Security Plus 501 Exam
Access Point (AP)
-An access point is a device, such as a wireless router, that allows wireless devices to connect to a network. Most access points have built-in routers, while others must be connected to a router in order to provide network access.
RAID 1
Also called mirroring, this RAID array type provides fault tolerance because all the data is written identically to the two drives in the mirrored set. (2) -Requires at least 2 drives to implement -Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) -Is also referred to as disk mirroring
INI
An INI file is a configuration file for computer software that consists of a text-based content with a structure and syntax comprising key-value pairs for properties, and sections that organize the properties
network-based intrusion prevention system (NIPS)
An IPS that monitors the network. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.
Rivest Cipher version 4 (RC4) symmetric algorithm
An RC stream cipher that will accept keys up to 128 bits in length. -WPA uses the same RC4 encryption method as WEP, which is considered weak encryption by modern standards. -ssl also uses it
Single Point of Failure (SPOF)
An SPOF is any component whose failure results in the failure of an entire system. Elements such as RAID, failover clustering, UPS, and generators remove many single points of failure.
Default configuration
This is the configuration that a system enters upon start, upon recovering from an error, and at times when operating. This configuration acts as a system baseline, a position from which all other states can be measured. It is very important for the default configuration to be secure from the beginning, for if not, then a system will be vulnerable whenever entering this configuration, which in many conditions is common.
Initial exploitation
This is the key first step in penetration testing that exploits the vulnerabilities encountered which demonstrates the level of risk that is actually present and the viability of the mechanism of the attack vector.
NAT
used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device -alleviates the problem of depleting IPv4 address space by allowing multiple hosts on the same private LAN to share a single public IP address -A solution that alleviates the problem of depleting IPv4 address space by allowing multiple hosts on the same private LAN to share a single public IP address
Integer overflow (Memory/buffer vulnerability)
This is a programming error condition that occurs when a program attempts to store a numeric value, an integer, in a variable that is too small to hold it. The results vary by language and numeric type. In some cases, the value saturates the variable, assuming the maximum value for the defined type and no more. This can create significant logic errors in a program which attackers can exploit.
Rootkit
software program designed to provide a user with administrator access to a computer without being detected. Rootkits are are considered one of the most serious types of malware since they may be used to gain unauthorized access to remote systems and perform malicious operations.
White Box Testing
testers use their knowledge of system internals when testing the system
fault tolerance
the ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service
Virus
-Computer viruses are small programs or scripts that can negatively affect the health of your computer. These malicious little programs can create files, move files, erase files, consume your computer's memory, and cause your computer not to function correctly. Some viruses can duplicate themselves, attach themselves to programs, and travel across networks. In fact opening an infected e-mail attachment is the most common way to get a virus. -requires its host application to be run to make the virus active -attaches itself to an application program or other executable component
Remote Authentication Dial-in User Server (RADIUS) Authentication Protocol
-Primarily used for network access -Combines authentication and authorization -Encrypts only the password in the access-request packet
RACE Condition
-a malfunction in preprogrammed access to a shared resource
VIP/VIPA
-an IP address that doesn't correspond to any actual physical network interface -would be assigned to a software-based load balancer to handle an internet site hosted on several web servers, each with its own private IP address
Improper input validation
-caused when the product does not validate or incorrectly validates input that can affect the control flow or data flow of a program
Weighted Round Robin (WRR) method
-each consecutive request in handled in a rotational fashion, but servers with higher specs are designated to process more workload
IPsec Encapsulating Security Payload (ESP)
-is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data between computers using a Virtual Private Network (VPN). The focus and layer on which ESP operates makes it possible for VPNs to function securely -It provides origin authenticity through source authentication, data integrity through hash functions and confidentiality through encryption protection for IP packets
Captive Portal method
-is a web page accessed with a web browser that is displayed to newly connected users of a wi-fi or wired network before they are granted broader access to network resources. -refers to a solution allowing administrators to block Internet access for users until they perform required action
Session affinity
-platform feature that associates all HTTP requests coming from an end-user with a single application instance -refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server
round-robin load balancing
-pre-emptive algorithm as the scheduler focuses the process out of the CPU once the time quota expires. -time quotas are assigned to each process in equal positions and in circular order, handling w/o priority -each consecutive request is handled by the next server in a cluster
End of Life Systems (EOL)
-refers to a software that no longer receives continuing support
Challenge Handshake Authentication Protocol (CHAP)
-remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking -CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. Thus, CHAP provides better security as compared to Password Authentication Protocol (PAP) which is vulnerable for both these reasons. The MS-CHAP variant does not require either peer to know the plaintext and does not transmit it, but has been broken
Advanced Encryption Standard (AES) symmetric algorithm
-successor to 3DES, fast, uses minimal resources -used for remote control applications, USB flashdrive, Windows Encrypting File System (EFS) algorithm, BitLocker which is a whole disk encryption -a software technology designed to provide confidentiality for an entire data storage device -symmetric -used with wpa2 -based on the substitution permutation network, which takes plaintext and the key and applies x number of rounds to create the ciphertext. These rounds consist of substitution boxes and permutation boxes that convert the plaintext input bits to ciphertext output bits. -the entire block is processed to obtain the ciphertext
An effective asset management process provides countermeasures against:
-system sprawl -undocumented asset -architecture and design weaknesses
Message Digest 5 (MD5) Hashing Algorithm
128-bit hash based on variable-length plaintext
IPSec (Internet Protocol Security)
A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. IPSec is an enhancement to IPv4 and is native to IPv6. IPSec is unique among authentication methods in that it adds security information to the header of all IP packets. -Internet Protocol Security is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks
Secure Copy Protocol (SCP)
A TCP/IP protocol used mainly on UNIX and Linux devices that securely transports files by encrypting files and commands.
