Professor messer
FatAp
(Blank) also know as a stand alone AP, includes everything needed to connect wireless clients to a wireless network
Custom Firmware
(blank) can also root an Android.
PEAP (Protected Extensible Authentication Protocol)
(blank) is often implemented with MS-CHAPv2
identification, authentication, authorization
3 part of access control
IPSec (Internet Protocol Security)
A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption.
VPN concentrator
A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels.
third party app store
A site from which unofficial apps can be downloaded.
host-based intrusion detection system (HIDS)
A software-based application that runs on a local host computer that can detect an attack as it occurs.
EMI (electromagnetic interference)
A type of interference that may be caused by motors, power lines, televisions, copiers, fluorescent lights, or other sources of electrical activity.
WiFi protected setup (WPS)
A way to set up a secure wireless network by using a button personal identification number (PIN), or USB key to automatically configure devices to connect a network. WPS is not secure.
PEAP and EAP-TTLS
BLANK and BLANK only require certificate on the server not the clients.
COPE (Corporate Owned, Personally Enabled)
Bridges the gap by providing corporate owned resources that employees can use for personal tasks.
TACACS+
CISCO alternative to RADIUS. encrypts the entire authentication process and supports multiple challenges and responses. also uses TCP
PaaS (Platform as a Service)
Cloud-based virtual server(s). These virtualized platforms give programmers tools needed to deploy, administer, and maintain a Web application.
VDI (Virtual Desktop Infrastructure)
Company provides a "thin client" to the user where the desktop resides on a centralized server.
logic bomb
Computer virus triggered by the appearance or disappearance of specified data. executes in the response to an event. usually created by someone after they have left a company such as let go, or fired.
shoulder surfing
Gaining compromising information through observation (as in looking over someone's shoulder) or using cameras.
RSA
HSM generates and stores (blank) encryption keys and can be integrated with servers to provide hardware based encryption.
443
HTTPS encrypts HTTP traffic in transits and uses port
HTTP
HTTPS uses port (blank) for web traffic.
STP or RSTP
Helps prevent switching loops.
SCADA
IDS and IPS can also protect internal private networks such as
143
IMAP4 uses TCP port
authentication header AH
IPsec provides authentication with an ()
Iaas
Infrastructure as a Service. A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers.
hybrid cloud
Integrates one cloud service with other cloud services
389
LDAP uses TCP port
636
LDAPS uses TCP port
tracert
List the routes between two routers
Dumpster divers
Look through trash to try and find valuable information.
MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)
Microsofts improvements over CHAP. Provides mutual authentication.
omnidirectional antennas
Most WAPS have
Unified Threat Management (UTM)
Network hardware that provides multiple security functions. Typically raise alerts and send them to an administrator.
110
POP recives email using TCP
Change Management
Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.
rootkits
Programs that allow hackers to gain access to your computer and take almost complete control of it without your knowledge.(Take Root control) These programs are designed to subvert normal login procedures to a computer and to hide their operations from normal detection methods.
Private Cloud
Provides cloud services to a single organization
3389
RDP uses TCP port
remote wipe
Remotely erases all contacts, email, photos, and other data from a device to protect your privacy.
web based applications
SAML provides SSO for
25
SMTP sends email using TCP port
161 and 162
SNMP uses UDP ports (blank) and Blank
993(legacy), 143
Secure IMAP uses TCS on port (Blank) or with STARTLS on port (blank)
995(legacy), 110
Secure POP uses TCS on port (Blank) or with STARTLS on port (blank)
SaaS (Software as a Service)
Services for delivering and providing access to software remotely as a web-based service
ipconfig/displaydns
Shows the contents of a DNS cache
Anti-spam software
Software designed to detect and block spam that has been sent to a computer.
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it.
iptables or xtables
Some Linux or other networks use (blank) or (blank) for firewall capabilities.
