Cybersecurity Ch. 9+10 Review

Layer 2 Tunneling Protocol (L2TP)

tunneling protocol created by Cisco and provides more security than PPTP, but is not as fast

Point-to-Point Protocol (PPTP)

tunneling protocol that provides data confidentiality in the form of encryption, but does not support integrity

Secure Socket Tunneling Protocol (SSTP)

tunneling protocol that provides support for traffic over an SSL 3.0-encrypted connection

Traveling around searching for Wi-Fi networks is called _____.

wardriving

Which technology can detect interference with weather/military transmissions & shift the wireless frequency of a device?

DFS.

Which authentication protocol would be used by a user on a Windows computer with a username and password on a VPN?

MS-CHAP.

Network Design Techniques

DMZs are created by developing borders between the different networks using firewalls. Type of traffic and hosts that enter DMZ are filtered with the public-facing firewall. Another firewall borders the DMZ and company private network.

Unencrypted

Offers no protection at all, May be a business need (ex: business provides free Wi-Fi), Proper security policies must still be enacted for wireless network

Which of these statements about protecting routers is not a best practice?

Only update routers with security patches, not enhancement patches.

VPN Authentication

Password Authentication Protocol (PAP), Challenge Handshake, Authentication Protocol (CHAP), MS-CHAP, Extensible Authentication Protocol (EAP).

Long-Term Evolution (LTE)

Path used to provide 4G speeds, 5G expected to be deployed starting 2020.

Which term identifies network activity that deviates from normal activity?

Anomaly.

Wireless devices can be manually configured to attach to a wireless network.

Another option is Wi-Fi-protected setup (WPS) -PIN method:user enters PIN on router that is located on new device, Push method: user pushes button on new device and AP; devices discover each other.

Agent

software or code that searches for vulnerabilities in the client

Satellite communication (SATCOM)

space-based wireless network in which an orbital satellite provides the connection to the host. Used for many purposes. Satellite services can cover entire globe using multiple frequencies. ITU assigns radio frequencies. Most used are C, L, and Ku bands.

DNS local cache

temporary storage location on the local computer

Internet Key Exchange Protocol version 2 (IKEv2)

tunneling protocol that uses the IPSEC tunneling protocol over UDP on port 500.

Ad-hoc networking occurs when ____.

two devices communicate directly with each other.

Cellular network

type of wireless network in which transmissions are distributed over groups of geographic areas. Transmits data from multiple transmitters called base stations. Each base station is given a portion of the overall bandwidth

USB

user employs USB flash drive with data to copy information between devices

Enterprise Wi-Fi

users do not need to be given a passphrase for wireless access. Authenticated through their network login names and passwords. Access points pass the credentials and information between the client and authenticating server

Wired Equivalent Privacy (WEP)

very outdated encryption protocol for routers used with older, legacy wireless equipment

Attenuation

weakening of signal over distance from the access point

Captive portal

web page that the user is forced to view before being granted further network access

Piggybacking

when a user gains access to a wireless network without permission

DNS poisoning

when a valid DNS name is redirected to another site that is likely malicious

Data leakage

when data are intercepted and stolen. Intrusion-detection or packet-sniffing software can detect vulnerabilities. Ethical issue: personal information may be read by personnel. Benefits outweigh privacy concerns. If data is not protected, hackers will try to access it.

Bluejacking

when somebody sends an unsolicited message via Bluetooth, such as an advertisement

GETMAC command

will display MAC addresses embedded into the hardware of network commands in the Physical Address Column

Basic service set (BSS)

wireless network with a single access point

Extended service set (ESS)

wireless network with multiple APs

Wi-Fi

wireless networking technology that uses radio waves instead of wires or fiber optic cable. Runs on unlicensed bands of the radio frequency (RF) spectrum. Defined by IEEE 802.11 standard

A _____ is a device that allows connections to a wireless network and can send data to another network.

wireless router

In an enterprise Wi-Fi environment, the authentication server is usually ____.

A RADIUS Server.

Which channels do not overlap in a 2.4 GHz wireless network?

1, 6, and 11

MAC Address Format

12-digit hexadecimal number. Two numbers (an octet) separated by a hyphen/dash (-) or a colon (:). Consists of six octets. First three octets represent the organizationally unique identifier (OUI). Second three represent a unique address within the vendor's identifier.

Which of the following channels can overlap with another channel in the 2.4ghz frequency?

