WGU C178 Security+

¡Supera tus tareas y exámenes ahora con Quizwiz!

Remote access server (RAS)

A computer that has one or more modems installed to enable remote connections to the network.

Server

A computer that provides resources to clients on the network.

Distributed Denial of Service (DDoS) attack

A derivative of a DoS attack in which multiple hosts in multiple locations focus on one target to reduce its availability to the public.

Transceiver

A device that allows the wireless network interface card (NIC) to connect to the network.

Biometric device

A device that can authenticate an individual based on a physical characteristic.

Sensor

A device that collects data from the data source and passes it on to the analyzer.

Power system

A device that provides electrical power

State table

A firewall security method that monitors the status of all the connections through the firewall.

NETBIOS name service

137

WINS

1512

L2F

1701

RADIUS

1812 & 1813

NFS

2049

RCP

22

SCP

22

SFTP

22

MGCP

2427 & 2727

Host-based firewall

A firewall which runs on a single host to prevent network activity for that host only.

Patch

A fix for a known software problem.

False positive

A flagged event that isn't really an event and has been falsely triggered.

Security log

A log file used in Windows NT to keep track of security events specified by the domain's audit policy. is used to store audit events that can be successful or failed

Adware

A malware application whose primary purpose is to deliver ads and generate revenue for the creator.

Key Exchange Algorithm (KEA)

A method of offering mutual authentication and establishing data encryption keys.

Local area network (LAN)

A network restricted to a single building, group of buildings, or even a single room. A LAN can have one or more servers.

Packet filtering

A network security mechanism that allows or restricts the flow of packets. It analyzes the incoming and outgoing packets and lets them pass or stops them at a network interface based on the source and destination addresses, ports, or protocols.

Cryptanalyst

A person who does cryptanalysis.

Security token

A piece of data that contains the rights and access privileges of the token bearer as part of the token.

Cookie

A plain-text file stored on your machine that contains information about you (and your preferences) and is used by a server.

Incident management

A process to identify, analyze, and correct threats to prevent future re-occurrence.

Internet Society (ISOC)

A professional membership group composed primarily of Internet experts. It oversees a number of committees and groups, including the Internet Engineering Task Force (IETF).

Virus

A program intended to damage a computer system. Many viruses spread using email. The infected system attaches a file to any email that you send to another user. The recipient opens this file, thinking it's something you legitimately sent them. When they open the file, the virus infects the target system.

Security zone

An area in a building where access is individually monitored and controlled.

World Wide Web Consortium (W3C)

An association concerned with interoperability, growth, and standardization of the World Wide Web (WWW). This group is the primary sponsor of XML and other web-enabled technologies.

Diffie-Hellman

An asymmetric standard for exchanging keys. It is used primarily to send secret keys across public networks. The process isn't used to encrypt or decrypt messages; it's used merely for the transmission of keys in a secure manner.

Access attack

An attack aimed at gaining access to resources.

Data policies

An important administrative control to have in place.

DoS attack

Denial of Service (DoS) attack.

Host-to-host

Describes communication that occurs between hosts.

Used for secure connections between two systems that use the Web

HTTP/S

Infrastructure

Hardware and software necessary to run your network.

Advanced Encryption Standard (AES)

Has replaced DES as the current standard, and uses the Rijndael algorithm for use by the U.S. government.

Application aware device

Has the ability to respond to traffic based on what is there.

HMAC

Hash-Based Message Authentication Code, uses a hashing algorithm along with a symmetric key.

WPS attacks

Have become commonplace, as the technology is susceptible to brute-force attacks used to guess the user's PIN.

HSM

Hierarchical storage management, A newer backup type which provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup.

Internal information

Information intended to remain within an organization. includes personnel records, financial working documents, ledgers, customer lists, and virtually any other information that is needed to run a business.

The newest version of the algorithm, which doesn't have strong collision resistance

MD5

password history

Most Microsoft OSs allow you to set this to a number between 0 (disabled) and 24. For the best security, set it to 24 so that 24 unique passwords must be used by any given user before they can begin to reuse them.

Switches

Multiport devices that improve network efficiency and have a small amount of information about systems in a network.

Perimeter security

Security set up outside a network or server to protect it.

An administrator can configure access control functions but is not able to administer audit functions. This is an example of what?

Separation of duties

User Datagram Protocol (UDP)

Provides an unreliable connectionless communication method between hosts.

Role-based training

The training that must be geared to specific roles.

Intrusion

The act of entering a system without authorization to do so.

Configuration management

The administration of setup and configuration changes.

Replication

The process of copying directory information to other servers to keep them all synchronized.

Entrapment

The process of encouraging an attacker to perform an act, even if they don't want to do it.

Business impact analysis (BIA)

The process of evaluating all critical systems in an organization to define impact and recovery plans.

Jamming

The process of intentionally generating noise or interference in an attempt to overwhelm and thereby prevent access to or use of a wireless signal.

Enticement

The process of luring someone into your plan or trap.

Fail-over/failover

The process of reconstructing a system or switching over to other systems when a failure is detected.

transceiver

a low-power transmitter/receiver

alert

a message from the analyzer indicating that an event of interest has occurred.

principal

a user, a program, or a system

Sniffer

monitors network traffic in a passive manner

Tripwire

monitors specific files to see if they have changed. If they have, the Tripwire system can either restore them or simply alert an administrator. There is both a commercial and an open source version of Tripwire.

defense in depth

multiple barrier system, Ideally, your systems should have a minimum of three physical barriers

hashing algorithm

must be one-way/nonreversible, have variable-length input and fixed-length output, and be collision resistant.

NAC

network access control

Network lock

synonymous with MAC filtering

Salt

the addition of bits at key locations, either before or after the hash

TGT

ticket granting ticket, This ticket is encrypted and has a time limit of up to 10 hours.

preventive control

to stop something from happening.

detective control

to uncover a violation.

in the clear

unencrypted

Which of the following is similar to Blowfish but works on 128-bit blocks?

Twofish

Unauthorized access to information using VoIP

Vishing

Which type of tool would BEST describe Nmap?

Vulnerability scanner

Nonrepudiation

Verifying (by whatever means) that data was seen by an intended party. It makes sure they received the data and can't repudiate (dispute) that it arrived.

NTLMv2

Version of NTLM.

Gray box

A middle ground between the first two types of testing (black box and white box) in which the tester has some limited knowledge of the target system.

Promiscuous mode

A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it.

Open Systems Interconnection (OSI) model

A model defined by the ISO to categorize the process of communication between computers in terms of seven layers: application, presentation, session, transport, network, data link, and physical.

Two-tier model

A model in which the client PC or system runs an application that communicates with a database running on a different server.

One-tier model

A model in which the database and applications exist on the same system.

Spike

A momentary or instantaneous increase in power over a power line.

Switched network

A network that has multiple routes to get from a source to a destination. Switching allows for higher speeds.

Passive response

A nonactive response, such as logging. Passive response is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.

Alert

A notification that an unusual condition exists and should be investigated.

Pad

A number of characters added to data before an operation, such as hashing takes place. Most often unique values, known as one-time pads, are added to make the resulting hash unique.

Sequence number

A number used to determine the order in which parts of a packet are to be reassembled after the packet has been split into sections.

Secure Hash Algorithm (SHA)

A one-way hash algorithm designed to ensure the integrity of a message. This algorithm produces a 160-bit hash value.

Network Control Protocol (NCP)

A part of Point-to-Point protocol (PPP) that encapsulates network traffic.

Client

A part of a client/server network where computing is done. In a typical setting, a client uses the server for remote storage, backups, or security (such as a firewall).

Public network

A part of a network outside a firewall that is exposed to public.

Private network

A part of a network that lies behind a firewall and isn't "seen" on the Internet. See firewall.

Third party

A party responsible for providing assurance to the relying party that a subscriber is genuine.

Route

A path to get to the destination from a source.

Service pack

A periodic update that corrects problems in one version of a product.

Operator

A person primarily responsible for the intrusion detection system (IDS).

Owner

A person responsible for current existence of a resource.

User

A person using a computer or network or a resource.

Cryptographer

A person who participates in the study of cryptographic algorithms.

Network interface card (NIC)

A physical device that connects computers and other network equipment to the transmission medium.

Cold site

A physical site that has all resources necessary to enable an organization to use it if the main site is inaccessible (destroyed).

Token

A piece of data holding information about a user. This information can contain group IDs, user IDs, privilege level, and so on.

Disaster recovery plan (DRP)

A plan outlining the procedure by which data is recovered after a disaster.

Incident response plan (IRP)

A policy that defines what steps are needed and who is responsible for deciding how to handle a situation.

Authority

A position, may be upper management, tech support, HR, or law enforcement

Wireless portal

A primary method of connecting a wireless device to a network.

Socket

A primary method used to communicate with services and applications such as the Web and Telnet. It is a programming construct that enables communication by mapping between ports and addresses.

DES

A primary standard used in government and industry until it was replaced by AES. It is based on a 56-bit key and has several modes that offer security and integrity.

Private cloud

A private cloud is owned, managed, and operated by an organization and often resides on equipment shared by traditional data center configurations that are local to the organization.

Birthday attack

A probability method of finding collision in hash functions. A collision occurs when two different values to be hashed give the same result, even though they differ from what was originally used.

DNS poisoning

A problem that existed in early implementations of DNS. also known as cache poisoning.

Social engineering

A process by which intruders gain access to your facilities, network, and even to employees by exploiting the generally trusting nature of people. Impersonation

Revocation

A process of canceling credentials that have been lost or stolen (or are no longer valid). With certificates, revocation is accomplished with a Certificate Revocation List (CRL).

Encryption

A process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can't decrypt it.

Decryption

A process of converting encrypted data back into its original form.

Interception

A process of covertly obtaining information not meant for you. Interception can be an active or passive process.

Information classification

A process of determining what information is accessible to what parties and for what purposes. Public use Internal use Restricted use

Forensics

A process of identifying what has occurred on a system by examining the data trail.

Keyed-Hash Message Authentication Code (HMAC)

"A mechanism for message authentication using cryptographic hash functions" per the draft of the Federal Information Processing Standard (FIPS) publication. Addressed in RFC 2104.

CHAP

(Challenge Handshake Authentication Protocol) was designed to stop man-in the-middle attacks. During the initial authentication, the connecting machine is asked to generate a random number (usually a hash) and send it to the server. Periodically the server will challenge the client machine, demanding to see that number again. If an attacker has taken over the session, they won't know that number and won't be able to authenticate.

PAP

(Password Authentication Protocol) is an older system that is no longer used. PAP sends the username and password to the authentication server in plain text.

SPAP

(Shiva Password Authentication Protocol) replaced PAP. The main difference is that SPAP encrypts the username and password.

RAID 3 or 4

(Striped Disks with Dedicated Parity): This RAID level combines three or more disks with the data distributed across the disks. This RAID level also uses one dedicated disk to store parity information. The storage capacity of the array is reduced by one disk (the one used for parity). If a disk fails, that is only a partial loss of data.

RAID 5

(Striped Disks with Distributed Parity): This RAID level combines three or more disks in a way that protects data against the loss of any one disk. It is similar to RAID 3, but the parity is distributed across the drive array.

RAID 6

(Striped Disks with Dual Parity): This RAID level combines four or more disks in a way that protects data against the loss of any two disks. It accomplishes this by adding an additional parity block to RAID 5. Each of the parity blocks is distributed across the drive array so parity is not dedicated to any specific drive.

RAID 0

(Striped Disks): This RAID level distributes data across multiple disks in a way that provides improved speed (read/write performance) at any given instant but does not offer any fault tolerance. A minimum of two disks are needed.

application extensions that should not be allowed to enter your network

.bat, .com, .exe, .hlp, .pif, .scr

System ports

0 to 1023

Well-known ports

0 to 1023

Business continuity planning (BCP)

A process of implementing policies, controls, and procedures to counteract effects of losses, outages, or failures of critical business processes. Two of the key components of BCP are business impact analysis (BIA) and risk assessment.

Disk mirroring

A process of keeping identical copies of data on two disks to prevent the loss of data if one disk fails.

EMI shielding

A process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities.

Key registration

A process of providing certificates to users, and a registration authority (RA) typically handles this function when the load must be lifted from a certificate authority (CA).

Certificate revocation

A process of revoking a certificate before it expires.