TLS (Transport Layer Security)
Some VPNS use (blank) to encrypt traffic within the VPN tunnel.
hacktivist
Someone who uses computers and computer networks to disrupt services or share secret information in an effort to draw attention to political or social issues.
FDE (Full Disk Encryption)
Systems which encrypt everything stored on the drive (the operating system, application programs, data, temporary files, and so forth) automatically without any user interaction.
EAP-TLS
The most secure EAP method is (blank). It requires a certificate on the server and on each wireless client.
BYOD (bring your own device)
The practice of allowing users to use their own personal devices to connect to an organizational network.
application blacklisting
The practice of preventing undesirable programs from running on a computer, computer network, or mobile device.
hypervisor
The software that creates, runs, and manages the VM is the
data exfiltration
The unauthorized transfer of data outside an organization.
Geofencing
The use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area.
ipconfig/all
This command includes TCP/IP configuration,MAC address,DNS< and DHCP if a client of one.
principal
This is a typical user. The user logs on once, if necessary it request a identity from the identity provider.
tethering
Transforms a smartphone or Internet-capable tablet into a portable communications device that shares its Internet access with other computers and devices wirelessly
Tailgating
When an unauthorized individual enters a restricted-access building by following an authorized user.
TKIP (Temporal Key Integrity Protocol), or a CCMP
WiFi Protected Access (WPA) can use (blank) or (blank), however both have been deprecated. second choice is better.
false rejection
a biometeric system incorrectly rejects an authorized user.
Thin Ap
a controller based AP, a controller configures and manages the AP
DMZ
a layer of protection for servers that are accessible from the internet.
airgap
a metaphor for a physical isolation, indicating a systems network is completely isolated from another system or network.
sideloading
a method of downloading Android apps from the Internet without using the official Android Market
role BAC
a model used on job and functions or an individuals task at work.
spear phishing
a phishing expedition in which the emails are carefully designed to target a particular person or organization
Vishing
a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information. Often us (VOIP)
matrix
a planning document that matches the roles with the required privileges
jailbreaking
a process to break through the restrictions that only allow apps to an iOS device to be downloaded from the iTunes Store at itunes.apple.com. Gives the user root or administrative privileges to the operating system and the entire file system and complete access to all commands and features.
HSM (Hardware Security Module)
a removable or external device used for encryption.
Evil Twin Attack
a rogue wireless access point with the same SSID as a legitimate access point.
worm
a self-replicating program able to propagate itself across a network without user intervention.
transparent proxy
accepts and forwards request without altering them.
reverse proxy
accepts traffic from the internet and forwards it to one or more internal web servers.
non-persistent virtual desktop
all users login using the same virtual desktop. it can be modified at the time of use, however after use the desktops reverts back to the known snapshot
SSL decryptors
allow an origination to inspect traffic, even when it is using SSL or TLS.
audit trial
allows security professionals to re-create the events that led up to a security incident.
out band
an IDS is (blank)
intarnet
an internal network, communicate and share information from within the network.
Shibboleth
an open source federated identity solution that includes open SAML libraries.
rouge access point
an unauthorized access point placed in a wireless network.
ACLs
antispoofing is implemented with
Oauth and Open ID Connect
applications that help streamline the authentication process, such as pay pal.
Honeypots/Honeynets
are individual computers created as a trap for intruders. they look and act like legitimate computers but do not host real data. usually configured with vulnerabilities in order to lure attackers to it. Also used to observe current attack methods and strategies.
On-premises clouds
are owned and maintained by an organization. Usually know as private cloud computing.
initialization vector IV
attack attempts to discover the IV and use it to discover the passphrase.
Near Field Communication
attack uses an NFC reader to read data from mobile devices.
spoofing
attackers discovering authorized MAC addresses and using them.
detective controls
attempt to detect incidents after they occur
preventative control
attempt to prevent an incident before it occures.