5.

What is a dead spot when discussing a wireless network?

A location in a business without access to Wi-Fi.

Which are the two methods that update a client's local DNS cache? (Choose 2)

A user requests a domain name, and it is resolved. Entries are made into the local host file that prepopulates the local cache.

Which of these is true about a rogue access point?

A wireless site survey could help find this potential threat.

____ is the weakening of a signal over distance from the access point.

Attenuation.

Landing Target Page

Can be used for marketing purposes, Educate users about acceptable use and terms of access, Collect payment for the service, Legal protection.

Before using Wi-Fi, there is a page where you must accept the AUP before you continue. This page is called a(n) _

Captive Portal.

Cellular Wireless Basics

Cellular networks operate in licenses areas of RF spectrum. Mobile carriers cannot transmit or receive data using the same frequencies in a given market. FCC tasked with trying to free up additional spectrum

Routers are not immune to flaws

Change default SSID and password information. Ensure firmware is up to date. Change security settings from default. Replace older routers with new models.

List the two most important steps in securing a router.

Changing default SSID and password information.

In an enterprise Wi-Fi environment, the supplicant is the ____.

Client trying to connect to Wi-Fi.

Options for securing switches

Configure switches so ports can only access specific MAC addresses. Configure access lists to control traffic in the switch. Establish secure passwords for console and remote access. Ensure switches are configured with options such as Spanning Tree protocol.

Routers manage traffic using Access Control Lists (ACLs)

Control what is allowed on the subnet, Security concern: IP spoofing, ACL can be configured to block any inbound traffic that originates from inside the network.

____ is a VPN tunneling protocol that uses SSL to encrypt the data.

SSTP.

Which configurations allow you to limit hosts and other devices in the network? (Choose 2)

DMZ, VLAN.

Bluetooth is a form of wireless networking

Devices must be physically much closer to each other to communicate

Wi-Fi Basics

Devices on a wireless network communicate through access points.

Other Peripheral Vulnerabilities

Devices that access wireless networks pose vulnerabilities-Wireless keyboard or mouse, Cameras, printers, microSD cards

Which is a true statement regarding cellular networks?

Different mobile carriers can't transmit in the same RF spectrum.

Which type of signal can disconnect a user from a wireless network?

Disassociation.

A configuration based on the IEEE 802.1X standard is known as which wireless concept?

Enterprise WiFi

Intranet

Essentially a private Internet environment for internal use only. Provides a secured environment for forms, information, and portals to other tools

A hacker has placed a router in a business using the same SSID as the business's wireless access point. What type of attack is this?

Evil twin or man-in-the-middle

Extranet

Extension of an intranet where specific third-party users can be allowed access to a secured intranet. Ex: vendor or partner needs to access company data

Which governmental agency manages the radio spectrum?

FCC

4G

G: generation, Specifications provided by International Telecommunication Union (ITU)

Keysniffer

Hack carried out with what looks like a USB charging device, Sniffs keystrokes and allows hackers to inject commands or steal information

Signatures

IDS identifies traffic or actions different from current known examples. Signatures are stored and must be frequently updated for comparison

Things to protect a system from DNS poisoning

Install antimalware programs on clients to help prevent DNS cache hijacking, If using Microsoft Server, store DNS database in Active Directory for additional security, Limit who has privileges to configure DNS environment and records. Consider not hosting local DNS client cache.

A private Internet for employees in a company is called a(n) ____.

Intranet.

Which of the following is true regarding a persistent agent that checks for vulnerabilities in a NAC environment?

It includes antimalware programs that are always running.

Tunneling protocol developed by Cisco to support confidentiality, integrity, and availability

L2TP.

Security best-practice notifications can be displayed on routers with a(n) ____.

Message of the day/MOTD.

MS-CHAP

Microsoft's version of CHAP, Challenge includes a session ID, Response from client includes session ID, user name, and user password.

Network Access Protection (NAP)

Microsoft's version of an NAC solution

Intrusion-detection system (IDS)

Monitors the system and sends an alert if there is a problem. Host Intrusion Detection System (HIDS). Network Intrusion Detection System (NIDS).

Another method of VLAN creation is using the host's MAC address

More secure than assigning by port, VLAN assignment can be physically changed, Does not affect traffic.

The range of ____ is very small.

NFC.

