Testout security pro chapter 2

arp

(Address Resoultion Protocol) command is used to display and modify the ARP table entries on the local host.

ipconfig

(Internet Protocol CONFIGuration) command is used to display a host's current TCP/IP configuration values and to refresh DHCP and DNS settings

netstat

(NETwork STATistics) command displays statistical information describing TCP network connections, routing tables, network interfaces and network protocols.

nslookup

(Name Server LOOKUP) command will query a DNS to obtain the IP address for a given domain name, or to obtain a domain name for a given IP address.

nmap

(Network MAPper) utility is a network security scanner.

ping

(Packet INternet Groper) command can be used to verify network connectivity between two hosts or nodes. It can also be used to test network latency.

tracert

(TRACE RouTe) command displays the IP route to a destination host or node.

Transitive Trust

A hierarchical two-way trust relationship between parent and child entities.

Damage Assessment

A preliminary onsite evaluation of damage or loss caused by a security incident.

Multifactor Authentication

A requirement of more than one method of authentication from independent categories of credentials to verify the user's identity.

Layered Security

A security approach that combines multiple security controls and defenses to create a cumulative effect.

Layered Security Model

A security approach that defines seven layers of security.

Protocol Analyzer

A special type of packet sniffer that captures transmitted frames and analyzes the traffic that exists on the network along with the source and destination of that traffic.

Cybercriminal

A subcategory of hacker threat agents that are willing to take more risks and use more extreme tactics for financial gain.

Network Monitoring

A systematic effort to detect slow or failing network components.

Job Rotation

A technique where users are cross-trained in multiple job positions.

Competitor

A threat agent that carries out attacks on behalf of an organization and targets competing companies.

Nation State

A threat agent that is a sovereign state who may wage an all-out war on a target and have significant resources and money at their disposal.

Insider

A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack.

Persistent Threat

A threat that seeks to gain access to a network and remain there undetected.

Non-Persistent Threat

A threat where the only concern is getting into a system and stealing information and is usually a one-time event where the attacker is not concerned if their presence is noticed.

Targeted Attack

A type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.

Packet Sniffer

A utility that captures or records frames transmitted on a network.

Throughput Tester

A utility that measures the amount of data that can be transferred through a network processed by a device.

Load Tester

A utility that tests a network by simulating a load on a server or service.

Defense in Depth

An access control principle that implements multiple access control methods instead of relying on a single method,

Opportunistic Attack

An attack where the threat actor is almost always trying to make money as fast as possible and with minimal effort.

Security Incident

An event or series of events that are a result of a security policy violation that has adverse effects on a company's ability to proceed with normal business.

Live Analysis

An incident investigation that examines an active (running) computer system to analyze the live network connection, memory contents, and running programs.

Dead Analysis

An incident investigation that examines data at rest, such as analyzing hard drive contents.

Big Data Analysis

An incident investigation that identifies anomalies that led up to the security incident by examining all types of data used in the organization, including text, audio, video,

Hacker

Any threat agent who uses their technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information.

Variety

Defensive layers should have ______________ and be diverse; implementing multiple layers of the exact same defense does not provide adequate strength against attacks.

AAA

The abbreviation for authentication, authorization, and accounting.

Identification

The act of claiming an identification.

Incident Response

The action taken to deal with an incident, both during and after the incident.

Separation of Duties

The concept of dividing a single task's responsibilities so that it cannot be complete without multiple people, thereby reducing conflicts of interest and insider attacks.

First Responder

The first person on the scene after a security incident has occurred.

Principle of Least Privilege

The practice of granting each user or group of users only the access necessary to do their job or perform their official duties.

Authorization

The process of determining whether or not an authenticated user has permission to carry out a specific task or access a system resource.

Authentication

The process of proving an identity.

Accounting

The process of tracking the actions of an authenticated user.

Mutual Authentication

The process whereby two communicating entities authenticate each other.

Need-to-Know

The restriction of data that is highly sensitive and is usually referenced in government and military context.

Staging

This involves preparing it to perform additional tasks in the attack, such as installing software designed to attack other systems.

Improper Input Handling

___________________ may be the curity vulnerability in today's software applications and web pages.

Randomness

_____________________ in security is the constant change in personal habits and passwords to prevent anticipated events and exploitation.

countermeasure

a way to mitigate potential risk.

Logs

are a record of events that have occurred on a system.

