IT Security: Defense against the digital dark arts

Adware

Software that displays advertisements and collects data

Flood guards

Provide protection against DoS or Denial of Service Attacks

Rainbow tables

A pre-computed table of all possible password values and their corresponding hashes

802.1X with EAP-TLS

Offers arguably the best security available, assuming proper and secure handling of the PKI aspects of it

802.1x

It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol traffic over the 802 networks

WPS (Wifi Protected Setup)

It's a convenience feature designed to make it easier for clients to join a WPA-PSK protected network

WPA2 Enterprise

It's an 802.1x authentication to Wi-Fi networks

WPA (Wi-fi protected access)

Designed as a short-term replacement that would be compatible with older WEP-enabled hardware with a simple firmware update

Wireshark

It's another packet capture and analysis tool that you can use, but it's way more powerful when it comes to application and packet analysis, compared to tcpdump

WEP (Wired Equivalent Privacy)

First security protocol introduced for Wi-FI networks

VPNs

Commonly used to provide secure remote access, and link two networks securely

TKIP (Temporal Key Integrity Protocol)

To address the shortcomings of WEP security

Tcpdump

It's a super popular, lightweight command-line based utility that you can use to capture and analyze packets

Rogue DHCP server attack

An attacker can hand out DHCP leases with whatever information they want by deploying a rogue DHCP server on your network, setting a gateway address or DNS server, that's actually a machine within their control

Reverse proxy

A service that might appear to be a single server to external clients, but actually represents many servers living behind it

Proxy

Can be useful to protect client devices and their traffic. They also provide secure remote access without using a VPN

Promiscuous mode

A type of computer networking operational mode in which all network data packets can be accessed and viewed by all network adapters operating in this mode

Pre-shared key

It's the Wi-Fi password you share with people when they come over and want to use your wireless network

Post-fail analysis

Investigating how a compromise happened after the breach is detected

Port mirroring

Allows the switch to take all packets from a specified port, port range, or the entire VLAN and mirror the packets to a specified switch port

PIN authentication method

It uses PINs that are eight-digits long, but the last digit is a checksum that's computed from the first seven digits

PBKDF2 (Password Based Key Derivation Function 2)

Password Based Key Derivation Function 2

Pairwise Transient Key (PTK)

It is generated using the PMK, AP nonce, Client nonce, AP MAC address, and Client MAC address

Packet sniffing (packet capture)

the process of intercepting network packets in their entirety for analysis

OES (Operating Encounter Mode)

It turns a block cipher into a stream cipher by using a random seed value along with an incrementing counter to create a key stream to encrypt data with

Network software hardening

Includes things like firewalls, proxies, and VPNs

Network separation (network segmentation)

A good security principle for an IT support specialists to implement. It permits more flexible management of the network, and provides some security benefits. This is the concept of using VLANs to create virtual networks for different device classes or types

Network hardening

Is the process of securing a network by reducing its potential vulnerabilities through configuration changes, and taking specific steps

Monitor mode

It allows to scan across channels to see all wireless traffic being sent by APs and clients

Logs analysis systems

They are configured using user-defined rules to match interesting or atypical log entries

IP source guard (IPSG)

It can be enabled on enterprise switches along with DHCP snooping

Intrusion detection and intrusion protection systems (IDS/IPS)

Operates by monitoring network traffic and analyzing it

Implicit deny

A network security concept where anything not explicitly permitted or allowed should be denied

Hubs

Devices that serve as a central location through which data travels through; a quick and dirty way of getting packets mirrored to your capture interface

GTK (Groupwise Transient Key)

A temporal key, which is actually used to encrypt data

Four-Way Handshake

It is designed to allow an AP to confirm that the client has the correct pairwise master key in a WPA-PSK setup without disclosing the PMK

Fail to ban

A common open source flood guard protection tool

Extensible authentication protocol (EAP over LAN, or EAPOL)

A standard authentication protocol

EAP-TLS

One of the more common and secure EAP methods

Dynamic ARP inspection (DAI)

A feature on enterprise switches that prevents certain types of attacks

Correlation analysis

The process of taking log data from different systems, and matching events across the systems

CCMP (counter mode CBC-MAC protocol)

A mode of operation for block ciphers that allows for authenticated encryption

Analyzing logs

The practice of collecting logs from different network and sometimes client devices on your network, then performing an automated analysis on them

Activation threshold

Triggers a pre-configured action when it is reached and will typically block the identified attack traffic for a specific amount of time

XTACACS

It stands for Extended TACACS, which was a Cisco proprietary extension on top of TACACS

Unbind

It closes the connection to the LDAP server

U2F (Universal 2nd Factor)

It's a standard developed jointly by Google, Yubico and NXP Semiconductors that incorporates a challenge-response mechanism, along with public key cryptography to implement a more secure and more convenient second-factor authentication solution

Time-based token (TOTP)