Hash/hashing

A process of transforming characters into other characters that represent (but are not) originals. Traditionally, results are smaller and more secure than the original.

Encoding

A process of translating data into signals that can be transmitted on a transmission medium.

Disk striping

A process of writing data to multiple disks simultaneously in small portions called stripes.

Scanning

A process that attackers use to gather information about how a network is configured.

Server authentication

A process that requires a workstation to authenticate against the server.

User access reviews

A process to determine whether a user's access level is still appropriate.

Worm

A program similar to a virus. Worms, however, propagate themselves over a network

Trojan horse

A program that enters a system or network under the guise of another program. The Trojan horse could create a backdoor or replace a valid program during installation

JavaScript

A programming language that allows access to resources of the system running the script. These scripts can interface with all aspects of an operating system just like programming languages, such as the C language.

Flood guard

A protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks.

Secure Electronic Transaction (SET)

A protocol developed by Visa and MasterCard for secure credit card transactions.

Simple Mail Transfer Protocol (SMTP)

A protocol for sending email between SMTP servers.

Federation

A collection of computer networks that agree on standards of operation, such as security standards.

Firewall

A combination of hardware and software that protects a network from attack by hackers who could gain access through public networks, including the Internet.

HVAC

A common acronym for Heating, Ventilation, and Air Conditioning.

Message authentication code (MAC)

A common method of verifying integrity. It is derived from the message and a shared secret key.

Workstation

A computer that isn't a server but is on a network. Generally, a workstation is used to do work, whereas a server is used to store data or perform a network function.

Redundant Array of Independent (or Inexpensive) Disks (RAID)

A configuration of multiple hard disks used to provide fault tolerance, should a disk fails, or gains in efficiency. Different levels of RAID exist.

Point-to-Point Protocol (PPP)

A data link protocol that works by encapsulating the network traffic in NCP. PPP allows many channels in a network connection (such as ISDN) to be connected or bonded together to form a single virtual connection. Authentication is handled by the Link Control Protocol (LCP). PPP doesn't provide for any encryption services for the channel. the unsecure nature of PPP makes it largely unsuitable for WAN connections, but other protocols have been created to build on PPP.

Uninterruptible power supply (UPS)

A device that can provide short-term power, usually by using batteries.

Router

A device that connects two or more networks and allows packets to be transmitted and received between them. It determines the best path for data packets from source to destination.

Mantrap

A device, such as a small room, that limits access to one or a few individuals. Mantraps typically use electronic locks and other methods to control access.

Certificate

A digital entity that establishes who you are and is often used with e-commerce. It contains your name and other identifying data.

Routing Information Protocol (RIP)

A distance-vector route discovery protocol used by Internetwork Packet Exchange (IPX) and Internet Protocol (IP). IPX uses hops and ticks to determine the cost for a particular route.

Common Criteria (CC)

A document of specifications detailing security evaluation methods for IT products and systems.

Request for Comments (RFC)

A document-creation process and a set of practices that originated in 1969 and is used for proposed changes to Internet standards.

Backup plan

A documented plan governing backup situations.

IEEE 802.11

A family of protocols that provides for wireless communications using radio-frequency transmissions.

Disk striping with parity

A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails, the data on it can be re-created by looking at the remaining data and computing parity to figure out the missing data.

Encrypting file system (EFS)

A feature in NTFS on Windows-based operating systems that allows for filesystem-level encryption to be applied.

Pharming

A form of redirection in which traffic intended for one host is sent to another. This can be accomplished on a small scale by changing entries in the hosts file and on a large scale by changing entries in a DNS server

Phishing

A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via email.

Cross-site request forgery (XSRF)

A form of web-based attack in which unauthorized commands are sent from a user that a website trusts. Otherwise known as session riding.

Appliance

A freestanding device that operates in a largely self-contained manner.

Pretty Good Privacy (PGP)

A freeware email system, which is used for email security. uses both symmetrical and asymmetrical systems as a part of its process, During the encryption process, the document is encrypted with the public key and also a session key, which is a one-use random number, to create the ciphertext. The session key is encrypted into the public key and sent with the ciphertext. On the receiving end, the private key is used to ascertain the session key. The session key and the private key are then used to decrypt the ciphertext back into the original document.

Routing

A function of the Network layer that involves moving data throughout a network. See Router.

Site survey

A generic site survey involves listening on an existing wireless network using commercially available technologies.

Internet

A global network made up of a large number of individual networks that are interconnected and uses TCP/IP. See Transmission Control Protocol/Internet Protocol (TCP/IP).

Gramm-Leach-Bliley Act

A government act containing rules on privacy of consumer finance information. also known as the Financial Modernization Act of 1999, requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy. The act prohibits banks from releasing information to nonaffiliated third parties without permission. The law went into effect in July 2001. Financial officers and the board of directors can be held criminally liable for violations.

Network

A group of devices connected by some means for sharing information or resources.

VPN concentrator

A hardware device used to create remote access VPNs.

Encapsulating Security Payload (ESP)

A header used to provide a mix of security services in IPv4 and IPv6. It can be used alone or in combination with the IP Authentication Header (AH). can operate in either the transport or tunnel mode.

Authentication Header (AH)

A header used to provide connectionless integrity and data origin authentication for IP datagrams and protection against replays. can operate in either the transport or tunnel mode.

Checksum

A hexadecimal value computed from transmitted data used in error-checking routines.

Virtualization

A key component of cloud computing that makes it possible by abstracting the hardware and making it available to virtual machines.

Ephemeral key

A key for a specific session.

Preshared key

A key shared by all of the clients and the access point.

Private key

A key that isn't disclosed to people who aren't authorized to use the encryption system.

Weak key

A key used with a particular cipher that makes it function in an undesirable manner.

Port

A kind of opening that allows network data to pass through.

Ping of death

A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host's buffer. It is usually causes the remote host to reboot or hang. sPing is an example of a ping of death

Evaluation Assurance Level (EAL)

A level of assurance, expressed as a numeric value, based on standards set by the Common Criteria Recognition Agreement (CCRA).

Open Shortest Path First (OSPF)

A link-state routing protocol used in IP networks.

Certificate Revocation List (CRL)

A list of digital certificates that a specific CA states should no longer be used.

Password history

A list of passwords that have already been used.

Wireless local area network (WLAN)

A local area network that employs wireless access points (WAPs) and clients using 802.11 standards.

Offsite storage

A location away from the computer center where paper copies and backup media are kept.

Onsite storage

A location on the site of the computer center that is used to store information locally.

Hot site

A location that can provide operations within hours of a failure. A hot site is also referred to as an active backup model.

Port Address Translation (PAT)

A means of translation between ports on a public and private network.

Remote authentication dial-in user service (RADIUS)

A mechanism that allows authentication of dial-in and other network connections. RADIUS is commonly used by Internet service providers (ISPs) and in the implementation of virtual private networks (VPNs).

Sandbox

A memory area set aside for running applications in their own memory space.

Internet Control Message Protocol (ICMP)

A message and management protocol for TCP/IP. The ping utility uses ICMP.

Misuse-detection IDS (MD-IDS)

A method of evaluating attacks based on attack signatures and audit trails.

Penetration testing

A method of evaluating security of a computer system or network by simulating an attack from a malicious source.

Tailgating

A method of gaining entry to electronically locked systems by following someone through the door they just unlocked.

Trusted Platform Module (TPM)

A method of utilizing encryption and storing passwords on a chip. The hardware holding the chip is then needed to unencrypt the data and make it readable.

Transmission Control Protocol/Internet Protocol (TCP/IP)

A protocol suite developed by the Department of Defense (DoD) in conjunction with the Internet. It was designed as an internetworking protocol suite that could route information around network failures.

Challenge Handshake Authentication Protocol (CHAP)

A protocol that challenges a system to verify identity. It is an improvement over Password Authentication Protocol (PAP) in which one-way hashing is incorporated into a three-way handshake.

Telnet

A protocol that functions at the Application layer of the OSI model, providing terminal emulation capabilities. See Open Systems Interconnection (OSI) model.

Secure Sockets Layer (SSL)

A protocol that is used to establish a secure communication connection between two TCP-based machines. uses the handshake method of establishing a session.

Hypertext Transfer Protocol (HTTP)

A protocol used for communication between a web server and a web browser.

Secure Hypertext Transfer Protocol (S-HTTP)

A protocol used for secure communications between a web server and a web browser. is HTTP with message security (added by using RSA or a digital certificate)

Dynamic Host Configuration Protocol (DHCP)

A protocol used on a TCP/IP network to automate the assignment of IP addresses to workstations.

Post Office Protocol Version 3 (POP3)

A protocol used to download email from an SMTP email server to a network client. See Simple Mail Transfer Protocol (SMTP).

Link Control Protocol (LCP)

A protocol used to establish, configure, and test the link between a client and PPP host. See Point-to-Point Protocol (PPP).

Address Resolution Protocol (ARP)

A protocol used to map known IP addresses to unknown physical addresses.

Transport Layer Security (TLS)

A protocol whose purpose is to verify that secure communications between a server and a client remain secure. Defined in RFC 2246.

Internet Message Access Protocol (IMAP)

A protocol with a store-and-forward capability. It can also allow messages to be stored on an email server instead of downloaded to the client.

dual-homed firewall

A proxy firewall typically using two network interface cards (NICs)

Proxy firewall

A proxy server that also acts as a firewall, blocking network access from external networks.

Data integrity

A quality that provides a level of confidence that data won't be jeopardized and will be kept secret. assurance that a message wasn't modified during transmission.

Web application firewall

A real-time appliance that applies a set of rules to block traffic to and from web servers and try to prevent attacks.

Health Insurance Portability and Accountability Act (HIPAA)

A regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information.

Single sign-on (SSO)

A relationship between the client and the network wherein the client is allowed to log on one time, and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there).

Mandatory Access Control (MAC)

A relatively inflexible method for how information access is permitted. In a MAC environment, all access capabilities are predefined.

Evil twin

A rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.

Border router

A router used to translate from LAN framing to WAN framing.

FTPS

A secure method for transferring data using FTP. It uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to secure communications and operates on port 990.

Host software baselining

A security baseline which defines the security level that will be implemented and maintained.

Wireless Transport Layer Security (WTLS)

A security layer of the Wireless Applications Protocol (WAP). WTLS provides authentication, encryption, and data integrity for wireless devices.

Wired Equivalent Privacy (WEP)

A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network. WEP was vulnerable because of weaknesses in the way its encryption algorithms (RC4) are employed. Uses a 24-bit Initialization Vector.

SAN

A separate network set up to appear as a server to the main organizational network. SANs usually have redundant servers, and they are connected via high-speed fiber-optic connections or iSCSI running on copper.

Algorithm

A series of steps/formulas/processes followed to arrive at a result.

Web server

A server that holds and delivers web pages and other web content using HTTP. See Hypertext Transfer Protocol (HTTP)

Active Directory

A server that runs AD retains information about all access rights for all users and groups in the network. When a user logs on to the system, AD issues the user a globally unique identifier (GUID). Applications that support AD can use this GUID to provide access control. Access can be established through groups, and it can be enforced through group memberships. Mimics Kerberos Single Sign On.

Client/server network

A server-centric network in which all resources are stored on a file server and processing power is distributed among workstations and the file server.

RAID levels

A set of RAID configurations that consists of striping, mirroring, or parity.

Hypertext Markup Language (HTML)

A set of codes used to format text and graphics that will be displayed in a browser. Codes define how data will be displayed.

Federal Information Processing Standard (FIPS)

A set of guidelines for the U.S. federal government information systems.

Separation of duties

A set of policies designed to reduce the risk of fraud and prevent other losses in an organization.

IP Security (IPSec)

A set of protocols that enable encryption, authentication, and integrity over IP. It is commonly used with virtual private networks (VPNs) and operates at Layer 3.

Best practices

A set of rules governing basic operations based on methods that have consistently shown superior results over those achieved by other means.

Network Access Control (NAC)

A set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.

Public Key Cryptography Standards (PKCS)

A set of voluntary standards created by RSA security and industry security leaders.

Message digest

A signature area within a message.

Loop protection

A similar feature that works in layer 2 switching configurations and is intended to prevent broadcast loops. disable broadcast forwarding to protect against duplicate ARP requests

Hash value

A single number used to represent an original piece of data.

