1/106
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
Vulnerability Scanner
An application that identifies security issues on a network and gives suggestions on how to prevent the issues. A management control type.
Port Scanner
An application that identifies ports and services that are at risk on a network.
IDS
An application that detects when network intrusions occur and identifies the appropriate personnel..
Virus Scanner
An application that protects a system against viruses.
NAT Server
Presents public IP addresses to the internet on behalf of computers on a private network.
Proxy Server
Can be used to enable hosts to access Internet resources. Can increase the performance of a network by cachig Web pages, which can reduce the amount of time required for clients to access Web pages.
Isolation Mode
Ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients.
PEAP
Protected Extensible Authentication Protocol. A secure password-based authentication protocol created to simplify secure authentication.
LEAP
Lightweight Extensible Authentication Protocol. An authentication protocol used exclusively by Cisco.
RAID Level 0
Disk striping. Stripes data across the drives to improve disk read/write efficiency. Does not provide redundancy.
RAID Level 1
Disk mirroring or disk duplexing. Any data written to disk one is also written to disk two. Provides redundancy.
RAID Level 5
Disk striping with parity and data across all disks in the array. Requires at least three hard disks.
Protection against PBX attacks
Turn off remote maintenance features when not needed. Use strong authentication on the remote maintenance ports. Keep PBX terminals in a locked, restricted area. Replace or disable embedded logins and passwords.
Technical Controls
Used to restrict data access and operating system components, security applications, network devices, protocols, and encryption techniques. Include all authentication mechanisms.
Detective Controls
Used to detect intrusion when it occurs.
Preventative Controls
Used to prevent intrusion before it occurs.
Administrative/Management Controls
Dictates how security policies are implemented to fulfill the company's security goals.
Physical/Operation controls
Implemented to secure physical access to an object.
Bit-level copy of original disk
Making a copy at the sector level to cover every part of the area that can store user data. Preferred for forensic investigation.
Byte-level copy of the hard disk
Initiates the forensic imaging of the attacked workstation. Not preferred for forensic analysis.
Session Riding
XSRF. Involves unauthorized commands from a trusted user to a user or web site.
Baselining
Process of comparing performance to a recorded metric.
Buffer Overflow
A type of DoS attack and occurs when more data is put into the buffer than it can handle.
Macro Virus
Programming instructions in a programming language that commands an application to perform illegal actions.
IPSec
Can work in either tunnel mode or transport mode. Uses ESP and AH as security protocols for encapsulation. Framework is used in a VPN implementation to secure transmissions.
Diameter
RADIUS implementation that was created to deal with VoIP and wireless services.
TACACS+
CISCO implementation of RADIUS. Uses multiple challenge responses for authentication, authorization, and auditing.
Hubs
Packets are visible to every node on the network. Susceptible to traffic sniffing.
Switches
Packets are forwarded only to the hose for which the packet is intended. Provides some protection to traffic sniffing.
Anomaly-based Monitoring
Detects any changes or deviations in network traffic. Requires a baseline to be established.
Signature-based Monitoring
Watches for intrusions that match a known identity or signature when checked against a database that contains the identities of possible attacks.
Behavior-based Monitoring
Looks for behavior that is not allowed and acts accordingly.
Network-based Monitoring
Monitors all network traffic. It implements passive and active responses.
20, 21/989, 990 TCP
FTP/FTPS Port #
22 TCP
SSH, SCP, SFTP Port #
23 TCP
Telnet Port #
25/465 TCP
SMTP/SMTPS Port #
49 TCP
TACACS+ Port #
53 TCP/UDP
DNS Port #
67,68 UDP
DHCP Port #
69 UDP
TFTP Port #
80/443 TCP
HTTP/HTTPS Port #
88 TCP/UDP
Kerberos Port #
110/995 TCP
POP3/ POP3S Port #
119/563 TCP
NNTP/NNTPS Port #
139/445 TCP, 137,138/445 UDP
NetBIOS/SMB Port #
143/993 TCP
IMAP/IMAPS Port #
161,162 UDP
SNMP/SNMP Trap Port #
389/636 TCP
LDAP/LDAPS Port #
1701 UDP
L2TP Port #
1723 TCP
PPTP Port #
1812,1813 UDP
RADIUS Port #
2049 TCP
NFS Port #
6881-6999 TCP
Bit Torrents Port #
3389 TCP
RDP Port #
Business Continuity Plan
Ensures that policies are in place to deal with long-term outages and disasters to sustain operations. Mainly focuses on the continuity of the data, telecommunications, and information systems infrastructures.