External threat

are any individuals or groups that attacks a network from the outside and seeks to gain unauthorized to data.

Internal threat

are authorized individuals that exploit their inherent privileges to carry out an attack.

Competitor

carries out attacks on behalf of an organization and targets competing companies.

best evidence

evidence includes original, authentic objects.

Explicit deny

identifies users or groups who are not allowed access. _____________________ is the strongest form of access control and overrules privileges granted.

Layering

involves implementing multiple security strategies to protect the same asset.

hacker

is a catch-all term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.

Organized Crime

is a group of cybercriminals whose main goal is financial gain.

tcpdump

is a network sniffer and analyzer. It displays a description of packet contents on a network interface.

key

is a variable in a cipher used to encrypt or decrypt a message.

security incident

is an event or series of events that are a result of a security policy violation that has adverse effects company's ability to proceed with normal business.

Script Kiddie

is an individual who carries out an attack by using scripts or programs written by more advanced hackers.

Insider

is any individual who has authorized access to an organization and either intentionally or unintentionally carries out an attack.

Hacktivist

is any individual whose attacks are politically motivated. Instead of seeking financial gain, _______________ are looking to defame, shed light on, or cripple an organization or government.

Open Source Intelligence

is information that is readily available to the public and doesn't require any type of malicious activity to obtain.

Escalate Privileges

is one of the primary objectives of an attacker and can be achieved by configuring additional (escalated) rights to do more than just breaching the system.

Ciphertext

is the encrypted form of a message that makes it unreadable to all but those the is intended for.

Cryptanalysis

is the method of recovering original data that has been encrypted without having access to the key used in the encryption process.

Nation State

is the most organized, well-funded, and dangerous type of threat actor.

Breach

is the penetration of system defenses, achieved through information gathered by reconnaissance to penetrate the system defenses and gain unauthorized access.

Decryption

is the procedure used to convert data from ciphertext into plaintext.

Access recertification

is the process of continually reviewing a user's permissions and privileges to make sure they have the correct level of access.

Reconnaissance

is the process of gathering information about an organization, including: System hardware information Network configuration Individual user information

Social Engineering

is the process of manipulating others to give you sensitive information such as: Intimidation Sympathy

Encryption

is the process of using an algorithm to transform data from plaintext to ciphertext in order to protect the confidentiality, integrity, and authenticity of the message.

Plaintext

is the readable form of an encrypted message.

Cryptography

is the science of converting data into a secret code to hide a message's meaning during transmission.

Technical approach

is using software or utilities find vulnerabilities in a system. Port scan Ping sweep

Load Tester

simulates a load on a server or service.

explicit allow

specifically identifies users or groups who have access. ______________________ is a moderate form of access control in which privilege has been granted to a subject.

Principle of Least Privilege

states that users or groups are given only the access they need to do their job and nothing

Staging Exploit

takes advantage of known vulnerabilities in software and systems.

Incident response

the action taken to deal with an incident during and after the incident.

implicit deny

users or groups who are not specifically given access to a resource are denied access. _____________ is the weakest form of privilege control.

netcat

utility can read and write data across both TCP and UDP network connections.

Steganography,

which literally translates to 'concealed writing,' hides data or a message so that only the sender or the recipient suspects that the hidden data exists.

Multifactor authentication

• Something you are • Something you have • Something you know • Somewhere you are • Something you do

Corroborative Evidence

Evidence or information that supports another fact or detail.

Hearsay Evidence

Evidence that is obtained from a source other than personal, firsthand knowledge.

Network Protocols

Formal standards and policies comprised of rules, procedures, and formats that define communication between two or more devices over a network.

Application layer

Includes authentication and authorization, user management, group policies, and web application security.

Host layer

Includes each individual workstation, laptop, and mobile device. The Host layer includes log management, OS hardening, patch management and implementation, auditing, malware, and password attacks.

Physical layer

Includes fences, door locks, mantraps, turnstiles, device locks, server cages, cameras, motion detectors, and environmental controls.

Perimeter layer

Includes firewalls using ACLS and securing the wireless network.

Network layer

Includes the installation and configuration of switches and routers, implementation of VLANS, penetration testing, and virtualization use.

Policies, Procedures, and Awareness

Includes user education, manageable network plans, and employee onboarding and off-boarding procedures.

Backdoor

A ______________ is an alternative method of accessing an application or operating system for troubleshooting.