Extensible Authentication Protocol (EAP)

Needed to transport additional authentication data. Framework for transporting protocols

VPN

Needs of remote users need to be considered, but so does security

Anomalies

Network activity is collected. Establishes a baseline of normal activity. Remind users about security access and responsibilities with router banner.

Minimal Protection

Organization may choose to have protection that is not the strongest option available. Often done to support legacy equipment. Minimal protection is often easily breakable

Authentication protocol that fully encloses EAP and works with the TLS protocol

PEAP.

VPN Protocol

Point-to-Point Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Socket Tunneling Protocol (SSTP), Internet Key Exchange Protocol version 2 (IKEPv2). Key elements of IPSEC include-AH (authentication header), ESP (encapsulating security payload). Tunnel mode encrypts IP headers of original packet. Transport mode only encrypts data and ESP information

Several steps to keep routers safe

Regularly patch all router firmware and router's operating system, Secure routers with strong passwords, Back up all router configuration information, Ensure that only traffic that should be on subnet is allowed. Remind users about security access and responsibilities with router banner. Check for firmware updates and install only manufacturer patches.

A _ attack is a of a MITM attack and occurs when the hacker can nab login credentials and redeploy them at another time.

Replay.

Local DNS cache or DNS resolver cache is populated two ways

Requests made at the client and Entries in the local hosts file, Located c:\windows\system32\drivers\etc\hosts in Windows, Located /etc/hosts in Linux, Does not contain any information other than comments, Automatically loads in local DNS cache when operating system starts.

Which command syntax displays the local routing table on a computer?

Route Print.

Protecting Network Routers

Routers are an integral part of networking environment. Without them, data would be limited to traveling the local subnet. Play an active role in moving traffic and scanning the network. Must be protected against network hacks.

Which software agent runs on a client to verify if the client meets the standards for accessing a network?

SHA.

Which of the following terms refers to the name of the wireless network?

SSID.

Encryption

Security administrator must balance needs against protection. Three basic choices when protecting data on wireless network. Leave the network unencrypted. Offer minimal protection. Set standards at the highest possible standard

Demilitarized zone (DMZ)

Segment of a network that allows some public access and borders the private network where the public access is blocked

An ARP address that is permanently assigned to a table is called a ____ address.

Static.

A VLAN is created on a network ____.

Switch.

What is the primary purpose of a VPN?

To ensure data transmissions are encrypted over public networks.

CTIA

Trade association representing the wireless-communication industry, Supports wireless manufacturers and cellular carriers.

Behavior

Traffic or actions are examined to see if they are normal. Something not considered normal will be flagged as a potential risk.

Steps to take to protect Bluetooth devices and data

Turn off Bluetooth when not in use, User should be extra vigilant in public, crowded areas where the risk of data interception is high, Use security measures offered on the device

Setup

Typically runs in infrastructure-mode. Devices must send data to central device before moving on to destination. Requires specific hardware- Access point (AP), Wireless router, Wireless NIC, Wireless client (STA).

When using L2TP with Internet key exchange traffic, ____ must allow inbound traffic.

UDP port 500.

A ____ allows VLANS to be further secured by filtering traffic within the VLAN.

VACL.

With ____, the user does not need to provide any configuration information to connect a device.

WPS.

A wireless technique in which individuals search for open wireless networks is called ____.

Wardriving.

Which of the following does not use the 2.4ghz frequency?

Weather Stations.

Which of the following server types would likely be placed in a demilitarized zone? (Choose 2)

Web Server, FTP Server.

Recommendations

Wireless networks must meet the needs of intended audience but also be as secure as possible. Examples of best practices-Implement strong encryption, Change default settings, Limit the availability of the wireless network to posted working hours, Run scripts or other automated tools to discover potential unencrypted data or unauthorized access points, Use MAC filtering to prohibit access by unapproved devices or disable DHCP so devices must receive a static IP address for access. Set up a captive portal with a security agreement and policy statement before allowing access to the wireless network. Require confidentiality agreements from security staff. Restrict the websites that can be accessed via wireless networks. Create strong policies that clearly state acceptable use for users and security staff. Require administrators on the wireless network to hold industry certification, such as Certified Wireless Security Professional (CWSP), and to keep it current. Have clear procedures for reporting lost or stolen equipment. Do not allow use of older devices that do not support the latest in encryption technologies.

