithm that involves multiplying two large prime numbers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication.

DSA (Digital Signature Algorithm)

public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

ECDSA (Elliptic Curve Digital Signature Algorithm)

An asymmetric system which relies on a private key in the authenticator and a public key that the host uses to verify the authenticator.

hash function

a function that you run on a string of binary digits of any length that results in a value of some fixed length.

File hashing

Method for ensuring information validity. Involves a file being read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value.

digital signature

an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender

Certificate

a standardized type of file that includes a public key, info about the certificate, and the digital signature of a trusted third party

Trusted third party

a person or a company that vouches for the identity of whoever requested the certificate

Certificate Authority (CA)

An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.

Root authority

A certification authority that has no higher authority to vouch for it. The authority is at the top of a certification hierarchy.

Public Key Infrastructure (PKI)

System for creating public and private keys using a certificate authority (CA) and digital certificates for authentication.

Local Authentication

A login screen prompting a user to enter a user name and password to log into a Windows, macOS, or Linux computer.

Biometrics

the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

multifactor authentication (MFA)

To use more than one method to authenticate access to a computer, network, or other resource.

Network Access Control (NAC)

A technique that examines the current state of a system or network device before it is allowed to connect to the network.

Access Control List (ACL)

A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource.

Mandatory Access Control (MAC)

every resource is assigned a label that defines its security level. If the user lacks that security level, they don't get access

Discretionary Access Control (DAC)

The least restrictive access control model in which the owner of the object has total control over it.

Role-Based Access Control (RBAC)

A control system in which access decisions are based on the roles of individual users as part of an organization

Point-to-Point Protocol (PPP)

Enables two devices to connect, authenticate with a username and password, and negotiate the network protocol the two devices will use

User Authentication

the process of authenticating a username and password

Password Authentication Protocol (PAP)

A form of authentication in which clear text usernames and passwords are passed

Challenge Handshake Authentication Protocol (CHAP)

Performs one-way authentication. However, authentication is performed through a three-way handshake (challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network.

Man-in-the-middle

A security attack in which network communication is intercepted in an attempt to obtain key data

Accounting

Logging events such as logins, session action, user bandwidth usage etc.

Remote Authentication Dial-In User Service (RADIUS)

One of the AAA standards that's used to support ISPs with hundreds of modems in hundreds of computers to connect to a single central database. Uses UDP port 1812 or 1645 and uses UDP ports 1813 and 1646 for accounting.

TACACS (Terminal Access Controller Access Control System)

Used by Cisco devices to support AAA in a network with many routers and switches. Uses TCP port 49 and separates authorization, authentication, and accounting into different parts.

Kerberos

An authentication protocol for TCP/IP networks with many clients all connected to a single authenticating server without the need for PPP. Uses UDP or TCP port 88

Windows Domain

A group of Windows computers that share common management and are subject to rules and policies that an administrator defines.

Domain Controller

A Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources.

Active Directory

A Windows server directory database and service that is used in managing a domain to allow for a single point of administration for all shared resources on a network, including files, peripheral devices, databases, Web sites, users, and services.

Key Distribution Center (KDC)

Supplies both session tickets and session keys in an Active Directory domain

Authentication Server

Used to compare the results of the client's hash of the username and password to its own hash and if they match, sends a Ticket Granting Ticket.

Ticket-Granting Ticket (TGT)

Generally has a lifespan in Windows of ten hours; timestamped

Ticket Granting Service

Authorizing each TGT for each client

access token

Contains a security identifier (SID) for the user, all of the SIDs for the groups to which the user belongs, and the user's privileges.

single sign-on (SSO)

Allows a user to authenticate once to gain access to multiple systems, without requiring the user to independently authenticate with each system.

SSH (Secure Shell)

a secure version of Telnet that's used to encrypt text during a remote communication

Tunneling

a process that encrypts each data packet to be sent and places each encrypted packet inside another packet

SSH tunnel

an encrypted link between SSH processes on two separate computers. Once an SSH link between the two entities is established, anything you enter into the client application is encrypted, sent to the server, decrypted, and then acted upon

SSL/TLS

An encryption layer of HTTP that uses public key cryptography to establish a secure connection.

IPSec

Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic. IPsec is built into IPv6, but can also work with IPv4 and it includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. Uses port 500 for IKE with VPN connections.

