Comptia Security+ Terms

Vulnerability Scanner

An application that identifies security issues on a network and gives suggestions on how to prevent the issues. A management control type.

Port Scanner

An application that identifies ports and services that are at risk on a network.

IDS

An application that detects when network intrusions occur and identifies the appropriate personnel..

Virus Scanner

An application that protects a system against viruses.

NAT Server

Presents public IP addresses to the internet on behalf of computers on a private network.

Proxy Server

Can be used to enable hosts to access Internet resources. Can increase the performance of a network by cachig Web pages, which can reduce the amount of time required for clients to access Web pages.

Isolation Mode

Ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients.

PEAP

Protected Extensible Authentication Protocol. A secure password-based authentication protocol created to simplify secure authentication.

LEAP

Lightweight Extensible Authentication Protocol. An authentication protocol used exclusively by Cisco.

RAID Level 0

Disk striping. Stripes data across the drives to improve disk read/write efficiency. Does not provide redundancy.

RAID Level 1

Disk mirroring or disk duplexing. Any data written to disk one is also written to disk two. Provides redundancy.

RAID Level 5

Disk striping with parity and data across all disks in the array. Requires at least three hard disks.

Protection against PBX attacks

Turn off remote maintenance features when not needed. Use strong authentication on the remote maintenance ports. Keep PBX terminals in a locked, restricted area. Replace or disable embedded logins and passwords.

Technical Controls

Used to restrict data access and operating system components, security applications, network devices, protocols, and encryption techniques. Include all authentication mechanisms.

Detective Controls

Used to detect intrusion when it occurs.

Preventative Controls

Used to prevent intrusion before it occurs.

Administrative/Management Controls

Dictates how security policies are implemented to fulfill the company's security goals.

Physical/Operation controls

Implemented to secure physical access to an object.

Bit-level copy of original disk

Making a copy at the sector level to cover every part of the area that can store user data. Preferred for forensic investigation.

Byte-level copy of the hard disk

Initiates the forensic imaging of the attacked workstation. Not preferred for forensic analysis.

Session Riding

XSRF. Involves unauthorized commands from a trusted user to a user or web site.

Baselining

Process of comparing performance to a recorded metric.

Buffer Overflow

A type of DoS attack and occurs when more data is put into the buffer than it can handle.

Macro Virus

Programming instructions in a programming language that commands an application to perform illegal actions.

IPSec

Can work in either tunnel mode or transport mode. Uses ESP and AH as security protocols for encapsulation. Framework is used in a VPN implementation to secure transmissions.

Diameter

RADIUS implementation that was created to deal with VoIP and wireless services.

TACACS+

CISCO implementation of RADIUS. Uses multiple challenge responses for authentication, authorization, and auditing.

Hubs

Packets are visible to every node on the network. Susceptible to traffic sniffing.

Switches

Packets are forwarded only to the hose for which the packet is intended. Provides some protection to traffic sniffing.

Anomaly-based Monitoring

Detects any changes or deviations in network traffic. Requires a baseline to be established.

Signature-based Monitoring

Watches for intrusions that match a known identity or signature when checked against a database that contains the identities of possible attacks.

Behavior-based Monitoring

Looks for behavior that is not allowed and acts accordingly.

Network-based Monitoring

Monitors all network traffic. It implements passive and active responses.

20, 21/989, 990 TCP

FTP/FTPS Port #

22 TCP

SSH, SCP, SFTP Port #

23 TCP

Telnet Port #

25/465 TCP

SMTP/SMTPS Port #

49 TCP

TACACS+ Port #

53 TCP/UDP

DNS Port #

67,68 UDP

DHCP Port #

69 UDP

TFTP Port #

80/443 TCP

HTTP/HTTPS Port #

88 TCP/UDP

Kerberos Port #

110/995 TCP

POP3/ POP3S Port #

119/563 TCP

NNTP/NNTPS Port #

139/445 TCP, 137,138/445 UDP

NetBIOS/SMB Port #

143/993 TCP

IMAP/IMAPS Port #

161,162 UDP

SNMP/SNMP Trap Port #

389/636 TCP

LDAP/LDAPS Port #

1701 UDP

L2TP Port #

1723 TCP

PPTP Port #

1812,1813 UDP

RADIUS Port #

2049 TCP

NFS Port #

6881-6999 TCP

Bit Torrents Port #

3389 TCP

RDP Port #

Business Continuity Plan

Ensures that policies are in place to deal with long-term outages and disasters to sustain operations. Mainly focuses on the continuity of the data, telecommunications, and information systems infrastructures.

