Computer Networks and Security

Flashcards covering key vocabulary terms from the lecture notes on computer networks and security.

Computer Networks

A collection of connected devices that can communicate with each other.

Computer Networking

Connecting computing devices to enable transmission and exchange of information and resources.

LAN (Local Area Network)

Devices connected in a single, limited physical location.

MAN (Metropolitan Area Network)

Connects a larger area, such as a city, by connecting multiple LANs.

WAN (Wide Area Network)

A collection of LANs or other networks that communicate with each other.

The Internet

The largest WAN, a network of networks spanning the entire world.

Security

Protection from harm or the state of feeling safe.

Network Security

Protects a network's infrastructure from unauthorized access, theft, and misuse.

Network Administrator

Manages network operations, troubleshoots issues, manages user access, and ensures network security.

Network Architect

Designs network structure, including hardware, software, and protocols, considering scalability.

Network Analyst

Analyzes network performance and recommends improvements.

Network Engineer

Focuses on the technical aspects of network design and implementation such as routers, switches, and firewalls.

CCNA (Cisco Certified Network Associate)

Networking fundamentals certification.

CCNP (Cisco Certified Network Professional)

Expands skills and understanding of networking.

CCIE (Cisco Certified Internetwork Expert)

For senior networking professionals who design, build, implement, maintain, and troubleshoot complex enterprise networking infrastructures.

CompTIA Network+

Vendor-neutral certification covering networking basics.

JNCIA-Junos (Juniper Networks Certified Associate - Junos)

Associate-level certification for Juniper Networks technologies.

CISSP (Certified Information Systems Security Professional)

Demonstrates experience in IT security and cybersecurity program management.

CISA (Certified Information Systems Auditor)

Expertise in assessing security vulnerabilities and designing/implementing controls.

CISM (Certified Information Security Manager)

Expertise in the management side of information security.

Routers

Connects multiple devices to a network, allowing them to communicate, and directs data packets between them.

Switches

Connects multiple devices on a single network, controlling the flow of data to the correct destination.

Access Points (AP)

Facilitates wireless devices connecting to a wired network.

Servers

A computer or system that provides resources, data, services, or programs to other computers (clients) over a network.

SSH (Secure Shell)

A secure and encrypted protocol for remote access.

Telnet

An older, unencrypted protocol for remote access.

Console Access

Direct physical connection to the device's console port for configuration and troubleshooting.

HTTPS (Web Interface)

Accessing the device's management interface through a web browser, often using HTTPS for secure communication.

Remote Desktop Protocol

A protocol for connecting to a remote computer's desktop, allowing for graphical control.

Firewalls

A network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.

Attack Vector

A path by which a threat actor can gain access to a server, host, or network.

Adaptive Security Appliance (ASA)

Provides stateful firewall features and establishes secure Virtual Private Network (VPN) tunnels to various destinations.

Data Center Networks

Emphasize physical security and use VPNs with ASA devices.

Data Campus Area Networks

Secured using VPNs, ASA firewalls, IPS, Layer 3 and Layer 2 switches, ESA/WSA, AAA servers, and host security measures.

Small Office and Home Office Networks

Secured with consumer-grade wireless routers, Layer 2 switches, WPA2 encryption, and host-based antivirus/antimalware.

Virtualization

Foundation of cloud computing, separating the application from hardware and the operating system from the hardware.

Hyperjacking

An attacker hijacks a VM hypervisor (VM controlling software) and then use it as a launch point to attack other devices on the data center network.

Instant On Activation

When a VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.

Antivirus Storms

Happens when all VMs attempt to download antivirus data files at the same time.

Borderless Network (Cisco)

Accommodate Bring Your Own Device (BYOD) trends, allowing users to access resources from various locations and devices using various connectivity methods.

Mobile Device Management (MDM)

Features provide data encryption, PIN enforcement, data wipe, DLP, and jailbreak/root detection.

Data Encryption (MDM)

Ensures that only devices that support data encryption and have it enabled can access the network and content.

PIN Enforcement (MDM)

The first and most effective step in preventing unauthorized access to a device.

Data Wipe (MDM)

Lost or stolen devices can be remotely fully-or partially-wiped, either by the user or by an administrator via the MDM.

Data Loss Prevention (DLP)

Prevents authorized users from doing careless or malicious things with critical data.

Jailbreak/Root Detection

MDM features can detect bypasses and immediately restrict a device’s access to the network or assets.

Hacker

Common term used to describe a threat actor.

Script Kiddies

Inexperienced individuals typically teenagers using automated tools to exploit vulnerabilities, to cause harm.

Vulnerability Brokers

Grey hat hackers reporting vulnerabilities for rewards.

Hacktivists

Hackers motivated by political or social agendas.

Cybercriminals

Black hat hackers driven by financial gain, often organized within criminal networks.