Warm site

A site that provides some capabilities in the event of a disaster. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that might already exist in the warm site.

Protocol analyzer

A software and hardware troubleshooting tool used to monitor data transmitted across a network.

Vulnerability scanner

A software application that checks your network for any known security holes; it's better to run one on your own network before someone outside the organization runs it against you.

Macro virus

A software exploitation virus that works by using the macro feature included in many applications.

Common Access Card (CAC)

A standard identification card used by the Department of Defense (DoD) and other employers. It is used for authentication as well as identification. A picture appears on the front of the card with an integrated chip beneath and a barcode. On the back of the card, there is a magnetic strip and another barcode.

Lightweight Directory Access Protocol (LDAP)

A standardized directory access protocol that allows queries to be made of directories.

Privacy

A state of security in which information isn't seen by unauthorized parties without the express permission of the party involved.

Hard drive

A storage device that is used for retrieving digital information.

RC4

A streaming cipher that works with key sizes between 40 and 2048 bits, and used in SSL and TLS; and popular with wireless and WEP/WPA encryption.

Encryption key

A string of alphanumeric characters used to decrypt encrypted data.

Closed-circuit television (CCTV)

A surveillance camera used for physical-access monitoring.

Cryptographic algorithm

A symmetric algorithm, also known as a cipher, used to encrypt and decrypt data.

Private Branch Exchange (PBX)

A system that allows users to connect voice, data, pagers, networks, and almost any other application into a single telecommunications system. It allows an organization to be its own phone company.

Three-tier model

A system that effectively isolates an end user from a database by introducing a middle-tier server.

two-factor authentication

A system that uses smart cards and passwords

Access control list (ACL)

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.

Routing table

A table that contains information about locations of other routers on the network and their distance from the current router.

Computer Emergency Response Team (CERT)

A team of experts who respond to computer security incidents. One item that CERT addresses is the issue of exception handling.

Fuzzing

A technique of providing unexpected values as input to an application to make it crash.

Near field communication

A technology that requires a user to bring the client close to AP to verify that the device is present.

Integrated Services Digital Network (ISDN)

A telecommunications standard used to digitally send voice, data, and video signals over the same lines.

External threat

A threat that originates from outside the company.

Layer 2 forwarding (L2F)

A tunneling protocol developed by Cisco that is used with virtual private networks (VPNs). shouldn't be used over WANs. L2F provides authentication, but it doesn't provide encryption.

Layer 2 Tunneling Protocol (L2TP)

A tunneling protocol that adds functionality to the point-to-point protocol (PPP). This protocol was created by Microsoft and Cisco and is often used with virtual private networks (VPNs).

Secure Shell (SSH)

A tunneling protocol that uses encryption to establish a secure connection between two systems.

Public Key Infrastructure (PKI)

A two-key asymmetric encryption system wherein messages are encrypted with a public key and decrypted with a private key. four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates.

Identification and authentication (I&A)

A two-step process of identifying a person (usually when they log on) and authenticating them by challenging their claim to access a resource.

Connection-oriented

A type of communication between two hosts that have a previous session established for synchronizing sent data. The receiving PC acknowledges the data.

Connectionless

A type of communication between two hosts that have no previous session established for synchronizing sent data. The data isn't acknowledged at the receiving end.

Role-based access control (RBAC)

A type of control wherein the levels of security closely follow the structure of an organization.

Buffer overflow attack

A type of denial of service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it (as the name implies).

Proxy

A type of firewall that prevents direct communication between a client and a host by acting as an intermediary. See firewall.

Elliptic curve cryptography (ECC)

A type of public key cryptosystem that requires a shorter key length than many other cryptography systems (including the de facto industry standard, RSA). y2 = x3 + ax + b

Spim

A type of spam that targets users over instant messaging.

Blowfish

A type of symmetric block cipher created by Bruce Schneier. has a 64-bit block size and a variable key length from 32 bits up to 448 bits.[

Carlisle Adams Stafford Tavares (CAST)

A type of symmetric block cipher defined by RFC 2144.

Segment

A unit of data transmission found at the Transport layer of the Open Systems Interconnection (OSI) model and used by TCP.

Multipartite virus

A virus that attacks a system in more than one way.

Retrovirus

A virus that attacks or bypasses the antivirus software installed on a computer. You can consider a retrovirus to be an anti-antivirus. can directly attack your antivirus software and potentially destroy the virus definition database file.

Stealth virus

A virus that attempts to avoid detection by masking itself from applications.

Companion virus

A virus that creates a new program that runs in place of an expected program of the same name. attaches itself to legitimate programs and then creates a program with a different filename extension.

Armored virus

A virus that is protected in a way that makes disassembling it difficult. The difficulty makes it "armored" against antivirus programs that have trouble getting to, and understanding, its code.

Phage virus

A virus that modifies and alters other programs and databases. The only way to remove this virus is to reinstall the programs that are infected. If you miss even a single incident of this virus on the victim system, the process will start again and infect the system once more.

Uniform Resource Locator (URL)

A way of identifying a web page. It consists of the protocol used to access the page and the domain name or IP address of the host.

Out-of-band method

A way to transmit the encryption key by using a method other than the one used to transmit the data.

Vulnerability

A weakness that could be exploited by a threat.

Wireless access point

A wireless bridge used in a multipoint radio frequency (RF) network.

Rogue server

An active Dynamic Host Configuration Protocol (DHCP) server that has been added to a network and is now leasing addresses to users instead of them obtaining an address from your server.

Xmas attack

An advanced scan that tries to get around firewall detection and look for open ports. (think of the led's lit on each port). This is an advanced scan that tries to get around firewall detection and look for open ports. It accomplishes this by setting three flags (FIN, PSH, and URG)

National Institute of Standards and Technology (NIST)

An agency (formerly known as the National Bureau of Standards (NBS)) that has been involved in developing and supporting standards for the U.S. government for over 100 years. NIST has become involved in cryptography standards, systems, and technology in a variety of areas. It's primarily concerned with governmental systems, where it exercises a great deal of influence.

Whaling

An attack targeted at an individual with an intent of obtaining confidential company information. It involves the use of an email or webpage that appears legitimate and contains a high sense of urgency.

Smurf attack

An attack that consists of spoofing the target machine's IP address and broadcasting to that machine's routers so that the routers think the target is sending out the broadcast.

ICMP attack

An attack that occurs by triggering a response from the Internet Control Message Protocol (ICMP) when it responds to a seemingly legitimate maintenance request.

Man-in-the-middle attack

An attack that occurs when someone/something that is trusted intercepts packets and retransmits them to another party.

Client-side attack

An attack that targets vulnerabilities in client applications that interact with a malicious server.

TCP sequence attack

An attack wherein an attacker intercepts and then responds with a sequence number similar to the one used in the original session. The attack can either disrupt a session or hijack a valid session.

Polymorphic

An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The virus will attempt to hide from your antivirus software. Frequently, the virus will encrypt parts of itself to avoid detection. When the virus does this, it's referred to as mutation.

Kerberos

An authentication scheme that uses tickets (unique keys) embedded within messages. Named after the three-headed guard dog that stood at the gates of Hades in Greek mythology.

Local registration authority (LRA)

An authority used to identify or establish the identity of an individual for certificate issuance. The primary difference between an RA and an LRA is that the latter can be used to identify or establish the identity of an individual. The LRA involves the physical identification of the person requesting a certificate.

Bot

An automated software program (network robot) that collects information on the Web. In the malicious form, a bot is a compromised computer being controlled remotely.

Faraday cage

An electrically conductive wire mesh or other conductor woven into a "cage" that surrounds a room and prevents electromagnetic signals from entering or leaving the room through walls.

Activity

An element of a data source that is of interest to the operator.

Post Office Protocol (POP)

An email access program used to retrieve email from an email server.

Public key

An encryption key, used in asymmetric cryptography, combined with a private key to effectively facilitate communication.

Recovery agent

An entity that has the ability to recover a key, key components, or plaintext messages as needed.

False negatives

An error in which you are not alerted to a situation when you should be alerted due to which, you miss crucial things.

Work factor

An estimate of the amount of time and effort that would be needed to break a system.

Risk analysis

An evaluation of each risk that can be identified. Each risk should be outlined, described, and evaluated on the likelihood of it occurring.

AES256

An implementation of Advanced Encryption Standard (AES) that uses 256-bit encryption.

Institute of Electrical and Electronics Engineers, Inc. (IEEE)

An international organization that sets standards for various electrical and electronics issues.

Internet Engineering Task Force (IETF)

An international organization that works under the Internet Architecture Board to establish standards and protocols relating to the Internet.

Network-based IPS (N-IPS)

An intrusion prevention system that is network based. To prevent the intrusion, it must first be detected (thus making it a superset of IDS), and then act accordingly.

Certificate authority (CA)

An issuer of digital certificates (which are then used for digital signatures or key pairs).

Port scanner

An item (physical or software) that scans a server for open ports that can be taken advantage of.

Service

An item that adds functionality to a network by providing resources or doing tasks for other computers. programs that run when the operating system boots, and they are often running in the background without users interacting directly with them.

Physical barrier

An object, such as a locked door, used to restrict physical access to network components.

Common Gateway Interface (CGI)

An older form of scripting used extensively in early web systems.

Hijacking (TCP/IP hijacking)

An older name for all man-in-the-middle attacks. See TCP/IP hijacking.

Serial Line Internet Protocol (SLIP)

An older protocol designed to connect Unix systems together in a dial-up environment, and supports only serial communications.

Continuous monitoring

An ongoing audit of what resources a user actually accesses.

Backdoor

An opening left in a program application (usually by a developer) that allows additional access to data. These are created for debugging purposes and aren't documented.

Trusted OS

An operating system that meets the government's requirements for security.

Internet Assigned Numbers Authority (IANA)

An organization responsible for governing IP addresses.

Registration authority (RA)

An organization that offloads some of the work from a certificate authority (CA).

Key distribution center (KDC)

An organization/facility that generates keys for users.

Threat

Any perceivable risk that may result in harm of systems and organizations.

Asset

Any resource of economic value that you want to secure and protect.

DNS server

Any server that performs address resolution from a DNS fully qualified domain name (FQDN) to an IP address.

Zombie

Any system taking directions from a master control computer. It is often utilized in distributed denial of service (DDoS) and botnet attacks.

Eavesdropping

Any type of passive attack that intercepts data in an unauthorized manner—usually in order to find passwords. Cable sniffing, wiretapping, and man-in-the-middle attacks are eavesdropping attacks.

Attack

Any unauthorized intrusion into the normal operations of a computer or computer network. It can be carried out to gain access to the system or any of its resources.

Least privilege

Any user will be granted only the privileges necessary to perform their job function.

Guards

Anyone who might be allowed unfettered access to grounds, network, or system.

Postmortem

Anything that occurs "after the fact," such as an audit or review.

Multihomed

Anytime you have a system that is configured with more than one IP address

Time of day restrictions

Applies time restriction for an account to access the system.

Asset tracking

As simple as a serial number etched in a device or as complex as a GPS locator.

Which of the following features is not available in L2TP?

Built-in encryption

BCP

Business continuity planning

BIA

Business impact analysis

malicious insider threat

Don't overlook the most common personal motivator of all: greed. It may surprise you, but people can be bribed to give away information, and one of the toughest challenges is someone on the inside who is displeased with the company and not afraid to profit from it.

Alarm

Draws attention to a breach, or suspected breach, when it occurs.

War driving

Driving around with a laptop looking for open wireless access points with which to communicate.

Limited distribution

Describes information that isn't intended for release to the public. This category of information isn't secret, but it's private.

Session hijacking

Describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.

Host-based IDS (HIDS)

Designed to run as software on a host computer system.

DNAT

Destination NAT. can be used to redirect traffic destined for a virtual host to the real host.

Used for the secure transmission of keys

Diffie-Hellman key exchange

DHE or EDH

Diffie-Hellman with an ephemeral key.

DSSS

Direct-sequence spread spectrum

Directory Sharing

Directory sharing should be limited to what is essential to perform system functions.

user accounts for exiting employees

Disabled, regardless of the circumstances

DRP

Disaster recovery plan

LDAP uses four different name types

Distinguished Name Relative Distinguished Name User Principal Name Canonical Name

DN

Distinguished name

DDoS attack

Distributed Denial of Service (DDoS) attack.