Flood guards
block MAC flood addresses
root of trust
can be described as the concept of trust in a system, software, or data. It is the most common form of attestation and provides a basic set of functions that care always trusted by the operating system. Attestation means that you are validation something as true. A root of trust can be designed as hardware based, or hybrid. The Trusted Platform Module (TPM) is on of the most common.
common acess cards CAC, Personal identity verification PIV
can be used as photo IDS and smart cards. both identification and authentication.
WPS attack
can discover the PIN in hours. Then it can use the PIN to find out the passphrase
Cloud base DLP
can enforce security polices for any data stored in the cloud
chmod command
change permission on Linux system.
identification
claims their identity with something like a username or email address.
nslookup and dig
command lines use to query DNS
FTP
commonly used to transfer files over network, but does not encrypt data.
routers
connect networks and direct traffic based on destination IP addresses.
Wireless Access Points (AP)
connect wireless clients to a wired network.
aggregation switch
connects multiple switches together in a network.
technical
controls that use technology
stateless firewall
controls traffic based between networks using rules within an acl. can block traffic based on ports, IP addresses, subnets, and some protocols.
physical
controls you can physically touch
TOTP (Time-Based One-Time Password)
creates a one time password that expires after 30 seconds.
chroot command
creates virtual sandboxes on Linux systems.
identity provider
creates, maintains, manages, identity information for principles
smart cards
credit card sized cards that have embedded certificates used for authentication. Require PKI to issue certificates.
TLS/SSL accelerators
dedicated hardware devices that handle Transport layer security TLS traffic.
maximum password age
defines when a user must change their password name. usually a given time like 45 days
network-based IDS NIDS
detects attacks on networks
integrity measurement tools
detects when an image deviates from its baseline.
deterrent controls
discourage individuals from causing an incident
water holing
discovers sites that target groups trust. They modify these sites to DL malware. Then lure these individuals to this site.
tokens or key fobs
display numbers in LCD. provide rolling one time use passwords that are verified and sync with a server.
open mode
doesnt use a PSK or 802.1x server. Many hotspots use this when providing free wifi to clients.
persistent virtual desktop
each user has a custom desktop interface which they cant utilize
ifconfig etho allmulti
enables multicast mode on the NIC. This allows the interface to receive all multicast traffic. By default it only accepts multicast traffic from groups that it has joined.
if config eth0 promisc.
enables promiscuous mode on the first Ethernet interface. This mode allows the interface to process all traffic it receives.
TLS (Transport Layer Security)
encrypt data in transit
Encapsulation Security Payload (ESP)
encrypts VPN traffic and provides confidentiality, integrity, and authentication.
Full Tunnel
encrypts all traffic once a user has connected to the VPN
Ipsec tunnel mode
encrypts the entire ip packet used in the internal network.
LDAPS
encrypts transmissions with TLS or SSL
patch management
ensure operating systems and applications are kept up to date.
service provider
entity that provides services to principals
ipconfig/flushdns
erases the contents of a DNS cache
DAC model
every object has an owner and that owner has explicit control over that object.
screen lock
features: putting a lock on a screen after the device times out
stateful firewall
filter traffic based on the state of a packet within the session.
networkbased firewalls
filter traffic in and out of a network. They are placed at the border of the network, such as between the internet and internal network.
Host based fire walls (application based)
filter traffic out of an individual host
jamming attack
floods a wireless frequency with noise, blocking wireless traffic.
Forward proxy servers
forward request for servers from a client. It can cache content and record users internet activity,
something you do
gestures on a touch screen
need to know
granted only access to data and information needed to do their job. (permission)
Social Engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
VM sprawl
happens when an organization has many VMs that arent managed correctly
DLP (data loss prevention)
help prevent data lose. Can block the use of USB and analyze outgoing email.
mantraps
help prevent tailgating
embedded certificate
holds the users private key and is matched with a public key. The private key is used each time the user logs onto the network.
account lockout duration
how long an account will be locked out for
minimum password age
how long the user must wait before changing their password again.
hashing,digital signatures, non-repudiation
how to provide integrity
Group Policy
implemented on a domain controller within a domain.