Remote Access Trojan (RAT)
A Trojan that also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols and ultimately gives the hacker higher administrative privileges than the user. -often attached to files appearing to be legitimate, like emails or software bundles
script kiddie
A black-hat "penetration tester" with limited computer science knowledge that uses instructions and tools from other people to exploit vulnerable computer systems.
Access Control List (ACL) Firewall
A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource.
worm AKA: self-replicating malware
A destructive computer program that bores its way through a computer's files or through a computer's network. -memory refers to computer data storage systems, data storage devices, and data storage media that can be written to once, but read from multiple times A computer worm is much like a virus expect that it self-replicates, whereas a virus does not. It does this is an attempt to spread to other computers. worms take advantage of security holes in the operating systems and applications, including backdoors. They look for other systems on the network or on the internet that are running the same applications and replicated to those systems. -WORM can also mean "Write Once, Read Many." It is an optical storage technology that allows a disc to be written only once but read an unlimited number of times.
Dynamic Link Library (DLL)
A file of executable functions or data that can be used by a Windows application. Typically, a DLL provides one or more particular functions, and a program accesses the functions by creating links to the DLL.
active-active load balancer mode
A link aggregation configuration in which both connections are active as a matter of course. If one link fails, the other maintains the connection. -load balancer distributes network traffic access all servers
active-passive load balancer
A link aggregation configuration in which only one connection is used at a time, with the other being a passive connection that is only activated if the first connection fails?? -load balances distribute network traffic across servers marked as active
Certificate Revocation List (CRL)
A list of certificates that are no longer valid. -can be used for troubleshooting problems related to digital certificates
MPLS (Multiprotocol Label Switching)
A network technology defined by a set of IETF specifications that enable Layer 3 devices, such as routers, to establish and manage network traffic. -routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, thus avoiding complex lookups in a routing table and speeding traffic flows
Advanced Package Tools (APT)
A package management tool that's most often used atop Debian packages, although a version for RPM also exists. APT enables package installation and updates from Internet repositories, including automatic dependency resolution.
IBSS (Independent Basic Service Set)/ad hoc network AKA: No Midddle man service set
A peer-to-peer network where each wireless station acts as both a client and a wireless AP. -created by peer devices among themselves without network infrastructure
BCP (Business Continuity Planning)
A plan for how to handle outages to IT systems, applications, and data access in order to maintain business operations.
Trojan
A program disguised as a harmless application that actually produces harmful results. -Trojan horses are software programs that masquerade as regular programs, such as games, disk utilities, and even antivirus programs. But if they are run, these programs can do malicious things to your computer.
Pointer dereference (Memory/buffer vulnerability)
A programming practice that uses a pointer to reference a memory area. A failed dereference operation can corrupt memory and sometimes even cause an application to crash. -describes an attempt to read a variable that stores a null value
PAP (Password Authentication Protocol)
A remote-access authentication method that sends client IDs and passwords as cleartext -Password Authentication Protocol is a password-based authentication protocol used by Point to Point Protocol to validate users. Almost all network operating system remote servers support PAP. PAP is specified in RFC 1334. PAP is considered a weak authentication scheme
Data Encryption Standard (DES) symmetric algorithm
A shared-key encryption algorithm that uses a 56-bit encryption key to encode data in 64-bit blocks. -weak configuration -an outdated symmetric-key method of data encryption. DES works by using the same key to encrypt and decrypt a message, so both the sender and the receiver must know and use the same private key. -plaintext block is divided into two halves before the main algorithm starts
Intrusion Detection System (IDS)
A software and/ or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress.