Subnetting

Divides a network into smaller components using the subnet mask value.

Network segmentation

Dividing your network into segments.

Trends

Do not refer to the latest fad in security; instead refer to trends in threats.

There are five levels of testing

Document Review Walkthrough Simulation Parallel Test Cutover Test

DNSSEC

Domain Name System Security Extensions. checks digital signatures and can protect information by digitally signing records.

Instant messaging (IM)

Immediate communication that can be sent back and forth between users who are currently logged on. From a security standpoint, there are risks associated with giving out information via IM.

Implicit deny

Implied at the end of each ACL, which means that if the proviso in question has not been explicitly granted, access is denied.

Organization security awareness training program

Importance of security Responsibilities of people in the organization Policies and procedures Usage policies Account and password-selection criteria Social engineering prevention

The phishing filter in Internet Explorer can be turned on or off, or the entire filter can be disabled. To turn on automatic website checking, follow these steps:

In Internet Explorer, click Tools > Internet Options and choose the Advanced tab. Scroll down beneath Settings to Security. Click Enable SmartScreen Filter. Click OK. A message appears telling you that website addresses will be sent to Microsoft and checked against a database of reported phishing websites. Click OK. Exit the Internet Options.

The following steps will allow you to verify whether or not a TPM chip is installed on your computer

In Windows 7, open Control Panel and choose Security. Under Security, choose BitLocker Drive Encryption. A dialog box will appear. The contents of the box do not matter. What does matter is a link in the lower-left corner that reads TPM Administration. If the link is there, TPM is installed and active. If you don't see the link but are certain that your computer contains such a chip, you may need to boot into your BIOS Setup menu and enable TPM before trying this again.

Clean desk policies

Information on a desk - in terms of printouts, pads of note paper, sticky notes, and the like- can be easily seen by prying eyes and taken by thieving hands.

Public information

Information that is publicly made available to all.

Private information

Information that isn't for public knowledge.

Restricted information

Information that isn't made available to all and to which access is granted based on some criteria. It includes proprietary processes, trade secrets, strategic information, and marketing plans. this type of information is also placed on a need-to-know basis—unless you need to know, you won't be informed.

ISN

Initial Sequence Number (part of TCP handshake)

Stateful packet filtering

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel.

Unauthorized monitoring of network traffic.

Interception

ISA

Interconnection Security Agreement. An agreement that documents technical requirements of connected systems two organizations have.

ITU-D

International Telecommunications Union-D, is concerned with expanding telecommunications throughout undeveloped countries.

ITU-R

International Telecommunications Union-R, is concerned with radio communication and spectrum management

ITU-T

International Telecommunications Union-T, is concerned with telecommunications standards

IIS

Internet Information Services. is an extensible web server created by Microsoft for use with Windows NT family.[2] IIS supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP.

iSCSI

Internet Small Computer Systems Interface. Allows data storage and transfers across the existing network. Routable over an IP network.

Nonintrusive tests

Involve passively testing security controls - performing vulnerability scans, probing for weaknesses, but not exploiting them.

Tabletop exercises

Involve sitting around a table and discussing (with the help of a facilitator) possible security risks in a low-stress format.

Intrusive tests

Involve testing security controls - trying to break into the network.

Privilege escalation

Involves a user gaining more privileges than they should have.

Impersonation

Involves any act of pretending to be someone you are not.

URL filter

Involves blocking websites based solely on the URL, restricting access to specified websites and certain web-based applications.

Risk avoidance

Involves identifying a risk and making the decision to no longer engage in the actions associated with that risk.

Integer overflow

Involves putting too much information into too small space that is set aside for numbers.

Risk transference

Involves sharing some of the risk burden with someone else, such as an insurance company.

War chalking

Involves those who discover a way into the network leaving signals on, or outside, the premise to notify others that a vulnerability exists there.

Risk deterrence

Involves understanding about the enemy and letting them know the harm that can come their way if they cause harm to you.

Server-side validation

Involves validating data after the server has received it.

digital signature

It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message.

Caesar cipher

It was purportedly used by Julius Caesar. The system involves simply shifting all letters a certain number of spaces in the alphabet. Supposedly, Julius Caesar used a shift of 3 to the right.

A self-contained program downloaded from a server to a client

Java Applet

A small, easy to use subset of the more complex Java code environment

JavaScript

To avoid mishandling of information (electronic or documents), what should you consider using?

Labeling

Honeynets

Larger initiatives in the area of honeypot technology.

LBAC

Lattice-Based Access Control. A form of Mandatory Access Control

LDAP

Lightweight Directory Access Protocol is a standardized directory access protocol that allows queries to be made of directories (specifically, pared-down X.500-based directories). LDAP is the main access protocol used by Active Directory. It operates, by default, at port 389. The LDAP syntax uses commas between names.

LEAP

Lightweight Extensible Authentication Protocol. Created by Cisco as an extension to EAP, but it's being phased out in favor of PEAP. LEAP requires mutual authentication to improve security but it's susceptible to dictionary attacks.

Which classification of information designates that information can be released on a restricted basis to outside organizations?

Limited distribution

Rule-based access control

Limits a user to make settings in preconfigured policies.

ps -ef | more

Linux include a graphical utility to allow you to see the running processes

man tool

Linux manual tool

man command followed by the name of the process

Linux process lookup

ps -u root

Linux root process lookup

at.deny

Linux, only the users named in that file cannot use the service (you are explicitly denying them) and all others can.

at.allow

Linux, only those users named can use the service and all others cannot.

Virtual LAN (VLAN)

Local area network (LAN) that allows users on different switch ports to participate in their own network separate from, but still connected to, other stations on the same or a connected switch.

LSO

Locally Shared Object is also commonly known as a Flash Cookie and is nothing more than data stored on a user's computer by Adobe Flash. Often this is used to store data from games that have been played through Flash or user preferences, and it can represent a security/privacy threat.

Flash Cookies

Locally shared objects stored on a user's computer by Adobe Flash.

passive responses

Logging, notification, shunning

Banner grabbing

Looking at the banner, or header, information messages sent with data to find out about the system(s).

Dumpster diving

Looking through trash for clues—often in the form of paper scraps—to find users' passwords and other pertinent information.

Code review

Looks at all custom written code for holes that may exist.

Behavior based detection IDS

Looks for variations in behavior such as unusually high traffic and policy violations, by which it is able to recognize potential threats and respond quickly to them.

Placing software between a server and a user without their information. Exploits the real time processing of transactions, conversations, or transfer of other data.

Man-in-the-Middle

Environmental controls

Manage temperature, humidity, and other environmental factors necessary to the health of your computer systems.

Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access?

Mantrap

Layer 2 Tunneling Protocol

Microsoft and Cisco agreed to combine their respective tunneling protocols into one, is a hybrid of PPTP and L2F. information isn't encrypted. L2TP works over IPX, SNA, and IP. Security can be provided by protocols such as IPSec. uses port 1701 and UDP for connections.

Motion detection

Monitors a location and signals an alarm if it picks up movement.

Captive portals

Most public networks, including Wi-Fi hotspots, use a captive portal, which requires users to agree to some condition before they use the network or Internet.

Attacks your system in multiple ways.

Multipartite

Hot and cold aisles

Multiple rows of servers located in racks in server rooms.

Multitenancy

Multitenancy refers to workloads from multiple clients, virtual machines, or services being shared by a hosting server and separated only by logical access policies.

NSA/CSS

National Security Agency/Central Security Service. is an independently functioning part of the NSA. It was created in the early 1970s to help standardize and support Department of Defense (DoD) activities. The NSA/CSS supports all branches of the military.

NFC

Near field communication

Point-to-point

Network communication in which two devices have exclusive access to a network medium.

NTFS

New Technology Filesystem. was introduced with Windows NT to address security problems. Before Windows NT was released, it had become apparent to Microsoft that a new filing system was required to handle growing disk sizes, security concerns, and the need for more file stability. One of the benefits of NTFS was a transaction-tracking system, which made it possible for Windows NT to back out of any disk operations that were in progress when Windows NT crashed or lost power. tracks security in access control lists

The default level of security established for access controls should be which of the following?

No access

NoSQL Database

Non-Relational/Distributed, Dynamic, Stores everything in a single nested document, often in XML format (document-based), Can handle large volumes of structured, semi-structured, and unstructured data, Horizontal scaling, MongoDB, CouchDB, and others, not Susceptible to SQL Injection Attacks but susceptible to similar injection-type attacks

credentialed scanning

Not disrupting operations or consuming too many resources. Definitive list of missing patches. Client-side software vulnerabilities are uncovered. Several other "vulnerabilities"

CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified?

OCSP

Orthogonal Frequency division multiplexing

OFDM accomplishes communication by breaking data into sub signals and transmitting them simultaneously. These transmissions occur on different frequencies or sub bands.

Password attacks

Occur when an account is attacked repeatedly. This is accomplished by using applications known as password crackers, which send possible passwords to the account in a systematic manner.

Perfect forward secrecy

Occurs when a process is unbreakable.

Refers to a location away from the computer center where paper copies and backup media are kept

Offsite Storage

Policy Statement

Once the policy's readers understand its importance, they should be informed about the substance of the policy. A policy statement should be as clear and unambiguous as possible. The policy may be presented in paragraph form, as bulleted lists, or as checklists.

Web security gateways

One of the newest buzzwords, which can be thought of as a proxy server with web protection software built in.

Sniffer

One of the primary tools used for network monitoring and intended primarily for troubleshooting purposes.

Password Authentication Protocol (PAP)

One of the simplest forms of authentication accomplished by sending a username and password to the server and having them verified. Passwords are sent as clear text and, therefore, can be easily seen if intercepted.

Transitive access

One party (A) trusts another party (B); if the second party (B) trusts another party (C), a relationship may exist whereby the third party (C) is trusted by the first party (A). In early operating systems, this process was often exploited.

Continuous security monitoring

Ongoing monitoring that involves regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations.

OCSP

Online Certificate Status Protocol. Mechanism used to verify immediately whether a certificate is valid. New system replacing the CRL process.

Refers to a location on the site of the computer center that is used to store information locally

Onsite Storage

To validate a trust relationship in Windows Server 2012

Open Active Directory Domains and Trusts. Right-click your domain name and choose Properties from the menu. Click the Trusts tab, and select the name of the domain, or forest, that you want to validate. Click Properties. The Properties dialog box for that trust appears. Approximately two-thirds of the way down the dialog box, the Transitivity Of Trust item appears. Click Validate. A confirmation message appears. Click OK. Exit Active Directory Domains and Trusts.

A form of advertising on the World Wide Web

Pop-up

Personal smartphones at work create a potential security risk due to which of the following?

Potential for malware introduction

IPS

Prevents an intrusion from occurring.

Cable locks

Prevents someone from picking up a laptop and walking away with a copy of your customer database.

RPO

Recovery Point Objective It is the maximum targeted period in which data might be lost from an IT service due to a major incident.

RTO

Recovery Time Objective

RTO

Recovery Time Objective is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity

Maximum amount of time that a process or service is allowed to be down and the consequences still considered acceptable

Recovery Time Objectives

Separation of duties policies

Reduce the risk of losses in an organization.

RAID

Redundant Array of Independent (or Inexpensive) Disks

Physical access control policies

Refer to the authorization of access to information facilities.

RDS

Reference Data Set

Device access control

Refers to controlling in an organization that has a mobile device.

Key stretching

Refers to processes used to take a key that might be a bit weak and make it stronger, usually by making it longer.

Redundancy

Refers to systems that either are duplicated or failover to other systems in the event of a malfunction.

maintenance contracts

SLA

equation for Annualized Loss Expectancy

SLE × ARO = ALE

A service that allows email servers to forward emails to other email servers

SMTP Relay

Clients initiate the session, the server responds, and then it negotiates an encryption scheme

SSL

SEP

Scalable Encryption Processing

Secret

Secret information, if disclosed, could cause serious and irreparable damage to defense efforts. Information that is classified as Secret requires special handling, training, and storage.

SET

Secure Electronic Transaction, provides encryption for credit card numbers that can be transmitted over the Internet. Visa and MasterCard developed it. is most suited for transmitting small amounts of data. works in conjunction with an electronic wallet that must be set up in advance of the transaction.

