CIS 245 Final Exam Review

studied byStudied by 10 people
0.0(0)
Get a hint
Hint

OSI Model Layers

1 / 187

flashcard set

Earn XP

188 Terms

1

OSI Model Layers

  • 7: Application

  • 6: Presentation

  • 5: Session

  • 4: Transport

  • 3: Network

  • 2: Data Link

  • 1: Physical

New cards
2

OSI Layer 7: Application

Human-computer interaction layer, where applications can access the network services.

New cards
3

OSI Layer 6: Presentation

Ensures that data is in a usable format and is where data encryption occurs.

New cards
4

OSI Layer 5: Session

Maintains connections and is responsible for controlling ports and sessions.

New cards
5

OSI Layer 4: Transport

Transmits data using transmission protocols including TCP and UDP.

New cards
6

OSI Layer 3: Network

Decides which physical path the data will take.

New cards
7

OSI Layer 2: Data Link

Defines the format of data on the network.

New cards
8

OSI Layer 1: Physical

Transmits raw bit stream over the physical medium.

New cards
9

AirPcap

The first open, affordable and easy-to-deploy 802.11 packet capture solution for Windows.

New cards
10

Black hat

Individuals who use their extraordinary computing skills for illegal or malicious purposes.

New cards
11

Botnet

A huge network of compromised systems and can be used by an attacker to launch denial-of-service attacks.

New cards
12

Exploit

A malicious code that breaches the system security via software vulnerabilities to access information or install malware.

New cards
13

Exposure

The disclosure of private data, financial loss, and discontinuation of operations.

New cards
14

Firewall

Hardware and/or software designed to prevent unauthorized access to or from a private network.

New cards
15

Grey hat

The individuals who work both offensively and defensively at various times.

New cards
16

IDS

An intrusion detection system (IDS) is a software system or hardware device that inspects all inbound and outbound network traffic for suspicious patterns that may indicate a network or system security breach.

New cards
17

IPS

Intrusion prevention systems (IPS) are continuous monitoring systems that often sit behind firewalls as an additional layer of protection.

New cards
18

Penetration test

A method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker could exploit.

New cards
19

Snort

An open-source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis and content searching/matching and is used to detect a variety of attacks and probes such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting attempts. It uses a flexible rules language to describe traffic to collect or pass, as well as a detection engine that utilizes a modular plug-in architecture.

New cards
20

Threat

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

New cards
21

Vulnerability

A weakness in an IT system that can be exploited by an attacker to deliver a successful attack.

New cards
22

Vulnerability assessment

An in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand the exploitation.

New cards
23

Vulnerability researcher

The process of analyzing protocols, services, and configurations to discover the vulnerabilities and design flaws that will expose an operating system and its applications to exploit, attack, or misuse.

New cards
24

Warchalking

Symbols are drawn in public places to advertise open Wi-Fi networks.

New cards
25

Wardriving

Attackers drive around with Wi-Fi-enabled laptops installed with a wireless discovery tool to map out open wireless networks.

New cards
26

White hat

Individuals who use their hacking skills for defensive purposes.

New cards
27

Cyber Kill Chain

  1. Reconnaissance: Gather data on the target to probe for weak points.

  2. Weaponization: Create a deliverable malicious payload using an exploit and a backdoor.

  3. Delivery: Send weaponized bundle to the victim using email, USB, etc.

  4. Exploitation: Exploit a vulnerability by executing code on the victim’s system.

  5. Installation: Install malware on the target system.

  6. Command and Control: Create a command and control channel to communicate and pass data back and forth.

  7. Actions on Objectives: Perform actions to achieve intended objectives/goals.

New cards
28

CAN-SPAM

A law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.