Triple Digital Encryption Standard (3DES) symmetric algorithm AKA: symmetric cypher algorithm applied three times to each block
A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES. -applies the DES cipher algorithm three times to each data block -the cipher block size is 64 bit but the key size is 168 bit which is three times the size of DES.
Host-based Intrusion Prevention System (HIPS)
A system that automatically responds to computer intrusions by monitoring activity on one or more individual PCs or servers and responding based on a rule set.
Buffer Overflow
A technique for crashing by sending too much data to the buffer in a computer's memory -a situation in which an application writes to an area of memory that it is not supposed to access
active hub
A type of hub that uses electronics to amplify and clean up the signal before it is broadcast to the other ports. -hub that has electronic circuity to regenerate weak signals on the output side to keep the signal strong. Also called a multiport repeater.
Replay Attack
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.
Wi-Fi Protected Setup (WPS) Method
A user-friendly—but not very secure—security setting available on some consumer-grade APs. Part of the security involves requiring a PIN in order to access the AP's settings or to associate a new device with the network. The PIN can be easily cracked through a brute force attack, so this PIN feature should be disabled if possible. -a solution that simplifies configuration of new wireless networks by allowing non-technical users to easily configure network security setting and add new devices to an existing network -weak security configuration -is a network security standard which simplifies configuration of new wireless networks by providing non-technical users with a capability to easily configure network security settings and add new devices to an existing network. WPS has known vulnerabilities and disabling this functionality is one of the recommended ways of securing wireless networks
Transport Layer Security (TLS)
A version of SSL standardized by the IETF (Internet Engineering Task Force). TLS uses slightly different encryption algorithms than SSL, but otherwise is very similar to the most recent version of SSL. A security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP/IP connection.
access point (AP)
the computer or network device that serves as an interface between devices and the network
competitors
type of threat actors that engages in illegal activities to get the know-how and gain market advantage
Downgrade Attack (Cryptographic attacks)
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
DLL injection (Memory/buffer vulnerability)
An attack that injects a Dynamic Link Library (DLL) into memory and runs it. Attackers rewrite DLL, inserting malicious code
Kerberos Authentication
An authentication protocol used in a Windows domain environment or on a Linux system; uses OS-generated keys, which makes this protocol more secure than having an administrator enter keys. -Assigning a unique encrypted key, called a ticket, to each user that logs on to the network
SHA-512
An implementation of SHA-2 using a 512-bit hash.
Original Equipment Manufacturer (OEM)
Any company that resells another company's product using its own name and branding. For example, Dell uses motherboards it has purchased from Intel to build computers that Dell sells. These are marketed as Dell computers, and Dell is the OEM.
OSI Model
Application, Presentation, Session, Transport, Network, Data Link, Physical
zero-day attack
Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.
IPsec Authentication Header (AH)
Authentication Header -for authentication -AH is a protocol that provides authentication of either all or part of the contents of a datagram through the addition of a header that is calculated based on the values in the datagram.
Zombies & Botnets
Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely.
Acceptable Use Policy (AUP)
Defines what action employees may or may not preform on company equipment, including computers, phones, printers, and even the network itself. This policy defines the handling of passwords, e-mail, and many other issues. -A set of rules enforced in a network that restricts the use to which the network may be put is known -A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources
Grey Box Testing
penetration testers have some knowledge of the environment prior to the test
Virtual Private Network (VPN)
Encrypted connection over the Internet between a computer or remote network and a private network. -tunneling ensures the privacy of the VPN connection -A virtual private network is "tunneled" through a wide area network WAN such as the Internet. This means the network does not have to be located in one physical location like a LAN. However, by using encryption and other security measures, a VPN can scramble all the data sent through the wide area network, so the network is "virtually" private.
Wired Equivalent Privacy (WEP)
Encryption scheme included in the first generation of wireless equipment/routers, not very secure A key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit. -weak security configuration -encryption standards designed for securing wireless networks. WEP is an older standard and due to its vulnerabilities is not recommended. -Stands for "Wired Equivalent Privacy." WEP is a security protocol for Wi-Fi networks. Since wireless networks transmit data over radio waves, it is easy to intercept data or "eavesdrop" on wireless data transmissions. The goal of WEP is to make wireless networks as secure as wired networks, such as those connected by Ethernet cables.