S/MIME

Secure Multipurpose Internet Mail Extensions, is a standard used for encrypting email. S/MIME contains signature data. It uses the PKCS #7 standard (Cryptographic Message Syntax Standard). S/MIME version 3, the current version, is supported by IETF. it uses asymmetric encryption algorithms for confidentiality and digital certificates for authentication.

SAML

Security Assertion Markup Language. An open standard based on XML used for authenticating and authorizing data.

Areas in which access is individually monitored and controlled

Security Zones

Operational security

Security as it relates to how an organization does things (operates).

Which of the following individuals incorporates risk assessment in training programs for the organization's personnel?

Security awareness trainer

Infrastructure security

Security on hardware and software necessary to run your network.

Information security

Security practices applied to information.

Wi-Fi protected access (WPA)

Security protocol developed by the Wi-Fi Alliance to protect wireless networks and surpass what WEP offered. There are two versions, WPA and WPA2, with the latter being full implementation of security features.

Physical security

Security that guards physical aspects of a network.

Anomaly-detection IDS

See AD-IDS.

AP

See Access point.

ARP

See Address Resolution Protocol (ARP).

BGP

See Border Gateway Protocol (BGP).

CPS

See Certificate Practice Statement (CPS).

CRL

See Certificate Revocation List (CRL).

CA

See Certificate authority (CA).

CC

See Common Criteria (CC).

CERT

See Computer Emergency Response Team (CERT).

DLP

See Data Loss Prevention (DLP).

DMZ

See Demilitarized zone (DMZ).

DHCP

See Dynamic Host Configuration Protocol (DHCP).

EAL

See Evaluation Assurance Level (EAL).

EAP

See Extensible Authentication Protocol (EAP).

FTP

See File Transfer Protocol (FTP).

HTTP

See Hypertext Transfer Protocol (HTTP).

HTTPS

See Hypertext Transfer Protocol over SSL.

IEEE

See Institute of Electrical and Electronics Engineers, Inc. (IEEE).

IANA

See Internet Assigned Numbers Authority (IANA).

ICMP

See Internet Control Message Protocol (ICMP).

IETF

See Internet Engineering Task Force (IETF).

IMAP

See Internet Message Access Protocol (IMAP).

IDS

See Intrusion Detection System (IDS).

NSA

See National Security Agency (NSA).

POTS

See Plain old telephone service.

PPP

See Point-to-Point Protocol (PPP).

PPTP

See Point-to-Point Tunneling Protocol (PPTP).

PAT

See Port Address Translation (PAT).

PGP

See Pretty Good Privacy (PGP).

Public key system

See Public Key Infrastructure (PKI).

RADIUS

See Remote authentication dial-in user service (RADIUS).

RC5

See Rivest Cipher 5 (RC5).

RBAC

See Role-based access control (RBAC).

RIP

See Routing Information Protocol (RIP).

SHA

See Secure Hash Algorithm (SHA).

S-HTTP

See Secure Hypertext Transfer Protocol (S-HTTP).

SSH

See Secure Shell (SSH).

SSL

See Secure Sockets Layer (SSL).

SLIP

See Serial Line Internet Protocol (SLIP).

SMTP

See Simple Mail Transfer Protocol (SMTP).

SNMP

See Simple Network Management Protocol (SNMP).

Temporal Key Integrity Protocol (TKIP)

See TKIP.

TCP

See Transmission Control Protocol (TCP).

TCP/IP

See Transmission Control Protocol/Internet Protocol (TCP/IP).

TLS

See Transport Layer Security (TLS).

TFTP

See Trivial File Transfer Protocol (TFTP).

UDP

See User Datagram Protocol (UDP).

WPA

See Wi-FI protected access (WPA).

WEP

See Wired Equivalent Privacy (WEP).

CAC

See common access card (CAC).

Cipher

See cryptographic algorithm.

Integrity

See data integrity.

DAC

See discretionary access control (DAC).

ECC

See elliptic curve cryptography (ECC).

Secret key

See private key.

TPM

See trusted platform module (TPM).

Phishing attacks

Sending an email with a misleading link to collect information.

Bluejacking

Sending of unsolicited messages (think spam) over a Bluetooth connection.

Transmission

Sending packets from a PC to a server. It can occur over a network cable, wireless connection, or other medium.

Password Authentication Protocol (PAP)

Sends the username and password to the authentication server in plain text.

SLA

Service-Level Agreement. defines the level of service to be provided.

Load balancing

Shifting a load from one device to another.

Windows Components

Should be removed from systems not needing the component

Watching a user enter sensitive data

Shoulder Surfing

All X.509 certificates have the following

Signature, which is the primary purpose for the certificate Version Serial number Signature algorithm ID Issuer name Validity period Subject name Subject public-key information Issuer unique identifier (relevant for versions 2 and 3 only) Subject unique identifier (relevant for versions 2 and 3 only) Extensions (in version 3 only)

SLE

Single Loss Expectancy

Which device monitors network traffic in a passive manner?

Sniffer

Rummaging through files for information

Snooping

Unauthorized rummaging through files.

Snooping

Virtual private network (VPN)

System that uses the public Internet as a backbone for a private interconnection (network) between locations.

Access control

Systems must operate in controlled environments in order to be secure. These environments must be, as much as possible, safe from intrusion.

Thin client

Systems that don't provide any disk storage or removable media on their workstations.

POP3

TCP 110

NNTP

TCP 119

NTP

TCP 123

NETBIOS datagram service

TCP 138

NETBIOS session service

TCP 139

IMAP

TCP 143

H.323

TCP 1720

PPTP

TCP 1723

BGP

TCP 179

FTP - data

TCP 20

FTP - control

TCP 21

SSH

TCP 22

Telnet

TCP 23

SMTP

TCP 25

LDAP

TCP 389

HTTPS

TCP 443

SSL/TLS

TCP 443

SMB

TCP 445

HTTP

TCP 80

File Transfer Protocol (FTP)

TCP/IP and software that permits transferring files between computer systems and utilizes clear-text passwords.

Merges the Secure Sockets Layer with other protocols to provide encryption

TLS

Which of the following protocols allows applications to communicate across a network in a way designed to prevent eavesdropping and message forgery.

TLS

Ransomware

Takes control of a system and demand that a third party be paid.

causes of compromised security

Technology weaknesses Configuration weaknesses Policy weaknesses Human error or malice

Standards

Tell people what is expected

802.11n

The 802.11n standard is one of the most popular today. It can operate in both the 5 GHz and the 2.4 GHz (for compatibility) ranges. Under the right conditions, it can reach speeds of 600 Mbps, but actual speeds are much slower. The advantage of this standard is that it offers higher speed and a frequency that does not have as much interference.

802.1X

The IEEE standard that defines port-based security for wireless network access control. It offers a means of authentication and defines the Extensible Authentication Protocol (EAP) over IEEE 802, and it is often known as EAP over LAN (EAPOL).

X.500

The International Telecommunications Union (ITU) standard for directory services in the late 1980s. The standard was the basis for later models of the directory structure, such as Lightweight Directory Access Protocol (LDAP).

Availability

The ability of a resource to be accessed, often expressed as a time period. Many networks limit users' ability to access network resources to working hours, as a security precaution.

Disaster recovery

The ability to recover data after a disaster.

Fault tolerance

The ability to withstand a fault (failure) without losing data.

Dictionary attack

The act of attempting to crack passwords by testing them against a list of dictionary words.

Notification

The act of being alerted to an event.

Anomaly detection

The act of looking for variations from normal operations (anomalies) and reacting to them.

Escalation

The act of moving something up in priority. Often, when an incident is escalated, it's brought to the attention of the next-highest supervisor. See privilege escalation.

Detection

The act of noticing an irregularity as it occurs.

Fire suppression

The act of stopping a fire and preventing it from spreading.

MAC address

The address that is either assigned to a network card or burned into the network interface card (NIC). PCs use MAC addresses to keep track of one another and keep each other separate.

BIOS

The basic input/output system for an IBM-based PC. It is a firmware that allows a computer to boot.

Radio frequency interference (RFI)

The byproduct of electrical processes, similar to electromagnetic interference. The major difference is that RFI is usually projected across a radio spectrum.

According to NIST, Platform as a Service (PaaS) is defined as

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possible configuration settings for the application-hosting environment.

Simple Network Management Protocol (SNMP)

The management protocol created for sending information about the health of the network-to-network management consoles.

Access control

The means of giving or restricting user access to network resources. Access control is usually accomplished through the use of an access control list (ACL).

Mean time between failure (MTBF)

The measure of the anticipated incidence of failure of a system or component.

Spear phishing

The message is made to look as if it came from someone you know and trust as opposed to an informal third party.

MD5

The newest version of the algorithm which produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security.

When going with a public cloud delivery model, who is accountable for security and privacy of the outsourced service?

The organization

Your organization's training and educational programs need to be tailored for at least three different audiences:

The organization as a whole (the so-called rank and file employees) Management Technical staff

Radio frequency (RF)

The part of the radio spectrum that a device uses.

Access point (AP)

The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).

Accountability Statement

The policy should address who (usually expressed as a position, not the actual name of an individual) is responsible for ensuring that the policy is enforced. The accountability statement provides additional information to the reader about who to contact if a problem is discovered. It should also indicate the consequences of not complying with the policy.

Hardening

The process of making an entity, usually an operating system, more secure by closing known holes and addressing known security issues.

Sandboxing

The process of setting aside memory area for running applications in their own memory space.

Footprinting

The process of systematically identifying the network and its security posture. This is typically a passive process.

Default gateway

The router to which all packets are sent when the workstation doesn't know where the destination station is or when it can't find the destination station on the local segment.

Steganography

The science of hiding information within other information, such as an image. The most common way this is done today is called the least significant bit (lsb) method. If you changed the very last bit (the least significant bit in each byte), then that would not make a noticeable change in the image.

Biometrics

The science of identifying a person by using one or more of their features. The feature can be a thumbprint, a retinal scan, or any other biological trait.

Data Link layer

The second layer of the Open Systems Interconnection (OSI) model that transfers data between adjacent nodes on a network.

Application layer

The seventh layer of the Open Systems Interconnection (OSI) model, which deals with how applications access the network and describes application functionality, such as file transfer, messaging, and so on.

International Organization for Standardization (ISO)

The standards organization that developed the Open Systems Interconnection (OSI) model. This model provides a guideline for how communications occur between computers.

Code escrow

The storage and conditions for release of source code provided by a vendor, partner, or other party.

Watering hole attack

The strategy an attacker takes to identify a site that is visited by those they are targeting, poisoning that site, and then waiting for the results.

Change management

The structured approach followed to modify individuals or teams for securing a company's assets.

Cryptanalysis

The study and practice of finding weaknesses in ciphers. The study of how to break cryptographic algorithms.

Multifactor

The term employed anytime more than one factor must be considered.

White box

The tester has significant knowledge of your system that simulates an attack from an insider - a rogue employee.

Administrator

The user who is accountable and responsible for the network.

Latency

The wait time between the call for an action or activity and the actual execution of that action.

black list

They are lists of things that are prohibited.

RAID 1+0 (or 10)

This RAID level is a mirrored data set (RAID 1), which is then striped (RAID 0), which is the reason for the "1+0" name. Think of it as a "stripe of mirrors." A RAID 1+0 array requires a minimum of four drives: two mirrored drives to hold half of the striped data, plus another two mirrored drives for the other half of the data.

RAID 0+1

This RAID level is the opposite or RAID 1+0. Here, the stripes are mirrored (think of it as a "mirror of the stripes"). A RAID 0+1 array requires a minimum of four drives: two mirrored drives to replicate the data on the RAID 0 array.

Sensitive but Unclassified

This classification is used for low-level security. It indicates that disclosure of this information might cause harm but wouldn't injure national defense efforts.

Confidential

This classification is used to identify low-level secrets; it's generally the lowest level of classification used by the military. It's used extensively to prevent access to sensitive information.

Unclassified

This classification is used to indicate that the information poses no risk of potential loss due to disclosure. Anybody can gain access to this category of information.

Big Data

This data normally cannot fit on a single server, and it is instead stored on a storage area network (SAN)

out-of-band authentication

This is a process whereby the system you are authenticating gets information from public records and asks you questions to help authenticate you.

Related Key Attack

This is like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys.

The Patriot Act

This law gives the U.S. government extreme latitude in pursuing criminals who commit terrorist acts.

Application Log

This log contains various events logged by applications or programs.