Interference

Wireless signals are impacted by many things- Surroundings, Configuration power capability, Nearby objects and antennae. Routers transmit power measured in two scales: milliwatt (mW) and decibel-milliwatt (dBm). Antenna may be omnidirectional or unidirectional. Less interference with unidirectional, but often not flexible enough for communication between transmitter and receiver

Wireless signal Basics

Wireless signals transmit on unlicensed frequencies. 802.11 workgroup uses five different frequency ranges- 2.4 GHz, 3.6 GHz, 4.9 GHz, 5.0 GHz, 5.9 GHz.

Review of Wireless Technologies

Wireless technology allows employees to work from anywhere, Increased productivity, Schools are adopting tablets, laptops, and Chromebooks in classes.

Authenticator

access point.

Wardriving

act of driving around trying to identify wireless networks. Network names, signal frequencies, and security encryption used. Can be done by walking, driving, and drones

Censorship

act of limiting access to information or removing information to prevent it from being seen

Honeynet

decoy network consisting of two or more honeypots

Honeypot

decoy server set up to attract hackers

Protected EAP (PEAP)

fully encloses EAP

Jamming

intentionally interfering with wireless signals to prevent the transmission from being usable. Illegal at the state and federal level. Jammers: RF transmitters that block or scramble other RF signals. Interferes with all signals

Which command syntax allows you to view the local DNS cache on a Windows system?

ipconfig /displaydns.

Password Authentication Protocol (PAP)

legacy protocol that is not encrypted and should not be used

MAC address filtering

limiting which MAC addresses are allowed to access the network

ARP poisoning

man-in-the-middle attack where a hacker intercepts an ARP request and changes its reply. Victim is pointed to hacker's computer not the real computer

Service set identifier (SSID)

name of a wireless network

Wireless NIC

network interface card used to connect the wireless network and may be integrated into a system board or can be added into a system internally or through a USB wireless NIC

Public hotspot

network open to the public

Domain Name System (DNS)

network service that resolves names on a network, such as web servers or host computer names, to their IP addresses

Which command syntax will reveal DNS resolution information?

nslookup.

Message of the day (MotD)

router banner displayed to user before log-in. Use MotD to provide information on security best practices.

Rogue router

router that is placed in a business to entice users to connect to it and thus have their credentials stolen

The coverage area of a base station in a cellular network is called

A cell.

What is the coverage area of a base station in a cellular network called?

A cell.

Which portion of the following MAC address represents the OUI? A0-E3-C1-51-E6-6B

A0-E3-C1.

The strongest possible encryption standard is _____.

AES

Security feature that authenticates the sender and determines if there are any changes to the data

AH.

Which of the following IPSEC features cannot be used if you are using NAT?

AH.

____ is a proprietary technology often used with wearable technology.

ANT.

Which protocol resolves IP addresses to MAC addresses?

ARP.

VLANs create virtual subnets

Allows the VLAN to be further secured, VLAN access control list (VACL): allows traffic to be filtered within the VLAN, Different VLANs can be configured with unique VACLs

Wireless Configuration Placement

Any device that transmits an electromagnetic signal can interfere with RF signals. Obstacles can affect signal's ability to reach destination. Weak signal may make people use less safe ways to communicate. Site surveys can also identify types of equipment in use, approximate locations of equipment, 802.11 standard used, vendor name, and MAC address. Site survey will find dead spots and indicate strength of signal beyond intended boundaries. Locate access points to provide best coverage of intended area with minimal extension out of building

A wireless network that uses a single access point is called a(n) ____.

BSS.

____ is done by blocking a computer from accessing a Wi-Fi network by using its MAC address.

Blacklisting.

What type of attack has occurred when unwanted text messages are received on your phone?

Bluejacking

Which of the following is not really an attack, but unsolicited messages, such as an advertisement?

Bluejacking.

A ____ attack could steal data from a Bluetooth-enabled smartphone.

Bluesnarfing.

Which of the following wireless-transmission types follows the 802.15 standard?

Bluetooth.

Which are two security justifications to create VLANs in a network? (Choose 2)

By limiting the hosts, the broadcasts of packets in the VLAN are also limited. Secure data would not travel on an insecure network.

____ occurs when the records are changed to point the domain name to an unauthorized IP address.

DNS poisoning.