New cards
29

Digital Millenium Copyright Act (DMCA)

An American copyright law that implements two 1996 treaties from the World Intellectual Property Organization (WIPO): the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. In order to implement US treaty obligations, the DMCA defines legal prohibitions against circumvention of the technological protection measures employed by copyright owners to protect their works, and against the removal or alteration of copyright management information. It contains five different titles:

  • Title I: WIPO TREATY IMPLEMENTATION

  • Title II: ONLINE COPYRIGHT INFRINGEMENT LIABILITY LIMITATION

  • Title III: COMPUTER MAINTENANCE OR REPAIR

  • Title IV: MISCELLANEOUS PROVISIONS

  • Title V: PROTECTION OF CERTAIN ORIGINAL DESIGNS

New cards
30

Sarbanes Oxley Act (SOX)

Enacted in 2002, the Sarbanes-Oxley Act aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures. This act does not explain how an organization must store records but describes the records that organizations must store and the duration of their storage. The Act mandated several reforms to enhance corporate responsibility, enhance financial disclosures, and combat corporate and accounting fraud. It contains eleven different titles:

  • Title I: Public Company Accounting Oversight Board (PCAOB)

  • Title II: Auditor Independence

  • Title III: Corporate Responsibility

  • Title IV: Enhanced Financial Disclosures

  • Title V: Analyst Conflicts of Interest

  • Title VI: Commission Resources and Authority

  • Title VII: Studies and Reports

  • Title VIII: Corporate and Criminal Fraud Accountability

  • Title IX: White-Collar-Crime Penalty Enhancement

  • Title X: Corporate Tax Returns

  • Title XI: Corporate Fraud Accountability

New cards
31

Gramm-Leach-Bliley Act (GLBA)

Requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

New cards
32

Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA Privacy Rule provides federal protections for the individually identifiable health information held by covered entities and their business associates and gives patients an array of rights to that information. At the same time, the Privacy Rule permits the disclosure of health information needed for patient care and other necessary purposes.

The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to ensure the confidentiality, integrity, and availability of electronically protected health information.

New cards
33

Family Educational Rights and Privacy Act (FERPA)

The foundational federal law on the privacy of students’ educational records, FERPA safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.

New cards
34

FISMA

The Federal Information Security Management Act of 2002 was enacted to produce several key security standards and guidelines required by Congressional legislation. The FISMA provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets. It requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or another source.

New cards
35

Domain Name System (DNS)

A hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol networks. It associates various information with domain names assigned to each of the associated entities.

New cards
36

DNS Zone transfers

The process of transferring a copy of the DNS zone file from the primary DNS server to a secondary DNS server. In most cases, the primary DNS server maintains a backup or secondary server for redundancy, which holds all the information stored in the primary server. The DNS server uses zone transfer to distribute changes made to the main server to the secondary server(s). An attacker performs DNS zone transfer enumeration to locate the DNS server and access records of the target organization. If the DNS server of the target organization allows zone transfers, then attackers can perform DNS zone transfer to obtain DNS server names, hostnames, machine names, usernames, IP addresses, aliases, etc. assigned within a target domain.

New cards
37

DNS Zone poisoning

A hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it's completed, a hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works.

New cards
38

DNS Cache Poisoning

Refers to altering or adding forged DNS records into the DNS resolver cache so that a DNS query is redirected to a malicious site.

New cards
39

DNS reflection/amplification distributed denial-of-service (DDoS)

A common two-step DDoS attack in which the attacker manipulates open DNS servers. The cybercriminal first uses a spoofed IP address to send massive requests to DNS servers. The DNS server then replies to the request, creating an attack on the target victim. The size of these attacks is larger than the spoofed request, resulting in large amounts of traffic going to the victim server. The attack often results in complete inaccessibility of data for a company or organization.

New cards
40

Regional Internet Registrars (location)

The RIRs include the following:

  • American Registry for Internet Numbers (ARIN) (https://www.arin.net)

  • African Network Information Center (AFRINIC) (https://www.afrinic.net)

  • Asia Pacific Network Information Center (APNIC) (https://www.apnic.net)

  • Réseaux IP Européens Network Coordination Centre (RIPE) (https://www.ripe.net)

  • Latin American and Caribbean Network Information Center (LACNIC) (https://www.lacnic.net)

New cards
41

ARIN

American Registry for Internet Numbers

New cards
42

APNIC

Asia Pacific Network Information Center

New cards
43

LACNIC

Latin American and Caribbean Network Information Center

New cards
44

RIPE NCC

Réseaux IP Européens Network Coordination Centre

New cards
45

AfrNIC

African Network Information Center

New cards
46

Google Hacking

Refers to the use of advanced Google search operators for creating complex search queries to extract sensitive or hidden information. The accessed information is then used by attackers to find vulnerable targets. Footprinting using advanced Google hacking techniques involves locating specific strings of text within search results using advanced operators in the Google search engine.