/var/log/apport.log

This log records application crashes.

Continuous monitoring

This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations.

Information Flow Model

This model is concerned with the properties of information flow, not only its direction of flow.

Non-interference Model

This model is intended to ensure that higher-level security functions don't interfere with lower-level functions. It prevents a lower-level user from being able to deduce what changes are made to the system.

relational database

This model organizes data into one or more tables (or "relations") of columns and rows, with a unique key identifying each row. Rows are also called records or tuples. Virtually all relational database systems use SQL (Structured Query Language) as the language for querying and maintaining the database.

Remote Registry service

This service is used to allow technical support personnel to access that system's Registry remotely. The service can be quite useful in some situations, but it can also function as a means for an attacker to get into your system. If you don't need it, turn it off.

Account Lockout Threshold

This setting determines how many incorrect attempts a user can give before the account is locked. In Windows, this value can range from 0 to 999 failed attempts. If it is set at 0, the account will never be locked out.

ROT13

This simple algorithm rotates every letter 13 places in the alphabet. One of the easiest ways to solve rot13 text messages is to take a sheet of paper and write the letters from A to M in one column and from N to Z in a second. To decipher, replace the letter in the encrypted message with the one that appears beside it in the other column.

Performance Monitor

This utility can be used to examine activity on any counter. One of the best tools to use when looking for possible illicit activity on a workstation

Reset Account Lockout Counter After

This value specifies the number of minutes to wait between counting failed login attempts that are part of the same batch of attempts.

Critical business functions (CBFs)

Those processes or systems that must be made operational immediately when an outage occurs.

Lockout

To be able to access the system, after a certain number of attempts, the user should not be allowed to attempt any additional logons.

Hardware-Based Encryption Devices

Trusted Platform Module (TPM), HSM (Hardware Security Module)

Back Orifice and NetBus

Two popular tools that exist to create backdoor attacks on Windows based systems

Mobile devices

Use either RF signaling or cellular technologies for communication.

Media Access Control (MAC)

Used to identify hardware network devices such as a network interface card (NIC).

Bcrypt

Used with passwords, and uses a derivation of the Blowfish algorithm, converted to a hashing algorithm, to hash a password and add salt to it.

SFTP (Secure File Transfer Protocol)

Uses Secure Shell (SSH) via port 22 to transfer files.

HMAC-Based One-Time Password (HOTP)

Uses a Hash Message Authentication Code (HMAC) algorithm to create unique passwords.

HOTP

Uses a Hash Message Authentication Code (HMAC) algorithm.

TOTP

Uses a time-based factor to create unique passwords.

Time-Based One-Time Password (TOTP)

Uses a time-based factor to create unique passwords.

Credentialed

Uses actual network credentials to connect to systems and scan for vulnerabilities.

Heuristic

Uses algorithms to analyze the traffic passing through the network.

Header manipulation

Uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access.

Multifactor authentication

Uses two or more processes for logon like smart cards and biometrics.

Two-factor authentication

Using two access methods as a part of the authentication process.

Brute-Force Attacks

can be accomplished by applying every possible combination of characters that could be the key.

web security gateway

can be thought of as a proxy server (performing proxy and caching functions) with web protection software built in. Depending on the vendor, the "web protection" can range from a standard virus scanner on incoming packets to monitoring outgoing user traffic for red flags as well.

Trusted Platform Module (TPM)

can be used to assist with hash key generation. TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. It can also be used to generate values used with whole disk encryption such as BitLocker.

whatis utility (Linux)

can show if there is more than one set of documentation on the system for the utility

hybrid trust model

can use the capabilities of any or all of the structures, bridge, mesh, hieerarchical

Replay attacks

capturing portions of a session to play back later to convince a host that it is still talking to the original connection.

CSR

certificate-signing request, A request formatted for the CA. This request will have the public key you wish to use and your fully distinguished name (often a domain name). The CA will then use this to process your request for a digital certificate.

single sided

certificates used to authenticate only the client

dual sided

certificates used to authenticate the client and server

header manipulation

change values in HTTP headers and falsify access

configure a pop-up blocker in Internet Explorer

choose Tools > Internet Options > Privacy > Settings.

CCTV

closed-circuit television

TEMPEST shielding protection

concerned with reducing electronic noise from devices that would divulge intelligence about systems and information. TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.

CMDB

configuration management database

InPrivate Filtering

configure the browser not to share information that can be captured and manipulated.

Risk transferrence

contrary to what the name may imply, does not mean that you shift the risk completely to another entity. What you do instead is share some of the burden of the risk with someone else, such as an insurance company. A typical policy would pay you a cash amount if all the steps were in place to reduce risk and your system was still harmed.

Technical control

controls implemented through technology. They may be deterrent, preventive, detective, or compensating (but not administrative), and include such things as firewalls, IDS, IPS, and such. often implemented because Not trusting that the administrative controls will do the job without fail

Type K fire extinguisher

cooking oil fires can also be found in stores. In actuality, this is a subset of class B extinguishers.

WPA

couples the RC4 encryption algorithm with TKIP

Layer 2 Forwarding

created by Cisco as a method of creating tunnels primarily for dial-up connections. It's similar in capability to PPP and shouldn't be used over WANs. L2F provides authentication, but it doesn't provide encryption. L2F uses port 1701 and TCP for connections.

circuit-level proxy

creates a circuit between the client and the server and doesn't deal with the contents of the packets that are being processed.

XSRF

cross-site request forgery

XSS

cross-site scripting

Privacy policies

define what controls are required to implement and maintain the sanctity of data privacy in the work environment.

job rotation policy

defines intervals at which employees must rotate through positions.

work factor

describes an estimate of the amount of time and effort that would be needed to break a system.

omnidirectional antenna

designed to provide a 360-degree pattern and an even signal in all directions

account policy

determines the security parameters regarding who can and cannot access the system.

DAS

direct attached storage

An attack when a hacker injects statements that enable access to directories outside of those normally permitted by the application is

directory traversal

cloaking

disable, or turn off, the SSID broadcast

interoperability agreements

documents that define how the two organizations' systems will interoperate and what the minimum requirements and expectations are.

Elasticity

dynamically provisioning (or de-provisioning) resources as needed

Van Eck phreaking

eavesdrop on CRT and LCD displays by detecting their electromagnetic emissions.

Type C fire extinguisher

electrical, uses nonconductive chemicals

EMI

electromagnetic interference

Incident response

encompasses forensics and refers to the process of identifying, investigating, repairing, documenting, and adjusting procedures to prevent another incident.

Forward secrecy

ensures that if one key is compromised, subsequent keys will not also be compromised.

Backup Server Method

establishes a server with large amounts of disk space whose sole purpose is to back up data. With the right software, a dedicated server can examine and copy all the files that have been altered every day. Backup servers don't need overly large processors; however, they must have large disk and other long-term storage media capabilities.

risk assessment

evaluating the risk or likelihood of a loss

design review

examines the ports and protocols used, the rules, segmentation, and access control.

mesh trust model

expands the concepts of the bridge model by supporting multiple paths and multiple root CAs. major disadvantage of a mesh is that each root CA must be trustworthy in order to maintain security.

WPA2

favors Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES.

/var/log/messages

find login-related entries

Type B fire extinguisher

flammable liquids, uses fire retardant chemicals

Type D fire extinguisher

flammable metals, varies

deception active response

fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.

directional antenna

forces the signal in one direction, and since it is focusing the signal, it can cover a greater distance with a stronger signal.

Trust models used in PKI implementations

four main types that are used are bridge, hierarchical, hybrid, and mesh.

Generic Account Prohibition

get rid of guest accounts

deterrent

guards with cameras

application-aware device

has the ability to respond to traffic based on what is there

disaster-recovery plan

helps an organization respond effectively when a disaster occurs. involves the access and storage of information.

C$, admin$

hidden administrative shares

uses ports 860 and 3260, by default

iSCSI

backup plan

identifies which information is to be stored, how it will be stored, and for what duration it will be stored

implicit deny

if the proviso in question has not been explicitly granted, then access is denied.

Shunning

ignoring an attack

Key exchange

in-band key exchange and out-of-band key exchange

IV

initialization vector

IM

instant messaging

End-Entity Certificate

is issued by a certificate authority (CA) to an end entity. An end entity is a system that doesn't issue certificates but merely uses them.

CA Certificate

is issued by one CA to another CA. The second CA can, in turn, issue certificates to an end entity.

NoSQL

is not a relational database and does not use SQL, often used where scaling is important.

event

is often an IDS-triggered signal. Operations personnel will determine if an event becomes an incident.

client-side attack

is one that targets vulnerabilities in client applications that interact with a malicious server.

sensor

is the IDS component that collects data from the data source and passes it to the analyzer for analysis.

Disaster recovery

is the ability to recover system operations after a disaster.

analyzer

is the component or process that analyzes the data collected by the sensor. It looks for suspicious activity among all the data collected.

manager

is the component or process the operator uses to manage the IDS

operator

is the person primarily responsible for the IDS

administrator

is the person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS. The administrator should make decisions regarding alarm levels, historical logging, and session-monitoring capabilities. They're also responsible for determining the appropriate responses to attacks and ensuring that those responses are carried out.

electronic watermarking

is the process of hiding digital information in an image

Data Source

is the raw information that the IDS uses to detect suspicious activity.

Public-Key Infrastructure X.509

is the working group formed by the IETF to develop standards and models for the PKI environment. The X.509 standard defines the certificate formats and fields for public keys. It also defines the procedures that should be used to distribute public keys. The X.509 version 2 certificate is still used as the primary method of issuing Certificate Revocation List (CRL) certificates. The current version of X.509 certificates is version 3, and it comes in two basic types: End-Entity Certificate: The most common is the end-entity certificate, which is issued by a certificate authority (CA) to an end entity. An end entity is a system that doesn't issue certificates but merely uses them. CA Certificate: The CA certificate is issued by one CA to another CA. The second CA can, in turn, issue certificates to an end entity.

Hyper-V, from Microsoft

is usually free (depending on the implementation) but definitely not open source (proprietary).

verbal NDA

is valid for only one year

IPSec

isn't a tunneling protocol, but it's used in conjunction with tunneling protocols. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security. IPSec can work in either Tunneling mode or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload.

Internet Protocol Security (IPSec)

isn't a tunneling protocol, but it's used in conjunction with tunneling protocols. IPSec provides secure authentication and encryption of data and headers; which makes it a good choice for security. IPSec can work in either Tunneling mode or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload.

Three-Tier Model

isolates the end user from the database by introducing a middle-tier server. This server accepts requests from clients, evaluates them, and then sends them on to the database server for processing. The database server sends the data back to the middle-tier server, which then sends the data to the client system.

Differential Backup

it backs up any files that have been altered since the last full backup; it makes duplicate copies of files that haven't changed since the last differential backup.

JFS

journaled file system, includes a log file of all changes and transactions that have occurred within a set period of time

Physical tokens

key FOBs like SecurID, from RSA

KDC

key distribution center, used in Kerberos, authenticates the principal (which can be a user, a program, or a system) and provides it with a ticket. After this ticket is issued, it can be used to authenticate against other principals.

Key escrow is a method of:

key recovery

federated identity

linking a user's identity with their privileges in a manner that can be used across business boundaries

whereis utility (Linux)

lists all the information it can find about locations associated with a file.

Anomaly-Detection IDS

looks for anomalies, meaning it looks for things outside of the ordinary.

Behavior-Based-Detection IDS

looks for deviations in behavior

Stateless firewalls

make decisions based on the data that comes in—the packet, for example—and not based on any complex decisions.

certificate authorities (CAs)

manage public keys and issue certificates verifying the validity of a sender's message.

MD-IDS

misuse-detection IDS

Data loss prevention (DLP) systems

monitor the contents of workstations, servers and networks to ensure protection of sensitive data against loss, misuse, and unauthorized access.

Clustering

multiple systems connected together cooperatively and networked in such a way that if any of the systems fail, the other systems take up the slack and continue to operate

Technical staff security awareness training program

needs special knowledge about the methods, implementations, and capabilities of the systems used to manage security.

NAS

network area storage

NOS

network operating system

NIDS

network-based IDS

Network bridging

occurs when a device has more than one network adapter card installed and the opportunity presents itself for a user on one of the networks to which the device is attached to jump to the other. To prevent network bridging, you can configure your network such that when bridging is detected, you shut off/disable that jack. You can also create profiles that allow for only one interface.