Ping of Death

DoS attack. Major increase in ICMP traffic.

Reducing Surface Area Attacks

Disable unnecessary ports/services/protocols. Use least privilege. Apply defense in depth. Don't trust user input. Fail securely. Secure the weakest link. Create secure defaults.

Hardening

Disable unnecessary accounts. Protect management interfaces and applications. Implement password protection.

DLL Injection

Spyware technique that inserts a dynamic link library (DLL) into a running processes memory.

SMTP Open Relay

An email feature that allows any internet user to send e-mail messages through the SMTP server.

Web Security Gateway

Filters Web content

Spam filter

blocks unwanted messages

VPN Concentrator

Tunnels private communication over internet

Rootkit

A collection of programs that grants a hacker administrative access to a computer or network.

ICQ

An Instant Messaging (IM) package. Enables users to send and receive IMs in real time.

ICP

Enables Web Caching servers to interoperate for improved performance.

IPP

Supports remote printing on Transmission Control Protocol/Internet Protocol (TCP/IP) networks.

IPX

A routing and addressing protocol used on IPX/SPX networks.

L2TP

Encrypts transmitted traffic on VPN connections.

Bastion Host

A system that is hardened to resist attacks.

Layer 1

Physical. Provides function to establish and maintain the physical link between network devices. Repeaters work at this level.

Layer 2

Data Link. Bridges, MAC Addresses work here.

Layer 3

Network. Routers operate at this layer.

Layer 4

Transport. Segments and reassembles data into a data stream and provides reliable and unreliable end-to-end data transmission.

Layer 5

Session. Starts, maintains, and stops sessions between application on different network devices.

Bcrypt or Password-Based Key Derivation Function 2 (PBKDF2)

Key stretching functions

LDAP

Entries are contained in a directory information tree (DIT) which is a hierarchical structure that can be searched for directory information.

ad hoc

An 802.11b communications mode that enables wireless devices to communicate directly.

BitLocker

The windows vista (and higher) component that encrypts an entire volume with 128-bit encryption to prevent information from being read if the drive is lost or stolen.

Fault generation

A smart card attack that allows a hacker to uncover the encryption key using reverse engineering.

Microprobing

An intrusive smart card attack in which the card is physically manipulated until the ROM chip can be accessed.

Spanning Tree Protocol (STP)

Primary loop protection on an Ethernet network. Helps mitigate the risk of Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.

Time To Live (TTL)

Primary loop protection on an IP network.

Keyed Hashing for Message Authentication Code (KHMAC)

Used to digitally sign packets that are transmitted on Internet Protocol Security (IPSec) connections.

RADIUS

Enables remote access users to log on to a network through a shared authentication database.

Wildcard

PKI component that reduces the certificate management burden by allowing one certificate to be used for multiple subdomains.

OCSP

PKI component that checks online certificate status in real time.

CSR

PKI component that messages sent from an user or application to a CA to apply for a digital certificate.

CRL

PKI Component that contains a list of certificates that have been issued and subsequently rescinded by a given CA.

SSH

A protocol that uses a secure channel to connect a server and a client

SSL

A protocol that secures messages between the Application and Transport layer

SCP

A protocol that allows files to be copied over a secure connection.

ICMP

A protocol used to test and report on path information between network devices.

56 bit

DES old NIST standard

168 bit

3DES used in PGP

128,192,256 bit

AES NIST current standard

40-128bit

CAST used in PGP

Stream WEP

RC4

up to 2048bit

RC5