Shared DNS Information

DNS servers get their information from other DNS servers, Validity of data is only as good as the data themselves, Corrupted DNS server can compromise unprotected systems, Ex: data retrieved from Chinese DNS servers temporarily blocked sites such as Facebook, Twitter, and YouTube.

Default Settings

Default settings are not unique or confidential, Change default settings on installation, Always use a strong password

If a user on a VPN has a fingerprint reader, the VPN connection must allow for ____.

EAP with PEAP.

Strongest Encryption

Encryption improved with introduction of Wi-Fi Protected Access (WPA). WPA has insecure versions. WPA encryption variations-TKIP,AES.

What are the first three sections of a MAC address called?

OUI

DMZs are created by developing borders with ____.

Firewalls.

Security protocol used to encrypt data traveling over computer networks using TCP/IP

IPSEC.

User Access Security

If user is connected to legitimate router, hacking tools can send disassociation signal

What happens if an Internet service provider has faulty DNS information?

It will share information to any requesting DNS server.

Which of the following best describes why an address of 0.0.0.0 would exist in a routing table?

It's a generic entry to identify all networks not specifically listed.

Reasons to set up a honeypot

Learn from hacking techniques used, Distract hackers.

LAN Security benefits

Limits the broadcast of packets to just that network , Allows traffic from different groups to be separated, Can separate voice traffic from data traffic

In a passive scanning environment, the client will ____.

Listen for a beacon from an AP.

Virtual local area network (LAN)

Logical grouping of hosts that treats them as if they were physically connected

Black listing

MAC addresses you do not want connecting to the network are filtered out and blocked from accessing the network

White listing

MAC addresses you want connecting to the network are filtered in and all other addresses are filtered out and blocked

Filtering by MAC Address

MAC filtering won't keep out a determined hacker. MAC addresses can be spoofed or faked to allow access

A ____ attack consists of a hacker poisoning the ARP table and changing the MAC address of the default gateway.

Man-in-the-middle.

Data Sniffing on Wireless Networks

Many free or open-source tools for data sniffing, Hacker may insert a rogue access point that has no encryption, When user connects to AP, requests are transmitted in clear text, Scripts developed to find unencrypted AP and alert administrators, IoT increased need for oversight of security issues on wireless networks.

Which would you place on a router to identify problems but take no action?

NIDS.

Local-Network DNS Cache

Network servers store DNS information for the local network, Also store DNS entries for websites to speed up subsequent requests.

Protecting Network Switches

Network switches manage traffic within the subnet. May be Layer 3 switches. Switches are internal to the network. May be overlooked in security configurations.

Intrusion-prevention system (IPS)

Not only detects malicious or suspicious behavior, it can take action to stop the problem. Extension of IDS. Host Intrusion Prevention System (HIPS). Network Intrusion Prevention System (NIPS). Host-based system protects the actual host where it is installed. Network-based solution scans subnet on which it is installed.

Searching for interference problems can be mitigated by ____.

Performing a site survey.

____ is when a user connects to their neighbor's Wi-Fi without permission.

Piggybacking.

Challenge Handshake Authentication Protocol (CHAP)

Protocol in which the server sends a challenge to the client after the client establishes a connection to the server. Client connection converts to value and sends to VPN server; must match server-calculated value.

Wireless router

same capability of an AP, but also adds the functionality of wireless connection to local area networks (LANs) or wide area networks (WANs)

Tunneling protocol that uses port 443 and works well with firewalls

SSTP.

WPS Setup methods

STA finds AP with active or passive scanning

Acceptable Use Policies

Set of rules that explain what is and is not allowed on the network. Employers can display an AUP on a captive portal. Public Wi-Fi usually requires user to acknowledge AUP before using service

Which is the best option for securing a wireless router?

Set up the encryption with WPA2-AES.

Which are the two configurations used with VPNs? (Choose 2)

Site to Site, Remote Access VPN.

If a hacker can edit the ____ file, the local DNS cache can be populated with invalid entries.

The Host File.

Unidirectional

send and receive from one specific direction

What is an SSID?

The name of a wireless network.

Omnidirectional

send and receive in all directions

An all-in-one security device is called a(n) ____.

UTM Appliance.

Which wireless security is most vulnerable to an initialization vector (IV) attack?

WEP (Again).

The original encryption standard for wireless networks is known as ____.

WEP.

Warchalking

act of publicly marking locations where network connections are found. Many tools available for locating networks and their settings. Hacker trick: use a high-powered antenna. Can extend physical range of network so hacker can be further away.