SED (self-encrypting drives)
includes hardware and software necessary to automatically encrypt a drive.
Open Source Intelligence
including any information available via websites and social media.
false positive
incorrectly raises an alert indicating there is an attack when there is none.
availability
indicates data and services are available when needed.
intrusion detection system IDS, intrusion prevention system IPS
inspect traffic using the same functionality as a protocol analyzer.
SoC (System on a Chip)
integrated system circuit that includes a full system.
kerberos
is a network authentication protocol using tickets issued by a TGT or KDC server. Tickets expire which cause for a higher level of security
Least Privilege
is a technical control. it specifies that individuals only granted access to the rights (actions) and permissions (information) needed to perform their task.
SAML (Security Assertion Markup Language)
is an XML-based standard use to exchange authentication and authorization between different parties.
VM escape
is an attack that allows the attacker to access the host system from within the virtual system
organized crime
is an enterprise that employees a group of individuals working together in criminal activities. usually motivated by money.
Rule Based Access Control (RBAC)
is based on a set of instructions. some use rules that trigger in a response to an event like ACL.
CHAP (Challenge Handshake Authentication Protocol)
is more secure than PAP and used three way handshake to authenticate clients.
rooting
jailbreaking an Android. Provides the user with root level access.
permanet NAC agent
known as a persistent NAC agent, it is installed on the client and stays with the client,
port security
limiting the number of MAC addresses per port and also disabling unused ports. You can also map specific MAC address to each port.
Mail gateways
logically placed between an email server and the internet. They can examine and analyze emails to block spam. Many include data loss prevention and encryption methods.
virus
malicious code that attaches itself to a host application. The code runs with the application is launched.
RAT (Remote Access Trojan)
malware that arrives in a trojan disguised as legitimate software and sets up a secret communication link to a hacker for remote use.
account lookout threshold
maximum number of times a wrong password can be entered.
hoax
message, often circulated through email. Tells of impending doom from a virus or security threat that doesnt exist.
Obfuscation
method to make something unclear or difficult to understand.
ABAC model
model uses attributes defined in polices to grant access and resources.
nontransparent proxy
modify or filter requests,such as filtering traffic based on destination URL.
enterprise mode
more secure than personal mode because it adds authentication. It uses an 802.1x authentication server implemented as a RADIUS server.
drive-by download
often attempt to infect systems with Trojans.
IPSec transport mode
only encrypts payload and is commonly used in private networks, but not with VPNS
split tunnel
only encrypts traffic destined for the VPNs private network.
HOTP (HMAC-based one-time password)
open source slandered used to create a one time password. Creates a one time password that does not expire.
guest
operating systems running on the host system are
compensating controls
other controls used when primary controls are not feasible
extranet
part of the network that can be accessed by authorized entities from outside the network.
steganography
practice of hiding data within data.
hardening
practice of making a system more secure than its default config.
Bluejacking
practice of sending unsolicited messages to a phone.
antispoofing
prevent ip address spoofing
disabling unused ports.
prevent unauthorized users form accessing unused ports, also known as port security.
Time of Day Restrictions
prevents users from logging on at specific times.
encryption and strong access control
primary method of protecting data is (blank) and (Blank)
public cloud
promotes massive, global, and industry-wide applications offered to the general public. Provided by third-party companies.
LEAP lightweight EAP
propriety to CISCO and does not require a certificate.
web application firewall WAF
protects a web server against web application attacks. It is typically placed in the DMZ and will alert administrators of events.
RTP and SRTP
protocols used for vocie and video include
vlans
provide increased segmentation of user computers.
SNMPv3
provide secure management of routers
backdoors
provides another way of accessing a system. often gives remote access to a system.
Radius
provides centeral authentiation for multiple remote access services. It relies on the use of shared secretes and only encrypts the password during authentication process. uses UDP
federation
provides central authentication in a non-homogeneous environment.