New cards
47

Google Hacking Advanced Operators

  • Site

  • Ext

  • Loc

  • Intitle

  • Allintitle

  • Inurl

  • Allinurl

  • Incache

New cards
48

Site

This operator restricts search results to the specified site or domain.

  • For example, the [games site: www.certifiedhacker.com] query gives information on games from the certifiedhacker site.

New cards
49

Ext

This operator allows you to search for results based on a file extension.

  • For Example, [jasmine:jpg] will provide jpg files based on jasmine.

New cards
50

Loc

This operator finds information for a specific location.

  • For example, [location: 4 seasons restaurant] will give you results based on the term “4 seasons restaurant.”

New cards
51

Intitle

This operator restricts results to only the pages containing the specified term in the title.

  • For example, the [malware detection intitle:help] query returns only pages that have the term “help” in the title, and the terms “malware” and “detection” anywhere within the page.

New cards
52

Allintitle

This operator restricts results to only the pages containing all the query terms specified in the title.

  • For example, the [allintitle: detect malware] query returns only pages containing the words “detect” and “malware” in the title.

New cards
53

Inurl

This operator restricts the results to only the pages containing the specified word in the URL.

  • For example, the [inurl: copy site:www.google.com] query returns only Google pages in which the URL has the word “copy.”

New cards
54

Allinurl

This operator restricts results to only the pages containing all the query terms specified in the URL.

  • For example, the [allinurl: google career] query returns only pages containing the words “google” and “career” in the URL.

New cards
55

Nmap scans

A security scanner for network exploration and hacking. It allows you to discover hosts, ports, and services on a computer network, thus creating a "map" of the network. It sends specially crafted packets to the target host and then analyzes the responses to accomplish its goal. It scans vast networks of literally hundreds of thousands of machines. Nmap includes many mechanisms for port scanning (TCP and UDP), OS detection, version detection, ping sweeps, and so on.

New cards
56

NMAP discovery scans

  • -sP

  • -sL

  • -sO

  • -sV

New cards
57

-sP

Perform a ping scan only

New cards
58

-sL

Create a host list

New cards
59

-sO

OS detection

New cards
60

-sV

Service version detectioon

New cards
61

Important nmap options

  • -A

  • -n

  • -v

  • -P0

New cards
62

-A

Aggressive scan

New cards
63

-n

Disable reverse DNS resolution

New cards
64

-v

Version detection

New cards
65

-P0

Disable ICMP scan type

New cards
66

Ports

  • FTP

  • SSH

  • Telnet

  • SMTP

  • WIND

  • DNS

  • HTTP

  • Kerberos

  • POP3

  • NNTP

  • SMB

  • IMAP

  • LDAP

  • RDP

New cards
67

FTP (File Transfer Protocol)

Ports 20 (data) and 21 (control): A connection-oriented protocol used for transferring files over the Internet and private networks. FTP is controlled on TCP port 21, and for data transmission, FTP uses TCP port 20 or some dynamic port numbers depending on the server configuration. If attackers identify that FTP server ports are open, then they perform enumeration on FTP to find information such as the software version and state of existing vulnerabilities to perform further exploitations such as the sniffing of FTP traffic and FTP brute-force attacks

New cards
68

SSH (Secure Shell)

Port 22: A command-level protocol mainly used for managing various networked devices securely. It is generally used as an alternative protocol to the unsecure Telnet protocol. SSH uses the client/server communication model, and the SSH server, by default, listens to its client on TCP port 22. Attackers may exploit the SSH protocol by brute-forcing SSH login credentials.

