Chapter 9 Key terms

rogue DHCP server

A DHCP service running on a client device that could be used to implement a MitM attack by configuring the attacker's IP address as the victim computers' default gateway or DNS server.

DRDoS (distributed reflection DoS) attack

A DoS attack bounced off of uninfected computers, called reflectors, before being directed at the target.

Asset tracking tags

A barcode or wireless-enabled transmitter used to track the movement or condition of equipment, inventory, or people.

honeypot

A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.

key fob

A device or app that provides remote control over locks and security systems.

badge

A form of identification that includes the person's name and perhaps a photo, title, or other information.

quid pro quo

A free gift or service is offered in exchange for private information or "temporary" access to the user's computer system.

SHA (Secure Hash Algorithm)

A hash algorithm originally designed by the NSA to eliminate the inherent weaknesses of the older MD5 hash. The most recent iteration is SHA-3, developed by private designers for a public competition in 2012.

logic bombs

A malicious program designed to start when certain conditions are met.

baiting

A malware-infected file, such as a free music download, or device, such as a USB flash drive, is seemingly left unguarded for someone to take and attempt to use on their own computer. The malware then infects the computer and gives the attacker access to the victim's computer, data, or online accounts.

honeynet

A network of honeypots.

tailgating

A person posing as an employee or a delivery or service provider follows an authorized employee into a restricted area.

cipher locks

A physical or electronic lock requiring a code to open the door.

phishing

A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.

penetration testing

A process of scanning a network for vulnerabilities and investigating potential security flaws.

bot

A process that runs automatically, without requiring a person to start or stop it.

Malware

A program or piece of code designed to intrude upon or harm a system or its resources.

Trojan horse

A program that disguises itself as something useful but actually harms your system; do not replicate themselves, they are not considered viruses.

ransomware

A program that locks a user's data or computer system until a ransom is paid.

virus

A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users. Viruses might damage files or systems or simply annoy users.

worm

A program that runs independently of other software and travels between computers and across networks.

DHCP snooping

A security feature on switches whereby DHCP messages on the network are checked and filtered.

Principle of least privilege

A security measure that ensures employees and contractors are only given enough access and privileges to do their jobs, and these privileges are terminated as soon as the person no longer needs them.

insider threat

A security risk associated with someone who is or was trusted by an organization, such as an employee, former employee, contractor, or other associate.

DLP (data loss prevention)

A security technique that uses software to monitor confidential data, track data access and ownership, and prevent it from being copied or transmitted off the network.

back doors

A software security flaw that can allow unauthorized users to gain access to a system.

dictionary attack

A technique in which attackers run a program that tries a combination of a known user ID and, for a password, every word in a dictionary to attempt to gain access to a network.

vulnerability scanning

A technique to identify vulnerabilities in a network, with or without malicious intent.

CCTV (closed-circuit TV)

A video surveillance system that monitors activity in secured areas.

privileged user account

An administrative account on a device or network that gives high-level permissions to change configurations or access data.

security audit

An assessment of an organization's security vulnerabilities performed by an accredited network security firm.

posture assessment

An assessment of an organization's security vulnerabilities.

DoS (denial-of-service) attack

An attack in which a legitimate user is unable to access normal network resources because of an attacker's intervention. Most often, this type of attack is achieved by flooding a system with so many requests for services that it can't respond to any of them.

FTP bounce

An attack in which an FTP client specifies a different host's IP address and port for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code.

ARP poisoning

An attack in which attackers use fake ARP replies to alter ARP tables in a network.

DDoS (distributed DoS) attack

An attack in which multiple hosts simultaneously flood a target host with traffic, rendering the target unable to function.

amplified DRDoS attack

An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, LDAP, and SNMP lend themselves to being used in these kinds of attacks.

PDoS (permanent DoS) attack

An attack on a device that attempts to alter the device's management interface to the point where the device is irreparable.

deauth (deauthentication) attack

An attack on a wireless network in which the attacker sends faked deauthentication frames to the AP, the client, or both (or as a broadcast to the whole wireless network) to trigger the deauthentication process and knock one or more clients off the wireless network.

DNS poisoning

An attack that alters DNS records on a DNS server, thereby redirecting Internet traffic from a legitimate web server to a phishing website.

MitM (man-in-the-middle) attack

An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit.

smart cards

An electronic access badge.

spoofing attack

MAC addresses can be impersonated in an attack

device hardening

Preventive measures that can be taken to secure a device from network- or software-supported attacks.

Tamper detection

Sensors that can detect physical penetration, temperature extremes, input voltage variations, input frequency variations, or certain kinds of radiation.

MDM (mobile device management)

Software that automatically handles the process of configuring wireless clients for network access.

port scanner

Software that searches a server, switch, router, or other device for open ports, which can be vulnerable to attack.

stealth

Some malware disguises itself as legitimate programs or replaces part of a legitimate program's code with destructive code.

time dependence

Some malware is programmed to activate on a particular date. This type of malware can remain dormant and harmless until its activation date arrives.

Motion detection

Technology that triggers an alarm when it detects movement within its field of view.

social engineering

The act of manipulating social relationships to circumvent network security measures and gain access to a system.

BYOD (bring your own device)

The practice of allowing people to bring their smartphones, laptops, or other technology into a facility for the purpose of performing work or school responsibilities.

Hashing

The transformation of data through an algorithm that generally reduces the amount of space needed for the data. It is mostly used to ensure data integrity—that is, to verify the data has not been altered.

Metasploit

This popular penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes.

biometrics

Unique physical characteristics of an individual, such as the color patterns in his iris or the geometry of his hand.

polymorphism

changes its characteristics (such as the arrangement of bytes, size, and internal instructions) every time it's transferred to a new system, making it harder to identify.

Nmap

designed to scan large networks quickly and provide information about a network and its hosts.

proximity card

do not require direct contact with a proximity reader in order to be detected; typical range of about 5-10 cm, the card can be detected even while it's still inside a wallet or purse, or it can be incorporated or duplicated in a key fob.

Nessus

performs even more sophisticated vulnerability scans than Nmap; can identify unencrypted, sensitive data, such as credit card numbers, saved on your network's hosts.

Unauthenticated scan

the attacker begins on the perimeter of the network, looking for vulnerabilities that do not require trusted user privileges.

authenticated scan

the attacker is given the same access to the network as a trusted user would have, such as an employee or an intruder who has somehow hacked into a user's account.

red team-blue team exercise

the red team conducts the attack, and the blue team attempts to defend the network.

encryption

to prevent detection. Most anti-malware software searches files for a recognizable string of characters that identify the virus. However, it can thwart the anti-malware program's attempts to detect it.