Ping of Death
DoS attack. Major increase in ICMP traffic.
Reducing Surface Area Attacks
Disable unnecessary ports/services/protocols. Use least privilege. Apply defense in depth. Don't trust user input. Fail securely. Secure the weakest link. Create secure defaults.
Hardening
Disable unnecessary accounts. Protect management interfaces and applications. Implement password protection.
DLL Injection
Spyware technique that inserts a dynamic link library (DLL) into a running processes memory.
SMTP Open Relay
An email feature that allows any internet user to send e-mail messages through the SMTP server.
Web Security Gateway
Filters Web content
Spam filter
blocks unwanted messages
VPN Concentrator
Tunnels private communication over internet
Rootkit
A collection of programs that grants a hacker administrative access to a computer or network.
ICQ
An Instant Messaging (IM) package. Enables users to send and receive IMs in real time.
ICP
Enables Web Caching servers to interoperate for improved performance.
IPP
Supports remote printing on Transmission Control Protocol/Internet Protocol (TCP/IP) networks.
IPX
A routing and addressing protocol used on IPX/SPX networks.
L2TP
Encrypts transmitted traffic on VPN connections.
Bastion Host
A system that is hardened to resist attacks.
Layer 1
Physical. Provides function to establish and maintain the physical link between network devices. Repeaters work at this level.
Layer 2
Data Link. Bridges, MAC Addresses work here.
Layer 3
Network. Routers operate at this layer.
Layer 4
Transport. Segments and reassembles data into a data stream and provides reliable and unreliable end-to-end data transmission.
Layer 5
Session. Starts, maintains, and stops sessions between application on different network devices.
Bcrypt or Password-Based Key Derivation Function 2 (PBKDF2)
Key stretching functions
LDAP
Entries are contained in a directory information tree (DIT) which is a hierarchical structure that can be searched for directory information.
ad hoc
An 802.11b communications mode that enables wireless devices to communicate directly.
BitLocker
The windows vista (and higher) component that encrypts an entire volume with 128-bit encryption to prevent information from being read if the drive is lost or stolen.
Fault generation
A smart card attack that allows a hacker to uncover the encryption key using reverse engineering.
Microprobing
An intrusive smart card attack in which the card is physically manipulated until the ROM chip can be accessed.
Spanning Tree Protocol (STP)
Primary loop protection on an Ethernet network. Helps mitigate the risk of Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.
Time To Live (TTL)
Primary loop protection on an IP network.
Keyed Hashing for Message Authentication Code (KHMAC)
Used to digitally sign packets that are transmitted on Internet Protocol Security (IPSec) connections.
RADIUS
Enables remote access users to log on to a network through a shared authentication database.
Wildcard
PKI component that reduces the certificate management burden by allowing one certificate to be used for multiple subdomains.
OCSP
PKI component that checks online certificate status in real time.
CSR
PKI component that messages sent from an user or application to a CA to apply for a digital certificate.
CRL
PKI Component that contains a list of certificates that have been issued and subsequently rescinded by a given CA.
SSH
A protocol that uses a secure channel to connect a server and a client
SSL
A protocol that secures messages between the Application and Transport layer
SCP
A protocol that allows files to be copied over a secure connection.
ICMP
A protocol used to test and report on path information between network devices.
56 bit
DES old NIST standard
168 bit
3DES used in PGP
128,192,256 bit
AES NIST current standard
40-128bit
CAST used in PGP
Stream WEP
RC4
up to 2048bit
RC5