DNS
provides domain name resolutions
SRTP
provides encryption, message authentication, and integrity for RTP
SRTP - Secure Real Time Protocol
provides encryption, message authentication, for VoIP and other streaming media applications.
integrity
provides insurance that information has not been tampered with.
8021.x server
provides strong port security using port based-authentication. Helps to prevent rouge servers.
Network Time Protocol (NTP)
provides time sync services
DNSSEC
provides validation for DNS responses and helps prevent DNS posing attacks.
snapshot
provides you with a copy of the VM at that moment in time, which can be used as a backup.
Crypto-malware
ransomware that encrypts the user's data
SSO (Single Sign-On)
refers to the ability of a user to login on or access multiple systems by providing credentials only once.
heuristic based or behavioral based IDS
requires a base line and detects attacks based on abnormalities or when traffic is outside expected boundaries.
arp
resolves ip addresses to MAC addresses and stores the result in the cache
location based policies
restrict access based on the location of the user. This can be for specific IP address and MAC address.
DMZ
reverse proxy is placed in (blank) and the web servers can be in the internal network.
corrective controls
reverse the impact of an incident
ACLs
routers provide logical separation and segmentation using (Blank) to control traffic.
type 2 hypervisors
run as software within a host operating system
Type 1 hypervisors
run directly on the systems hardware, also know as bare-metal hypervisors.
Container Virtualization
runs within cells or containers and does not have its own kernel
antivirus software
scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware
SMTP (Simple Mail Transfer Protocol)
secure transfer of emails.
FTPS, SFTP, SSH, SSL,TSL
several encryption protocols for FTP. data encryption
ipconfig
shows basic info about the NIC, such as IP address, subnet mask, default gateway[y
ifconfig eth0
shows the configuration of the first Ethernet on a Linaux system.
IPS (Intrusion Prevention System)
similar to an active IDS except that it is placed inline with the traffic (also known as in-band) and can stop attacks before they reach the internal network.
something you have
smart card, PIV, CaC, or token
spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
CASB (Cloud Access Security Broker)
software tool or service that is deployed between a organizations network and cloud provider. It monitors all network traffic and can enforce security policies.
something you know
something like a username or password, pin, least secure
LDAP
specifies formats and methods to query directories. Provides a single point of management for objects like computers or users in an Active Directory Domain
credential management system
store and simplify the use of credentials for users. Such as remembering password for emails etc.
reversible encryption
stores the password in such a way that the original password can be discovered.
APT (Advanced Persistent Threat)
targeted attack against a network. A group has the ability to launch a sophisticated and targeted attack. They are sponsored by a nation-state and have large funds.
host
the phyical system hosting the VM
cloud computing
the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.
directional antenna
these antennas have narrow beams but longer ranges.
Radio Frequency Identification (RFID)
these attacks include eavesdropping, replay, and Dos.
IoT (Internet of Things)
things like devices you can wear or home automated devices.
authorization
this is given once authentication has been proven by the user.
accounting
track users activity and record their activity in logs. this provides
NAT
translates pulbic IP address to private,private back to public, and hides internal IP addresses from the public.
ad hoc wireless network
two or more devices connected together without an AP
implicit deny
unless something is implicitly allowed, then it is denied.
spam
unwanted e-mail (usually of a commercial nature sent out in bulk)
administrative
use administrative or management controls.
script kitties
use existing computer scripts or codes to launch attacks. Little experience and funding.
MAC filtering
used to restrict access to wireless networks
Remote Access Authentication
used when a user accesses a private network from a remote location, such as with a dial-up connection or a VPN connection
authentication
user proves their identity with something like a password.
geolocation
uses GPS to identify a devices location.
Diameter
uses TCP, encrypts the entire authentication process and supports many additional capabilities
personal mode
uses a pre-shard key (PSK). IT is easy to implant and used in many small wireless networks.