New cards
69

Telnet

Port 23: Used for managing various networked devices remotely. It is an unsecure protocol because it transmits login credentials in the cleartext format. Therefore, it is mostly used in private networks. The Telnet server listens to its clients on port 23. Attackers can take advantage of the Telnet protocol to perform banner grabbing on other protocols such as SSH and SMTP, brute-forcing attacks on login credentials, port-forwarding attacks, etc.

New cards
70

SMTP (Simple Mail Transfer Protocol)

Port 25: A TCP/IP mail delivery protocol. It transfers email across the Internet and across local networks. It runs on the connection-oriented service provided by TCP and uses the well-known port number 25. Below table lists some commands used by SMTP and their respective syntaxes.

New cards
71

HTTP (HyperText Transfer Protocol)

Port 80:  A method for encoding and transporting information between a client (such as a web browser) and a web server. It is the primary protocol for transmission of information across the Internet.

New cards
72

Kerberos

Port 88: A network authentication protocol that provides strong authentication for client/server applications through secret-key cryptography, which provides mutual authentication. Both the server and the user verify each other’s identity. Messages sent through this protocol are protected against replay attacks and eavesdropping.

New cards
73

POP3 (Post Office Protocol)

Port 110: An application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 is the version in common use, and along with IMAP the most common protocols for email retrieval.

New cards
74

NNTP (Network News Transfer Protocol)

Port 119: Used to relay Usenet news articles from discussions over the newsgroup. Usenet newsgroups can be a useful source of valuable information about a target. Many professionals seek help on Usenet newsgroups by posting questions and asking for solutions. To obtain solutions to these issues, they sometimes post more detailed information about the target than needed.

New cards
75

SMB (Server Message Block)

Port 445: A transport protocol that is generally used by Windows systems for providing shared access to files, printers, and serial ports as well as remote access to Windows services. By default, SMB runs directly on TCP port 445 or via the NetBIOS API on UDP ports 137 and 138 and TCP ports 137 and 139.

New cards
76

IMAP (Internet Message Access Protocol)

Port 143: Allows a client to access and manipulate electronic mail messages on a server. This protocol offers inadequate security, which allows attackers to obtain data and user credentials in cleartext.

New cards
77

LDAP (Lightweight Directory Access Protocol)

Port 389: An Internet protocol for accessing distributed directory services. LDAP accesses directory listings within Active Directory or from other directory services.

New cards
78

RDP (Remote Desktop Protocol)

Port 3389:  A proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection.

New cards
79

Password Cracking Tools

  • John the Ripper

  • L0phtcrack

  • 0phtcrack

  • Cain and Abel

New cards
80

John the Ripper

A free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms.

New cards
81

L0phtcrack

A tool designed to audit passwords and recover applications. It recovers lost Microsoft Windows passwords with the help of a dictionary, hybrid, rainbow table, and brute-force attacks. It can also be used to check the strength of a password.

New cards
82

0phtcrack

A free open-source program that cracks Windows log-in passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows

New cards
83

Cain and Abel

A password recovery tool that allows the recovery of passwords by sniffing the network and cracking encrypted passwords. The ARP poisoning feature of the Cain & Abel tool involves sending free spoofed ARPs to the network’s host victims. This spoofed ARP can make it easier to attack a middleman.

New cards
84

Trojans and Malware

  • Wrapper or binder

  • Rootkit

  • HTTP trojan

  • Netcat

  • Hoax

  • Keylogger

New cards
85

Wrapper or binder

A wrapping attack is performed during the translation of the SOAP message in the TLS layer where attackers duplicate the body of the message and sends it to the server as a legitimate user.

New cards
86

Rootkit

Programs that hide their presence as well as attacker’s malicious activities, granting them full access to the server or host at that time, and in the future.