A One-Time-Password that's rotated periodically

Ticket granting service (TGS)

It decrypts the Ticket Granting Ticket using the Ticket Granting Service secret key, which provides the Ticket Granting Service with the client Ticket Granting Service session key

TACACS+

It is a device access AAA system that manages who has access to your network devices and what they do on them

StartTLS

It permits a client to communicate using LDAP v3 over TLS

Single Sign-on (SSO)

An authentication concept that allows users to authenticate once to be granted access to a lot of different services and applications

Security keys

Small embedded cryptoprocessors, that have secure storage of asymmetric keys and additional slots to run embedded code

Risk mitigation

Understanding the risks your systems face, take measures to reduce those risks, and monitor them

Remote Authentication Dial-in User Service (RADIUS)

A protocol that provides AAA services for users on a network

Physical tokens

They take a few different forms, such as a USB device with a secret token on it, a standalone device which generates a token, or even a simple key used with a traditional lock

Organizational units (OUs)

Folders that let us group related objects into units like people or groups to distinguish between individual user accounts and groups that accounts can belong to

OpenID

An open standard that allows participating sites known as Relying Parties to allow authentication of users utilizing a third party authentication service

One-time password (OTP) tokens

Another very common method for handling multifactor

One-time password (OTP)

A short-lived token, typically a number that's entered along with a username and password

OAuth

An open standard that allows users to grant third-party websites and applications access to their information without sharing account credentials

Network time protocol (NTP)

A network protocol used to synchronize the time between the authenticator token and the authentication server

Multifactor authentication (MFA)

A system where users are authenticated by presenting multiple pieces of information or objects

Lightweight Directory Access Protocol (LDAP)

An open industry-standard protocol for accessing and maintaining directory services; the most popular open-source alternative to the DAP

Kerberos

A network authentication protocol that uses tickets to allow entities to prove their identity over potentially insecure channels to provide mutual authentication

Identification

The idea of describing an entity uniquely

Extensible authentication protocol (EAP over LAN, or EAPOL)

A standard authentication protocol

Distinguished name (DN)

A unique identifier for each entry in the directory

Data information tree

A structure where objects will have one parent and can have one or more children that belong to the parent object

Counter-based tokens

They use a secret seed value along with the secret counter value that's incremented every time a one-time password is generated on the device

Client certificates

They operate very similarly to server certificates but are presented by clients and allow servers to authenticate and verify clients

Certificate Revocation List (CRL)

A means to distribute a list of certificates that are no longer valid

Biometric authentication

Authentication that uses Biometric data

Bind

It is how clients authenticate to the server

Authorization

It pertains to describing what the user account has access to or doesn't have access to

Authentication server (AS)

It includes the user ID of the authenticating user

Authentication

A crucial application for cryptographic hash functions

Auditing

It involves reviewing records to ensure that nothing is out of the ordinary

Accounting

Keeping records of what resources and services your users access or what they did when they were using your systems

Access Control List (ACL)

It is a way of defining permissions or authorizations for objects

Access Control Entries

The individual access permissions per object that make up the ACL

X.509 standard

It is what defines the format of digital certificates, as well as a certificate revocation list or CRL

Web of trust

It is where individuals instead of certificate authorities sign other individuals' public keys

VPN (Virtual Private Network)

A secure method of connecting a device to a private network over the internet

Version

What version of the X.509 standard certificate adheres to

Validity

This field contains two subfields, Not Before and Not After, which define the dates when the certificate is valid for

Username and password authentication

Can be used in conjunction with certificate authentication, providing additional layers of security

Tunnel mode

One of the two modes of operations supported by IPsec. When used, the entire IP packet, header, payload, and all, is encrypted and encapsulated inside a new IP packet with new headers

Tunnel

It is provided by L2TP, which permits the passing of unmodified packets from one network to another

Trusted execution environment (TEE)

It provides a full-blown isolated execution environment that runs alongside the main OS

Transport mode

One of the two modes of operations supported by IPsec. When used, only the payload of the IP packet is encrypted, leaving the IP headers untouched

TPM (Trusted Platform Module)

This is a hardware device that's typically integrated into the hardware of a computer, that's a dedicated crypto processor

TLS Handshake

A mechanism to initially establish a channel for an application to communicate with a service

TLS 1.2 with AES GCM

A specific mode of operation for the AES block cipher that essentially turns it into a stream cipher

TLS 1.2

The current recommended revision of SSL

Symmetric key algorithm

Encryption algorithms that use the same key to encrypt and decrypt messages

Substitution cipher

An encryption mechanism that replaces parts of your plaintext with ciphertext

Subject Public Key Info

These two subfields define the algorithm of the public key along with the public key itself

Subject

This field contains identifying information about the entity the certificate was issued to

Stream ciphers

It takes a stream of input and encrypts the stream one character or one digit at a time, outputting one encrypted character or digit at a time