UPN

user principal name. is referred to as a friendly name. It consists of the user account and the user's domain name and is used to identify the user (think of an e-mail address).

Heuristic IDS

uses algorithms to analyze the traffic passing through the network. As a general rule, heuristic systems require more tweaking and fine-tuning than the other types of detection systems to prevent false positives in your network.

apropos utility (Linux)

uses the whatis database to find values and returns the short summary information.

architectural approach

using a control framework to focus on the foundational infrastructure.

/var/log/lastlog

view a list of all users and when they last logged in

/var/log/faillog

view a list of users' failed authentication attempts

active/active model

warm site

reciprocal site

warm site

Enigma machine

was essentially a typewriter that implemented a multi-alphabet substitution cipher.

WAF

web application firewall

WAF

web application firewall. is a real-time appliance that applies a set of rules to block traffic to and from web servers and to try to prevent attacks. Operating at the highest level of the OSI model

Key clustering

when multiple processors or load balancers are used for cryptographic services. the same ciphertext generated from the same plaintext using two different keys

cloud bursting

when your servers become too busy, you offload traffic to resources from a cloud provider.

Transitioning

with a business partner occurs either during the on-boarding or off-boarding of a business partner. Both the initialization and the termination of a close business relationship have serious security issues.

Type A fire extinguisher

wood and paper, uses water or chemical for extinguishing

Shadow copies

working copies

multitenant

workloads from different clients can be on the same system, and a flaw in implementation could compromise security.

Port security

works at level 2 of the OSI model and allows an administrator to configure switch ports so that only certain MAC addresses can use the port. MAC Limiting and Filtering 802.1X: port authentication Unused Ports: should be disabled.

content inspection

works by looking at the data coming in

Full Archival Method

works on the assumption that any information created on any system is stored forever.

evercookie

writes data to multiple locations to make it next to impossible ever to remove it completely

Parallel Test

you start up all backup systems but leave the main systems functioning.

Triple-DES (3DES)

A symmetric block cipher algorithm used for encryption.

Wireless technologies

Technologies employing wireless communications.

TwoFish

A symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits.

Telephony

A technology related with the electronic transmission of data between distant parties.

In-band key exchange

Key is exchanged within the same communication channel that is going to be encrypted.

Data Loss Prevention (DLP)

Monitors contents of systems to ensure that key content is not deleted or removed.

Roles and responsibilities

Outlines who is responsible for implementing, monitoring, and maintaining the standard

Preserves privacy using both symmetrical and asymmetrical encryption.

PGP

transport mode encryption

encrypts only the payload

National Security Agency (NSA)

Chartered in 1952; responsible for creating codes, breaking codes, and coding systems for the U.S. government.

Full backup

A backup that copies all data to the archive medium.

Honeypot (also known as Honey pot)

A bogus system set up to attract and slow down a hacker. A honeypot can also be used to learn of the hacking techniques and methods that hackers employ.

Exposure factor (EF)

A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack, the exposure factor is 100 percent.

Denial of Service (DoS) attack

A type of attack that prevents any users—even legitimate ones—from using a system.

Incremental backup

A type of backup in which only new files or files that have changed since the last full backup or the last incremental backup are included. Incremental backups clear the archive bit on files upon their completion.

Differential backup

A type of backup that includes only new files or files that have changed since the last full backup. Differential backups differ from incremental backups in that they don't clear the archive bit upon their completion.

Proxy server

A type of server that makes a single Internet connection and services requests on behalf of many users.

You need to encrypt your hard drive. Which of the following is the BEST choice?

AES

equation for SLE

AV x EF = SLE

Risk mitigation

Accomplished any time you take steps to reduce risk.

Brute force

Accomplished by applying every possible combination of characters that could be the key.

Group based privileges

Acquired as a result of belonging to a group.

Firewall rules

Act like ACLs and used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule's criteria: Block the connection. Allow the connection. Allow the connection only if it is secured.

Acceptable use policy (AUP)

Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access. describe how the employees in an organization can use company systems and resources, both software and hardware. This policy should also outline the consequences for misuse.

Alerts

Alerts are issues to which you need to pay attention but are not about to bring the system down at any moment.

Snapshots

Allow to take an image of a system at a particular point of time. Snapshots contain a copy of the virtual machine settings (hardware configuration), information on all virtual disks attached, and the memory state of the machine at the time of the snapshot. Snapshots can also be used for virtual machine cloning

Power level controls

Allow you to reduce the amount of output provided.

Geo-tagging

Allows GPS coordinates to accompany a file such as an image.

TACACS+

Allows credentials to be accepted from multiple methods, including Kerberos.

DNS

Allows hosts to resolve hostnames to an Internet Protocol (IP) address.

Credential management

Allows usernames and passwords to be stored in one location and then used to access websites and other computers.

Vulnerability scanning

Allows you to identify specific vulnerabilities in your network, and most penetration testers will start with this procedure so that they can identify likely targets to attack.

Datagram

An OSI layer 3, User Datagram Protocol (UDP) packet descriptor.

ABA

American Bankers Association

Border Gateway Protocol (BGP)

An ISP protocol that allows routers to share information about routes with each other.

Application programming interface (API)

An abstract interface to services and protocols provided by an operating system.

Key generation

An act of creating keys for use by users.

Penetration

An act of gaining access.

Typo squatting/URL hijacking

An act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.

Tunneling

An act of sending data across a public network by encapsulating it into other packets.

Auditing

An act of tracking resource usage by users.

Cross-site scripting

An attacker uses a client-side scripting language to trick a user who visits the site into having code execute locally.

Spoofing attack

An attempt by someone or something to masquerade as someone else. This type of attack is usually considered an access attack.

Extensible Authentication Protocol (EAP)

An authentication protocol used in wireless networks and point-to-point connections.

Full distribution

An information classification stating that the data so classified is available to anyone.

Security audit

An integral part of continuous security monitoring. It can be a check of any aspect of your security.

Sniffing

Analyzing data to look for passwords and anything else of value. It is also known as wiretapping, eavesdropping, and a number of other terms (packet sniffing, network sniffing, and so on).

ALE

Annualized Loss Expectancy

ARO

Annualized rate of occurrence

AD-IDS

Anomaly-detection intrusion detection system. An AD-IDS works by looking for deviations from a pattern of normal network traffic.

Ghost Rat

Another successful Trojan of recent years. the "Rat" stands for Remote Administration Tool which exploited the remote administration feature in Windows-based operating systems and allowed attackers to record audio and video remotely.

Replay attack

Any attack where data is transmitted repeatedly (often fraudulently or maliciously). In one such possibility, a user can replay a web session and visit sites intended only for the original user.

Malicious code

Any code that is meant to do harm.

meme

Any concept that spreads quickly through the Internet

Event

Any noticeable action or occurrence.

AV

Asset Value

Confidentiality

Assurance that data remains private and no one sees it except for those expected to see it.

Password guessing

Attempting to enter a password by guessing its value.

Which of the following are provided by digital signatures?

Authentication and identification

Anonymous authentication

Authentication that doesn't require a user to provide a username, password, or any other identification before accessing resources.

Principles Behind Social Engineering

Authority, Intimidation, Consensus/Social Proof, Scarcity, Urgency, Familiarity/Liking, Trust, reciprocation

ASR

Automated System Recovery, a utility for creating a copy of the configuration settings necessary to reach the present state after a disaster.

MTTF

Average time to failure for a nonrepairable system.

What document describes how a CA issues certificates and for what they are used?

Certificate policies

Storage segmentation

By segmenting a mobile device's storage, you can keep work data separate from personal or operating system data.

Attacker convinces an insider that he is communicating with someone trusted

Caller ID Spoofing

Clustering

Connect multiple computers to work/act together as a single server. type of system utilizes parallel processing (improving performance and availability) and adds redundancy

Smart card

Contains a small amount of memory used to store permissions and access information and used for access control and security purposes.

Physical access control

Control access measures used to restrict physical access to the server(s).

Technical

Controls implemented through technology.

Decypher

Convert from encrypted to decrypted

Backup

Duplicate copies of key information, ideally stored in a location other than the one where the information is stored currently.

Challenge Handshake Authentication Protocol (CHAP)

During initial authentication, the connecting machine is asked to generate a random number (usually hash) and send it to the server. CHAP is designed to stop man-in-the-middle attacks.

Overhearing conversations on network traffic

Eavesdropping

Unauthorized listening in on network traffic.

Eavesdropping

Used for transmitting digital signatures and key exchanges

El Gamal

Used in several integer factorization algorithms

Elliptic Curve Cryptography

ECC-DH

Elliptic Curve Diffie-Hellman

ECDHE

Elliptic Curve Diffie-Hellman with an ephemeral key.

ECC-DSA

Elliptic Curve Digital Signature Algorithm

BYOD

Employees bringing their personal devices into the corporate network environment.

Transport encryption

Encryption can be done in either tunneling or transport mode. In transport encryption, only the payload is encrypted.

Asymmetric encryption

Encryption in which two keys must be used to encrypt and decrypt data.

Secure LDAP

Encrypts all LDAP communications with SSL/TLS.

EF

Exposure factor

FHSS

Frequency-hopping spread spectrum

hard drive encryption

Full disk encryption

GPG

GNU Privacy Guard, An alternative to PGP and is also a part of the GNU project by the Free Software Foundation.

A part of the GNU project and considered a hybrid program.

GPG

Bluesnarfing

Gaining of unauthorized access through a Bluetooth connection.

Least Privilege

Give users only the permissions they need to do their work and no more.

least privilege policy

Give users only the permissions they need to do their work and no more.

In which cloud service model can a consumer "provision" and "deploy and run"?

IaaS

Log analysis

Identifies security problems.

Application white-listing

Identifies what applications are approved and accepted on your network.

Due care policies

Identify the level of care for maintaining confidentiality of private information.

desensitizing

If RF levels become too high, it can cause the receivers in wireless units to become deaf.

rogueware

If scareware convinces them to pay money for protection from a fake threat

orphanware

In recent years, a number of software companies have been forced to close their doors because of trying economic times. In many cases, the software they sold has become orphanware—existing without support of any type.

Environments

Include considerations about water and flood damage as well as fire suppression.

Discretionary access control

Incorporates flexibility and allows users to share information dynamically with other users.

Fencing

Increases physical security and safety.

Active response

Involves taking an action based on an attack or threat.

ISOC

Internet Society

at.allow is an access control that allows only specific users to use the service. What is at.deny?

It does not allow users named in the file to access the system.

Biba Model

It is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.

ElGamal

It is an asymmetric algorithm. It uses what is called an ephemeral key. An ephemeral key is simply a key that exists only for that session. Essentially, the algorithm creates a key to use for that single communication session and it is not used again.

hash function

It must be one-way. This means that it is not reversible. Once you hash something, you cannot unhash it. Variable-length input produces fixed-length output. This means that whether you hash two characters or two million, the hash size is the same. The algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.

Bell-LaPadula Model

It prevents unauthorized access to classified information. It prevents information from being written to a lower level of security.

Which of the following statements is true of IDEA (International Data Encryption Algorithm)?

It uses a 128-bit key to operate on 64-bit plaintext blocks in eight iterations.

A compromised password hashing function used to store user passwords

LANMAN

Which organization can be used to identify an individual for certificate issue in a PKI environment?

LRA

var/log/faillog

Linux log file contains failed user logins.

Physically contain an unauthorized, potentially hostile intruder until authorities arrive

Mantraps

Recovery time objective

Maximum amount of time that a process or service is allowed to be down and consequences still be considered acceptable.

MTBF

Mean Time between Failures

Measure of the anticipated incidence of failure for a system or component

Mean Time between Failures

MTTR

Mean Time to Restore

Measurement of how long it takes to repair a system or component once a failure occurs

Mean Time to Restore

MTTR

Mean time to repair

Authentication

Means of verifying that someone is who they say they are.

Mean time to repair (MTTR)

Measurement of how long it takes to repair a system or component once a failure occurs.

High availability

Measures used to keep services and systems operational during an outage.

MOU

Memorandum of Understanding. A brief summary of which party is responsible for what portion of the work.