New cards
87

HTTP trojan

HTTP/HTTPS Trojans can bypass any firewall and work in reverse, as opposed to a straight HTTP tunnel. They use web-based interfaces and port 80. The execution of these Trojans takes place on the internal host and spawns a child program at a predetermined time. The child program is a user to the firewall; hence, the firewall allows the program to access the Internet. However, this child program executes a local shell, connects to the webserver that the attacker owns on the Internet through an apparently legitimate HTTP request, and sends it a ready signal. The apparently legitimate answer from the attacker’s web server is, in fact, a series of commands that the child can execute on the machine’s local shell. The attacker converts all the traffic into a Base64-like structure and gives it as a value for a cgi-string to avoid detection.

New cards
88

Netcat

You can use the following Netcat command to establish a connection with the target vulnerable server and identify the services or functions provided by the server.

* nc -nv <Target IP> <Target Port>
New cards
89

Hoax

Messages that issue fake warnings to the user about new viruses, Trojans, or worms that may harm the user’s system.

New cards
90

Keylogger

Keystroke loggers are programs or hardware devices that monitor each keystroke as the user types on a keyboard, logs onto a file, or transmits them to a remote location.

New cards
91

Famous Trojans

  • Tini

  • Loki

  • Netbus

  • Back Orifice

  • Beast

  • Nuclear RAT

New cards
92

Tini

Tiny Banker Trojan, also called Tinba, is a malware program that targets financial institution websites. It is a modified form of an older form of viruses known as Banker Trojans, yet it is much smaller in size and more powerful. It works by establishing man-in-the-browser attacks and network sniffing.

New cards
93

Loki

A trojan that is often distributed as an attachment to phishing emails and other messages. Anti-phishing solutions that can identify and block malicious content in attachments from reaching the user can protect against infections by Lokibot.

New cards
94

Netbus

A software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a trojan horse. NetBus was written in Delphi by Carl-Fredrik Neikter, a Swedish programmer in March 1998.

New cards
95

Back Orifice

A computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a play on words on Microsoft BackOffice Server software.

New cards
96

Beast

A Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a "RAT". It is capable of infecting versions of Windows from 95 to XP. Written in Delphi and released first by its author Tataye in 2002, it became quite popular due to its unique features.

New cards
97

Nuclear RAT

Nuclear R.A.T is a trojan horse, first appearing in 2000. Nuclear R.A.T stands for Nuclear Remote Administration Tool. Nuclear is added on to the name because it's more powerful than other R.A.T malware.

New cards
98

Tools to detect trojans

  • Netstat / fport

  • Tcpview

  • Process viewer

  • Autoruns

  • Hijack This

  • Spybot S&D

New cards
99

Netstat / fport

It displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). When used without parameters, netstat displays only active TCP connections.

New cards
100

Tcpview

A Windows program that shows detailed listings of all TCP and UDP endpoints on the system, including the local and remote addresses, and the state of the TCP connections. It provides a subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality. When TCPView runs, it enumerates all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions.

New cards

Explore top notes

note Note
studied byStudied by 61 people
... ago
5.0(2)
note Note
studied byStudied by 3 people
... ago
5.0(1)
note Note
studied byStudied by 18 people
... ago
5.0(2)
note Note
studied byStudied by 4 people
... ago
5.0(1)
note Note
studied byStudied by 11 people
... ago
5.0(1)
note Note
studied byStudied by 8 people
... ago
5.0(1)
note Note
studied byStudied by 8 people
... ago
5.0(2)
note Note
studied byStudied by 1907 people
... ago
5.0(7)

Explore top flashcards

flashcards Flashcard (62)
studied byStudied by 11 people
... ago
5.0(1)
flashcards Flashcard (21)
studied byStudied by 48 people
... ago
4.8(5)
flashcards Flashcard (40)
studied byStudied by 279 people
... ago
5.0(1)
flashcards Flashcard (25)
studied byStudied by 202 people
... ago
5.0(2)
flashcards Flashcard (417)
studied byStudied by 19 people
... ago
5.0(1)
flashcards Flashcard (34)
studied byStudied by 62 people
... ago
5.0(1)
flashcards Flashcard (50)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (24)
studied byStudied by 5 people
... ago
5.0(1)
robot