Initialization vector (IV)

adds random information to the key every time there is a transmission

System Health Agent (SHA)

agent that performs the self-check on the client

Site-to-site VPN

allows an organization to connect static or fixed sites to each other using the Internet as the communication platform

Near-field communication (NFC)

allows devices to communicate through electromagnetic radio fields as opposed to the radio transmissions used by Wi-Fi; user must bring new device close to AP

Remote-access VPN

allows user to connect to the network using the Internet from a remote client

Screened subnet or perimeter network

another name for a DMZ, Typically used for public-facing servers, Anything in the DMZ is exposed to the Internet.

Unified threat management (UTM)

appliance that is an all-in-one security device that allows the network to be managed from one location. Reduces number of devices that must be managed. Administrators do not have to learn how to use multiple systems. Can be a lower-cost solution. Disadvantage-single point of failure or attack.

Which command syntax reveals the local ARP cache on a Windows computer?

arp-a.

Access point (AP)

device that provides a central point of access to enable wireless devices to communicate with each other

Ad-hoc networking

devices talk directly to each other

Dual-band routers

devices that can be configured to run on multiple frequencies simultaneously

Disassociation

signal that deactivates the user from the access point. Stronger signal from evil twin will connect when device reconnects

Supplicant

computer trying to connect to the WLAN

Authoritative DNS server

controls the records in the database and provides answers that have configured by an original source

Cell

coverage provided by the base station

Wireless site survey

creates a map of the wireless signal, its strength, and its coverage. Steps can be taken in regard to placement and configuration. Should be done on frequent basis as a security measure

Service set identifier (SSID)

default network name for a router

Lightweight EAP (LEAP)

designed for wireless networking and is based on CHAP protocol

Dynamic frequency selection (DFS)

detects interference with military and weather radar and automatically shifts the frequency being used by the wireless device

VPN concentrator

device that adds support for many tunnels of traffic

Channels

each of the RF bands is subdivided into slices

Tunneling

encrypting data traveling across the remote connection with a VPN

Network access control (NAC)

environment in which standards are set that hosts must meet before they are able to connect to the network. Operating system has latest security patches installed. Antivrius signature files are up-to-date. Host firewall is turned off. Approved device.

Wireless client (STA)

fixed or mobile device that has the ability to communicate as a client using the 802.11 standard

WPA handshake

four-step authentication process used to pass information to and from the WAP and client to set up data encryption

Replay attack

hacker capturing login credentials during an initial attack, storing them, and retransmitting them at another time

Address resolution protocol (ARP)

handles the process of locating addresses in the MAC address table. Switches maintain a MAC address table. Used to map an IP address to the physical or MAC address.

Nonauthoritative DNS server

holds requests from clients for a period of time to speed up subsequent requests and does not contain copies of any domains, DNS cache can be compromised or poisoned.

Cantenna

homemade device used to amplify Wi-Fi signals

Research honeypot

honeypot set up with the intention of attracting hackers to learn from them and adjust the system.

A ____ is a decoy server set up to attract hackers.

honeypot.

If an organization's DNS server can resolve a DNS request from its own cache, the DNS server is said to be ____.

nonauthoritative.

Bluesnarfing

occurs when a hacker exploits the Bluetooth connection to steal data from a Bluetooth-enabled device

Man-in-the-middle (MITM) attack

occurs when a hacker intercepts the data transmitted between the client and the WAP. User is unaware of the attack. Hacker can gather information such as passwords and user names

Evil twin router

one that carries the same SSID as the legitimate server, but is a different ESS. Rogue router is physically placed near the target. Provides a stronger signal, so victim connects to the evil twin. Hacker can intercept and discover all data sent to and from target

What does the warchalking symbol )( mean?

open wireless network

ANT

personal area technology similar to Bluetooth that allows devices to communicate with each other wirelessly over short distances. Designed for low-bit, low-power transmissions of small packets. Used in sports, fitness, and health-care products

What is it called if you connect to Wi-Fi of a neighbor or nearby business?

piggybacking.

Dead spot

place where there is no Wi-Fi coverage from a nearby cell

Virtual private network (VPN)

provides a method to secure data traveling through other networks, such as the Internet

Consider configuring DNS Security Extensions (DNSSEC)

requires all responses from a DNS server are digitally signed to ensure they come from an authorized source.