Quiz #5
Remote Authentication Dial-In User Service (RADIUS)
A computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication server.
Symmetric Encryption
A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message.
asymmetric encryption
A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it
XOR cipher conversion
A cryptographic operation in which a bit stream is subjected to a Boolean XOR function against some other data stream, typically a key stream. The XOR function compares bits from each stream and replaces similar pairs with a "0" and dissimilar pairs with a "1."
Vernam Cipher
A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it.
application layer proxy firewall
A device capable of functioning both as a firewall and an application layer proxy server.
bastion host
A device placed between an external, untrusted network and an internal, trusted network. Also known as a sacrificial host, as it serves as the sole target for attack and should therefore be thoroughly secured.
proxy firewall
A device that provides both firewall and proxy services.
WAP
A device used to connect wireless networking users and their devices to the rest of the organization's network(s). Also known as a Wi-Fi router.
Screened host architecture
A firewall architectural model that combines the packet filtering router with a second, dedicated device such as a proxy server or proxy firewall.
Screened subnet architecture
A firewall architectural model that consists of one or more internal bastion hosts located behind a packet filtering router on a dedicated network segment, with each host performing a role in protecting the trusted network.
single bastion host architecture
A firewall architecture in which a single device performing firewall duties, such as packet filtering, serves as the only perimeter device providing protection between an organization's networks and the external network. This architecture can be implemented as a packet filtering router or as a firewall behind a non-filtering router.
Deep Packet Inspection (DPI)
A firewall function that involves examining multiple protocol headers and even content of network traffic, all the way through the TCP/IP layers and including encrypted, compressed, or encoded data.
Dynamic packet-filtering firewall
A firewall type that can react to network traffic and create or modify configuration rules to adapt.
Stateful Packet Inspection (SPI) firewall
A firewall type that keeps track of each network connection between internal and external systems using a state table, and that expedites the filtering of those communications. Also known as a stateful inspection firewall.
Total Cost of Ownership (TCO)
A measurement of the true cost of a device or application, which includes not only the purchase price, but annual maintenance or service agreements, the cost to train personnel to manage the device or application, the cost of systems administrators, and the cost to protect it.
Honey net
A monitored network or network segment that contains multiple honey pot systems.
port
A network channel or connection point in a data communications system.
dual-homed host
A network configuration in which a device contains two network interfaces: one that is connected to the external network and one that is connected to the internal network. All traffic must go through the device to move between the internal and external networks.
packet-filtering firewall
A networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules.
Passphrase
A plain-language phrase, typically longer than a password, from which a virtual password is derived.
Cache Server
A proxy server or application-level firewall that stores the most recently accessed information in its internal caches, minimizing the demand on internal servers.
mandatory vacation policy
A requirement that all employees take time off from work, which allows the organization to audit the individual's areas of responsibility.
proxy server
A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server, thus protecting and minimizing the demand on internal servers
WEP
A set of protocols designed to provide a basic level of security protection to wireless networks and to prevent unauthorized access or eavesdropping. WEP is part of the IEEE 802.11 wireless networking standard.
WPA
A set of protocols used to secure wireless networks; created by the Wi-Fi Alliance. Includes WPA and WPA2.
Content filter
A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites from material that is not related to business, such as pornography or entertainment.
state table
A tabular record of the state and context of each packet in a conversation between an internal and external user or system. A state table is used to expedite traffic filtering.
security technician
A technically qualified individual who may configure firewalls and IDPSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that security technical controls are properly implemented
Port Address Translation (PAT)
A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-many basis; that is, one external valid address is mapped dynamically to a range of internal addresses by adding a unique port number to the address when traffic leaves the private network and is placed on the public network.
Network Address Translation (NAT)
A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned internal address.
network based IDPS
A(n) _____ resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that network segment, looking for indications of ongoing or successful attacks.
Bluetooth
Allows electronic devices like cell phones and computers to exchange data over short distances using radio waves
anomaly-based IDPS
An IDPS that compares current data and traffic patterns to an established baseline of normalcy, looking for variance out of parameters. Also known as a behavior-based IDPS.
honey pot
An application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion.
Vulnerability Scanner
An application that examines systems connected to networks and their network traffic to identify exposed usernames and groups, open network shares, configuration problems, and other vulnerabilities in servers.
war driving
An attacker technique of moving through a geographic area or building, actively scanning for open or unsecured WAPs.
smart card
An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN.
Chief Information Officer (CIO)
An executive-level position that oversees the organization's computing technology and strives to create efficiency in the processing and access of the organization's information.
Public Key Infrastructure (PKI)
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.