State-Sponsored

Organized groups acting on behalf of a government, focusing on espionage and sabotage.

Password Crackers

Tools used to recover passwords.

Wireless Hacking Tools

Tools that identify vulnerabilities in wireless networks.

Network Scanners

Tools used to probe network devices, servers, and hosts for open TCP or UDP ports.

Packet Crafting Tools

Tools used to probe and test a firewall’s robustness using specially crafted forged packets.

Packet Sniffers

Tools used to capture and analyze packets within traditional Ethernet LANs or WLANs.

Rootkit detectors

A directory and file integrity checker used by white hat hackers to detect installed root kits.

Fuzzers

Tools used by threat actors when attempting to discover a computer system’s security vulnerabilities.

Forensic Tools

Tools to sniff out any trace of evidence existing in a particular computer system.

Debuggers

Tools used by black hat hackers to reverse engineer binary files when writing exploits, also used by white hat hackers when analyzing malware.

Hacking operating systems

Designed operating systems preloaded with tools and technologies optimized for hacking.

Encryption tools

Tools that safeguard the contents of an organization’s data when it is stored or transmitted.

Cyber Threat Indicators

Features that identify malware files, IP addresses of servers that are used in attacks, filenames, and characteristic changes made to end system software

Indicators of attack (IOA)

Focus more on the motivation behind an attack and the potential means by which threat actors have, or will, compromise vulnerabilities to gain access to assets.

Vulnerability exploitation tools

Tools that identify whether a remote host is vulnerable to a security attack.

Vulnerability scanners

Tools that scan a network or system to identify open ports and scan for known vulnerabilities and scan VMs, BYOD devices, and client databases.

Eavesdropping attack

When a threat actor captures and listens to network traffic.

Data modification attack

Occur when a threat actor has captured enterprise traffic and has altered the data in the packets without the knowledge of the sender or receiver.

IP address spoofing attack

When a threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet.

Password-based attacks

Occur when a threat actor obtains the credentials for a valid user account that let attackers list users, map networks, alter configurations, and manipulate data.

Denial-of-service (DoS) attack

Prevents normal use of a computer or network by valid users.

Man-in-the-middle attack (MiTM)

When threat actors have positioned themselves between a source and destination to actively monitor, capture, and control the communication transparently.

Compromised key attack

When a threat actor obtains a secret key, can be used to gain access to a secured communication.

Sniffer attack

An application or device that can read, monitor, and capture network data exchanges and read network packets.

Malware

Malicious software/code, is specifically designed to damage, disrupt, steal, or generally inflict some other “bad” or illegitimate action on data, hosts, or networks.

Viruses

Malicious codes that infect other programs and often require human intervention for propagation.

Trojans

Malicious software that masquerades as legitimate applications, performing harmful actions once executed.

Worms

Similar to viruses but can replicate themselves autonomously across networks.

Enabling vulnerability

A worm installs itself using an exploit mechanism, such as an email attachment, an executable file, or a Trojan horse, on a vulnerable system.

Propagation mechanism

After gaining access to a device, the worm replicates itself and locates new targets.

Payload

Any malicious code that results in some action.

Reconnaissance Attack

Unauthorized discovery and mapping of systems, services, or vulnerabilities.

Perform an information query of a target

The threat actor is looking for initial information about a target.

Initiate a ping sweep of the target network

The threat actor can now initiate a ping sweep to determine which IP addresses are active.

Initiate a port scan of active IP addresses

Used to determine which ports or services are available.

Run vulnerability scanners

To query the identified ports to determine the type and version of the application and operating system that is running on the host.

Access Attacks

Exploit known vulnerabilities in authentication services, FTP services, and web services.

Social Engineering Attacks

Attempts to manipulate individuals into performing actions or divulging confidential information

Pretexting

A threat actor pretends to need personal or financial data to confirm the identity of the recipient.

Phishing

A threat actor sends fraudulent email which is disguised as being from a legitimate, trusted source to trick the recipient into installing malware on their device, or to share personal or financial information.

Spear phishing

A threat actor creates a targeted phishing attack tailored for a specific individual or organization.

Spam

Also known as junk mail, this is unsolicited email which often contains harmful links, malware, or deceptive content.

Something for Something

A threat actor requests personal information from a party in exchange for something such as a gift.

Baiting

A threat actor leaves a malware-infected flash drive in a public location and finds a victim.

Impersonation

A threat actor pretends to be someone else.

Tailgating

A threat actor quickly follows an authorized person into a secure location to gain access to a secure area.

Shoulder surfing

A threat actor inconspicuously looks over someone’s shoulder to steal their passwords or other information.

Dumpster diving

A threat actor rummages through trash bins to discover confidential documents.

Run exploitation tools

The threat actor now attempts to discover vulnerable services that can be exploited.