MAC model
uses sensitivity labels for users and data. commonly used on a need to know basis.
a signature based IDS or IPS
uses signatures to detect know attacks or vulnerabilities
software defined network SDN
uses virtualization tech to route traffic instead of hardware (routers, switches). It seperates data and control planes.
something you are
using biometerics such as fingerprint scanner, eye reader
somewhere you are
using geolocation, mac address, computer id
Insiders
usually employees of the company. have legitimate access to an organizations internal resources. Sometimes become malicious of greed or revenge.
EAP-FAST
was created to replace LEAP
false acceptance
when a bio-metric system incorrectly identifies an unauthorized user as a correct user.
false negative
when an attack is active, but not reported
Geo-tagging
Adding or allowing geographical identification data in a mobile app like pictures on a phone.
telnet, SSH, RDP
Admininstartors can use (blank 3) to connect to remote devices
community cloud
Allows cloud services to be shared by several organizations
USB OTG- USB on the go
Allows you to connect mobile devices
LDAP LDAPS
Also used in additon to kerberos in directory services solutions.
Disassociation attack
An attack that removes wireless clients from a wireless network, forcing it to re-authenticate.
phishing attack
An attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking e-mail.
bot herder
An attacker who controls a botnet.
captive portal AP
An infrastructure that is used on pubic access WLANs to provide a higher degree of security. You have to acknowledge a policy or pay to use the service.
embedded system
An operating system that combines processors and software in a device.
PAP (Password Authentication Protocol)
A remote-access authentication method that sends client IDs and passwords as cleartext also uses PINS
DEP (Data Execution Prevention)
A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region. Highest purpose is to stop malware.
EMP (electromagnetic pulse)
A burst of electromagnetic radiation from an explosion. An EMP pulse can damage electronic equipment.
TPM (Trusted Platform Module)
A chip on a motherboard that holds an encryption key required at startup to access encrypted data on the hard drive. includes full disk encryption, a secure boot process, and supports remote attestation.
master image
A copy of a properly configured and secured computer software system that can be replicated to other computers. Usually have baselines for a secure starting point.
sandboxing
A form of software virtualization that lets programs and processes run in their own isolated virtual environment. Used for security and testing purposes.
MDM (mobile device management)
A formalized structure that enables an organization to account for all the different types of devices used to process, store, transmit, and receive organizational data.
NAC (Network Access Control)
A group of technologies used to inspect network clients prior to granting network access.Can redirect unhealthy clients to a remediation network.
botnet
A logical computer network of zombies under the control of an attacker. They use malware to connect computers to (Blank)
application white listing
A method of restricting users to specific applications.
dissolvable NAC agent
A network access control (NAC) agent that disappears after reporting information to the NAC device. Usually employee on employee owned mobile devices.
Service Set Identifier (SSID)
A network name that wireless routers use to identify themselves.
wireless replay attack
A passive attack in which the attacker captures transmitted wire-less data, records it, modifies it, and then impersonates one of the parties by replaying the data.
whaling
A phishing attack that targets only high-end individuals.
least functionality
A principle in which a user is given the minimum set of permissions required to perform necessary tasks.
VPN (Virtual Private Network)
A private network that is configured within a public network such as the Internet
Bluesnarfing
A process in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection.
Trojan
A program disguised as a harmless application that actually produces harmful results.
Keylogger malware
A program that records every key struck on a keyboard and sends that information to an attacker.
RTOS (real time operating system)
A program with a specific purpose that must guarantee certain response times for particular computing tasks, or else the machine's applications is useless. (Found in many types of robotic equipment)
A records , AAAA records
DNS includes () zones for IPV4 and () zones for IPV6
53
DNS uses TCP port () for zone transfers
53
DNS uses UDP port () for DNS client queries
Kerberos
Directory services solutions implement () as a authentication protocol.
CYOD (Choose Your Own Device)
Enables employees to choose from a list of company approved choices.
Spanning Tree Protocol (STP)
Enables switches to detect and fix bridge loops by blocking redundant ports
encryption, access control, steganography
Ensuring confidentiality.