Trap-and-trace applications
Applications that combine the function of honey pots or honey nets with the capability to track the attacker back through the network.
log files
Collections of data stored by a system and used by administrators to audit systems performance and use both by authorized and unauthorized users.
Terminal Access Controller Access Control System (TACACS)
Commonly used in UNIX systems, a remote access authorization system based on a client/server configuration that makes use of a centralized data service in order to validate the user's credentials at the TACACS server
security event information management systems
Log management systems specifically tasked to collect log data from a number of servers or other network devices for the purpose of interpreting, filtering, correlating, analyzing, storing, and reporting the data.
Unified Threat Management (UTM)
Networking devices categorized by their ability to perform the work of multiple devices, such as stateful packet inspection firewalls, network intrusion detection and prevention systems, content filters, spam filters, and malware scanners and filters.
Virtual password
The derivative of a passphrase.
Cryptology
The field of science that encompasses cryptography and cryptanalysis
intrusion detection and prevention system IDPS
The general term for a system with the capability both to detect and modify its configuration and environment to prevent intrusions. An IDPS encompasses the functions of both intrusion detection systems and intrusion prevention technology.
Diffie-Hellman key exchange method
The hybrid cryptosystem that pioneered the technology.
two-person control
The organization of a task or process so that at least two individuals must work together to complete it. Also known as dual control.
Crossover Error Rate (CER)
The point at which false rejections equals false acceptances. Expressed as a percentage, this is the most important metric.
IPSec (Internet Protocol Security)
The primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group. A framework for security development within the TCP/IP family of protocol standards, IPSec provides application support for all uses within TCP/IP, including VPNs.
Kerboros
The primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group. A framework for security development within the TCP/IP family of protocol standards, IPSec provides application support for all uses within TCP/IP, including VPNs.
Cryptanalysis
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.
Nonrepudiation
The process of reversing public-key encryption to verify that a message was sent by the sender and thus cannot be refuted.
false reject rate
The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device. This failure is also known as a Type I error or a false negative.
False Accept Rate
The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.
Task rotation
The requirement that all critical tasks can be performed by multiple individuals.
trusted network
The system of networks inside the organization that contains its information assets and is under the organization's control.
fingerprinting
The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range.
hybrid encryption systems
The use of asymmetric encryption to exchange symmetric keys so that two (or more) organizations can conduct quick, efficient, secure communications based on symmetric encryption.
port scanners
Tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.
Firewall
a combination of hardware and software that ensures that only authorized individuals gain entry into a computer system
application layer firewall
a device capable of examining the application layer of network traffic (for example, HTTP, SMTP, FTP) and filtering based upon its header content rather than the traffic IP headers.
agent
a piece of software that resides on a system and reports back to a management server
clipping level
a predefined assessment level that triggers a predetermined response when surpassed. Typically, the response is to notify an administrator.
password
a secret word or phrase only the user should know
polyalphabetic substitution
a substitution cipher that incorporates two or more alphabets in the encryption process
Monoalphabetic substitution
a substitution cipher that only incorporates a single alphabet in the encryption process
Certificate Authority (CA)
a trusted third-party organization or company that issues digital certificates
dumb card
an authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared
Asynchronous token
an authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token does not require calibration of the central authentication server; instead, it uses a challenge/response system.
Synchronous token
an authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token must be calibrated with the corresponding software on the central authentication server.
War dialer
an automatic phone-dialing program that dials every number in a configured range to determine if one of the numbers belongs to a computer connection such as a dial-up line.
demilitarized zone
an intermediate area between a trusted network and an untrusted network that restricts access to internal systems
collusion
conspiracy; secret cooperation
digital signatures
encrypted message components that can be mathematically proven as authentic
signature based IDPS
examines network traffic in search of patterns that match known signatures—that is, preconfigured, predetermined attack patterns.
Transport mode
only the data is encrypted, not the headers
digital certificates
public-key container files that allow computer programs to validate the key and identify to whom it belongs
host based IDPS
resides on a particular computer or server and monitors activity only on that system
Tunnel mode
the entire IP packet is encrypted and is then placed into the content portion of another IP packet
footprint
the geographic area in which there is sufficient signal strength to make a network connection.
Footprinting
the organized research of the Internet addresses owned or controlled by a target organization.
Cryptography
the process of making and using codes to secure information
job rotation
the requirement that every employee be able to perform the work of at least one other employee
untrusted network
the system of networks outside the organization over which the organization has not control. The Internet is an example of an untrusted network.
Biometrics
the use of physiological characteristics for identification purposes