HTTPS (Hypertext Transfer Protocol Secure)

An encrypted version of HTTP. It uses port 443.

Secure Copy Protocol (SCP)

A TCP/IP protocol used mainly on UNIX and Linux devices that securely transports files by encrypting files and commands.

CIA Triad

The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information: confidentiality, integrity, and availability.

Confidentiality

The goal of keeping unauthorized people from accessing, seeing, reading, or interacting with systems and data.

Availability

Ensuring that systems and data are available for authorized users to perform authorized tasks, whenever they need them

Zero Trust

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.

Defense in Depth

A defense that uses multiple types of security devices to protect a network. Also called layered security.

Separation of Duties

Identifying how people could abuse or misuse a system, determining what access they'd need to do so, and splitting up that access so that no individual has the ability to do it alone.

Network Threats

any form of potential attack against your network

External threats

Threats that originate outside an organization

Internal threats

Threats that originate within an organization

vulnerabilities

flaws in programs that can be exploited to either crash the system or take control of it

mitigate

steps to minimize the risk

Common Vulnerabilities and Exposures (CVE)

An online list of known vulnerabilities (and patches) to software, especially web servers. It is maintained by the MITRE Corporation.

exploit

an actual procedure for taking advantage of a vulnerability

attack

someone tries to compromise your organization or its systems

Spoofing

When someone pretends to be someone else with the intent of obtaining unauthorized data.

MAC Spoofing

Imitating another computer by means of changing the MAC address

IP spoofing

A type of spoofing whereby an intruder uses another site's IP address as if it were that other site

DNS (cache) poisoning

an attacker poisons a DNS server's cache to point clients to an evil Web server instead of the correct one.

Domain Name System Security Extensions (DNSSEC)

A suite of extensions that adds security to the Domain Name System (DNS) protocol by enabling DNS responses to be validated. Specifically, DNSSEC provides origin authority, data integrity, and authenticated denial of existence.

Protocol Abuse

anytime you do things with a protocol that it wasn't meant to do and that abuse ends up creating a threat

malformed packets

The process of injecting unwanted info into packets in an attempt to break another system

Zero-day attack

an attack that leverages a previously unknown vulnerability that we've had zero days to fix or mitigate

DHCP snooping

Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically used to block attacks that use a rogue DHCP server.

RA Guard

Enables the switch to block router advertisements and router redirect messages that are not sent from trusted ports or don't match a policy.

ARP cache poisoning

A man-in-the-middle attack, where the attacker associates his MAC address with someone else's IP address (almost always the router), so all traffic will be sent to him first. The attacker sends out unsolicited ARPs, which can either be requests or replies.

Dynamic ARP Inspection (DAI)

Relies on ARP information that DHCP snooping collects in the DHCP snooping binding database; it's essentially a list of known-good IP and MAC addresses.

Denial of Service (DoS)

A targeted attack on a server that provides some form of service on the Internet with the goal of making that service unable to process any incoming requests.

Physical attack

A person physically attacks the servers by going to where the servers are located and disrupting their ongoing network communications.

Distributed Denial of Service (DDoS)

An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.

Reflection

Sending requests that spoof the target server's IP address as the source IP address to otherwise normally operating servers such as DNS or NTP servers

Amplification

A tactic that focuses on sending small requests that trigger large responses reflected at your target

deauthentication attack

Denial-of-service (DoS) strike that disconnects a wireless host from WAP, so that the victim is forced to reconnect and exchange the wireless key multiple times; an attacker can then perform an offline brute-force cracking of the password.

DHCP scope exhaustion

running out of open address to assign

DHCP starvation attack

Spoofing packets to the DHCP server, tricking it into giving away all of its leases to which its victims are encouraged to switch to a rogue DHCP server that the attacker controls.

Unintentional Denial of Service attack

A system brought down by accident

Man-in-the-middle (MITM) attack

An attacker taps into communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or even changing the data and then sending the data on.

Session Hijacking

Intercepting a valid computer session to get authentication information to which it only tries to grab authentication information.

Password attack

Type of attack in which the attacker attempts to obtain and make use of passwords illegitimately

Brute Force

A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwords contained in a file or database.

Dictionary attack

Uses a list of known words and partial words as the starting point for cracking passwords.

Trusted user

An account that has been granted specific authority to perform certain or all administrative tasks.

Untrusted user

An account that has been granted no administrative powers.