IPv4 vs IPv6
IPv4: 32-bit number: 4 billion addresses; four sets of numbers marked off by periods IPv6: 128-bit addresses, able to handle up to 1 quadrillion addresses; almost unlimited # of addresses
Service Set Identifier (SSID) AKA: WAP name
Identifies the network and is the name of the WAP used by clients to connect to the wireless network. It is on by default. Disabling SSID broadcast stops the average user from being able to connect wirelessly to the device but an attacker can easily discover it with a wireless sniffer. It's recommended to change the SSID from the default name. -The SSID is typically different than the name that is assigned to a wireless router. For example, the administrator of a wireless network may set the name of the router, or base station, to "Office." This will be the name that users see when browsing available wireless networks, but the SSID is a different 32 character string that ensures the network name is different from other nearby networks.
Open-Source Intelligence (OSINT)
Information gathered from publicly available ("open") sources, such as radio, television, newspapers, the Internet, etc. The collection of such information is used to augment intelligence analysis and reporting.
IPSec tunnel mode
One of two modes for IPSec. It encrypts the entire IP packet and must add an entirely new IP packet that has the encrypted packet as well as the IPSec AH or ESP packets.
SHA-1
Produces a 160-bit hash value and is used in DSS weak security configuration
Penetration Testing
Professional hacking to access data and computing power without being granted access; professional pen-testers are hired to identify and repair vulnerabilities and only work once, given written permission to obtain ungranted access.
Security Information and Event Management (SIEM)
Software that can be configured to evaluate data logs from IDS, IPS, firewalls, and proxy servers in order to detect significant events that require the attention of IT staff according to predefined rules. -HIDS and MIDS used together -can help to block software intrusions which have slipped past firewalls, antivirus software, and other security countermeasures. -security solution designed to detect anomalies in the log and event data collected from multiple network devices
Improper Error Handling
Software that does not properly trap an error condition and provides an attacker with underlying access to the system.
Vulnerability Scanner
Software to scan a system for potential security problems. -identifies lack of security controls -identifies common misconfigurations -passively tests security controls
SSH (Secure Shell)
TCP 22 UDP 22 -refers to a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services -was designed as a secure replacement for Telnet
TACAS+
Terminal Access Control Access Control System Plus -Encrypts the entire payload of the access-request packet -Primarily used for device administration -Separates authentication and authorization -a RADIUS alternative developed by Cisco
Black Box Testing
Testing, either functional or non-functional, without reference to the internal structure of the component or system.
Systems Development Life Cycle (SDLC)
The overall process for developing information systems from planning and analysis through implementation and maintenance
Institution of Electrical Engineers (IEEE) 802.11
Wireless Ethernet standard more commonly known as Wi-Fi.
authentication, authorization, accounting (AAA) Protocols
provide authentication, authorization, accounting -provide centralized AC with remote systems such as VPN's -protect internal LAN auth systems -ex: RADIUS, TACACS+, Diameter
fine name extension (exe)
a common filename extension denoting an executable file (the main execution point of a computer program) for Microsoft Windows
Distributed Denial of Service (DDoS)
a type of attack where multiple virus-infected computers are used to target a single system, overwhelming it with traffic, rendering it useless or unresponsive (source: webopedia) -relies on the amplification effect
DoS attack
an assault whose purpose is to disrupt computer access to an internet service -an attempt to flood bandwidth or resources of a targeted system to that it becomes overwhelmed with false requests and in result doesn't have time or resources to handle legitimate requests. -also known as a jamming/disassociation attack
KPA (Known Plaintext Attack)
cryptographic attack where the attacker has access to plaintext and the corresponding ciphertext and tries to derive the correlation between them -model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secret keys and code books
Padding Oracle On Downgraded Legacy Encryption (POODLE)
cryptographic downgrade attack -(which stands for "Padding Oracle On Downgraded Legacy Encryption") is a man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0 -downgrade the security protocol to SSLv3 from TLSv1. ... This is done by interrupting the handshake between the client and server; resulting in the retry of the handshake with earlier protocol versions
Data Loss Prevention (DLP) AKA: Triple three-way monitor
detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in-use, in-motion, and at-rest. -A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) There are three varieties: -EndPoint-runs on individual computes and monitor data in use (emails usually) and can control what information flows between various users. -Network-these can be software or hardware and inspect data in motion as it is often installed on the parameter of the network. -storage- typically installed in data centers and inspects data at rest. **There is also cloud based DLP for companies that tend to use cloud infrastructure and BYOD or CYOD
DSS (decision support system)
interactive computer systems that intend to help decision makers use data and models to identify and solve problems and make decisions. An information system designed to support the making of a decision or a set of related decisions by an individual.
intermediate distribution frame (IDF)
is a distribution frame in a central office or customer premises, which cross connects the user cable media to individual user line circuits and may serve as a distribution point for multipair cables from the main distribution frame
information security management (ISO)
is an independent, non-governmental, international organization that develops standards to ensure the quality, safety, and efficiency of products, services, and systems. ... ISO standards are in place to ensure consistency