The successor to the authentication protocol in Microsoft LAN Manager

NTLM

NIST

National Institute of Standards and Technology

NIST

National Institute of Standards and Technology. very involved in cryptography standards, systems, and technology

PTZ

Pan, Tilt, and Zoom on cameras

PBKDF2

Part of PKCS #5 v.2.01 that applies some function to the password or passphrase along with Salt to produce a derived keys.

Allows information and property to be kept under physical lock and key

Partitioning

Repeatedly attacking an account. A technique used by attackers to crack passwords.

Password-Guessing

PIV

Personal Identity Verification

Based upon the design principles used in MD4

RIPEMD

Used for both encryption and digital signatures

RSA

Which of the following encryption techniques do digital signatures use?

RSA

Which of the following is the MOST widely used asymmetric algorithm today?

RSA

RSA

RSA algorithm is an early public-key encryption system that uses large integers as the basis for the process.

SCT

Security control testing

Attempts to avoid detection by masking themselves.

Stealth

Passively testing security controls

Test the security controls without doing any actual harm.

Big Data analysis

Testing of data that is too large to be dealt with by traditional database management means.

802.11i

The 802.11i standard provides for security enhancements to the wireless standard with particular focus on authentication. The standard is often referenced as WPA2, the name given it by the Wi-Fi Alliance.

Top Secret

The Top Secret classification is the highest classification level. There are rumored to be higher levels of classification, but the names of those classifications are themselves classified Top Secret. Releasing information that is classified as Top Secret poses a grave threat to national security, and therefore it must not be compromised.

bare metal

The Type I hypervisor model

hosted

The Type II hypervisor model

Journaling

The ability of a filesystem to use a log file of all changes and transactions that have occurred within a set period of time (for e.g., the last few hours).

Escape routes

The aforementioned escape plan and drills should direct employees to safety via an escape route.

Block cipher

The algorithm works on chunks of data - encrypting one and then moving to the next.

Uptime

The amount of time a particular computer or network component has been functional.

Risk acceptance

The choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition.

Fixed systems

The most common fixed systems combine fire detectors with fire-suppression systems, where the detectors usually trigger either because of a rapid temperature change or because of excessive smoke.

Electromagnetic interference (EMI)

The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable.

Symmetrical keys

The keys used when the same key encrypts and decrypts data.

Chain of custody

The log of the history of evidence that has been collected.

host

The machine on which virtualization software is running

Security Log

The most important things that you will find in the security log are successful and unsuccessful logon attempts. This log also records events related to resource use, such as creating, opening, or deleting files or other objects.

Internet layer

The network layer responsible for routing, IP addressing, and packaging.

Volume

The portion of a hard disk that functions as if it were a separate hard disk.

Database

The primary tool for data management.

Annualized rate of occurrence (ARO)

The probability of an event occurring within a year.

OS hardening

The process of applying all security patches and fixes to an operating system to make it as secure as possible.

Internet Protocol (IP)

The protocol in the TCP/IP suite responsible for network addressing. See Transmission Control Protocol/Internet Protocol (TCP/IP).

Data source

The raw information that the IDS uses to detect suspicious activity.

Proximity reader

The readers work with 13.56 MHz smart cards and 125 kHz proximity cards

PASS method

The recommended procedure for using a fire extinguisher, pull, aim, squeeze, and sweep.

Mandatory vacations

Time required by users to take away from work to refresh. Managerial uses for detecting fraud.

Drills

To make certain not only that employees know the escape plan(s) but that it also works, drills should be conducted on a regular basis.

Signal

Transmission from one PC to another. A signal could be a notification to start a session or end a session.

Key transmission

Transmitting private keys is a major concern. Private keys are transported using out-of-band methods to ensure security.

Involves scrambling the letters in a certain manner

Transposition Ciphers

ARP poisoning

Tries to convince a network that the attacker's MAC address is the one associated with an IP address so that traffic sent to that IP address is wrongly sent to the attacker's machine.

TCSEC

Trusted Computer Systems Evaluation Criteria, replaced by EAL

Hoax

Typically an email message warning of something that isn't true, such as the outbreak of a new virus. The hoax can send users into a panic and cause more harm than the virus. Falsely sounding an alarm is a type of hoax.

SNMP agent

UDP 161

SNMP management station

UDP 162

SNMP trap

UDP 162

L2TP

UDP 1701

IKE/ISAKMP

UDP 500

RIPv1 & RIPv2

UDP 520

RIP next generation

UDP 521

BOOTP server

UDP 67

DHCP

UDP 67

BOOTP client

UDP 68

TFTP

UDP 69

Detective

Uncovers a violation.

URL

Uniform Resource Locator (URL).

Spam

Unwanted, unsolicited email sent in bulk.

NetBIOS

Used for name resolution and registration in Windows-based environments.

Barricades

Used in conjunction with guards, fencing, and other physical security measures to stop someone from entering a facility.

Provides computer systems and compatible media capabilities

Warm Site

Deterrent

Warns a would-be attacker that they should not attack.

Shoulder surfing

Watching someone when they enter their username/password/sensitive data.

Threat vectors

Ways in which an attacker poses a threat.

Extranet

Web (or similar) services set up in a private network to be accessed internally and by selecting external entities, such as vendors and suppliers.

Intranet

Web (or similar) services set up in a private network to be accessed internally only.

Risk calculation

Weighs a potential threat against the likelihood or probability of it occurring.

Zero-day exploit

When a hole is found in a web browser or other software and attackers begin exploiting it the very day, it is known as a zero-day exploit.

domain name kiting

When a new domain name is issued, there is a five-day grace period before you must technically pay for it. Those engaged in kiting can delete the account within the five days and re-register it—allowing them to have accounts that they never have to pay for.

Order of volatility

When dealing with multiple issues, address them in order of volatility (OOV).

XaaS

When multiple models are mixed together, this is referred to as Anything as a Service (XaaS).

pod slurping

When portable devices are plugged directly into a machine, they bypass the network security measures (such as firewalls) and allow data to be copied

Account Lockout Duration

When the system locks the account, this is the duration before it is unlocked. With Windows, this value can range from 0 minutes to 99,999 minutes. Setting it to 0 does not disable the feature but rather requires an administrator to explicitly unlock the account before it can be used again.

multifactor system

When two or more access methods are included as part of the authentication process

RAID duplexing

When you add a second controller to a RAID system

Vishing

When you combine phishing with Voice over IP (VoIP)

mutual authentication

Whenever two or more parties authenticate each other. will be implemented when the data to be sent during the session is of a critical nature, such as financial or medical records.

WPS

Wi-Fi Protected Setup. is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join. highly insecure.

data policy

Wiping: How is data removed from media? Disposing: How are media (hard drives, removable drives, and so on) discarded when they are no longer needed? Retention: How long must data be kept? This needs to take into account government regulations on data storage for your business as well as company policies. Storage: Where is data kept, and what security precautions are associated with its access?

WAP

Wireless Application Protocol

WDP

Wireless Datagram Protocol. provides the common interface between devices.

WML

Wireless Markup Language

WSP

Wireless Session Protocol. manages the session information and connection between the devices.

WTP

Wireless Transaction Protocol. provides services similar to TCP and UDP for WAP.

WTLS

Wireless Transport Layer Security. is the security layer of the Wireless Application Protocol. WTLS provides authentication, encryption, and data integrity for wireless devices. is based on the widely used TLS v1.0 security layer used on the Internet. Communication between a WAP client and WAP server is protected by WTLS. Once on the Internet, a connection is typically protected by the Secure Socket Layer (SSL), an Internet standard for encrypting data between points on the network.

Stream cipher

With a stream cipher, the data is encrypted one bit, or byte, at a time.

Escape plans

With all the fencing, locks, and blinding lighting installed in the office, it is highly recommended that escape plans be in place and understood by all.

NTLM

With the release of Windows NT, Microsoft replaced the LANMAN protocol with NTLM (NT LAN Manager) which uses MD4/MD5 hashing algorithms.

One-time pad

Words added to values during authentication. The message to be encrypted is added to this random text before hashing.

Cipher suites

Work with SSL/TLS to combine authentication, encryption, and message authentication.

Refers to the partial or full backups that are kept at the computer center for immediate recovery purposes

Working Copies

Port Security

Works at level 2 of the OSI model and allows an administrator to configure switch ports so that only certain MAC addresses can use the port.

Content inspection

Works by looking at the data that is coming in instead of relying on a website to be previously identified as questionable as URL filtering does.

Client-side validation

Works by taking the input that a user enters into a text field, and on the client side, checking for invalid characters or input.

Fibre channel

Works only on a fiber-based network and uses SCSI to create a SAN across any existing network.

W3C

World Wide Web Consortium

Which set of specifications is designed to allow XML-based programs access to PKI services?

XKMS

XKMS

XML Key Management Specification, is designed to allow XML-based programs access to PKI services.

cipher suite

a combination of methods, such as an authentication, encryption, and message authentication code (MAC) algorithms used together. Many cryptographic protocols such as TLS use a cipher suite.

server hop

a crash in another customer's implementation could expose a path by which a user might hop to your data.

HSM (Hardware Security Module)

a cryptoprocessor that can be used to enhance security. HSMs are traditionally PCI adapters.

proxy

a device that acts on behalf of other(s)

electronic wallet

a device that identifies you electronically in the same way as the cards you carry in your wallet.

scheme

a disaster-recovery plan, involves the access and storage of information..

Cold Site

a facility that isn't immediately ready to use

tree

a hierarchical trust model

active backup model

a hot site

OU

organizational unit

IPv4

Supports 32-bit addresses.

Point-to-Point Tunneling Protocol (PPTP)

Supports encapsulation in a single point-to-point environment and PPTP encapsulates and encrypts PPP packets. Negotiation is not encrypted which makes PPTP less favorable to other protocols.

Event logs

System logs that record various events and comprise a broad category including logs that are not relevant to security issues.

ESX, from VMware

is free but not open source (proprietary)

service ticket

used in Kerberos, usually only good for up to 5 minutes.

border routers

used to translate from LAN framing to WAN framing

Registered ports

1024 to 49151

User ports

1024 to 49151

What are the minimum numbers of disks required for configuring RAID-5?

3

RDP

3389

TACACS

49

Dynamic ports

49152 to 65535

Ephemeral ports

49152 to 65535

Private ports

49152 to 65535

RTP

5004

RTCP

5005

SIP non-encrypted

5060

SIP encrypted with TLS

5061

DNS

53

another, more common, name for EAPOL

802.1X

iSCSI

860 & 3260

KERBEROS

88

FTPS data channel

989

FTPS control channel

990

SYN flood

A DoS attack in which a hacker sends a barrage of spoofed SYN packets to a target's system to utilize sufficient resources so that the system doesn't respond to legitimate traffic.

Windows socket

A Microsoft API used to interact with TCP/IP.

Ping

A TCP/IP utility used to test whether another host is reachable. An Internet Control Message Protocol (ICMP) request is sent to the host, which responds with a reply if it's reachable. The request times out if the host isn't reachable.

Annualized loss expectancy (ALE)

A calculation used to identify risks and calculate the expected monetary loss each year.

Personally identifiable information

A catchall for any data that can be used to uniquely identify an individual.

Proximity readers

A catchall term for any ID or card reader capable of reading proximity cards.

Data repository

A centralized storage location for data, such as a database.

Checkpoint

A certain action or moment in time to perform a check. It allows a restart to begin at the last point the data was saved as opposed to from the beginning.

Rivest Cipher 5 (RC5)

A cipher algorithm created by Ronald Rivest (for RSA), which is known for its speed. It works through blocks of variable sizes using three phases: key expansion, encryption, and decryption.

Terminal Access Controller Access-Control System (TACACS)

A client/server-oriented environment that operates in a manner similar to RADIUS.

Software exploitation

An attack launched against applications and higher-level services.

AD

Active Directory is the backbone for all security, access, and network implementations for Microsoft products

Spam filter

Added to catch unwanted email and filter it out before it gets delivered internally.

Key escrow

Addresses the possibility that a third party may need to access keys. the keys needed to encrypt/decrypt data are held in an escrow account

Hypertext Transfer Protocol over SSL

Also known as HTTPS and HTTP Secure. A combination of HTTP with Secure Sockets Layer (SSL) to make a secure connection. It uses port 443 by default.

Incident response team (IRT)

Also known as a Computer Security Incident Response Team (CSIRT). The group of individuals responsible for responding when a security breach has occurred.

Session key

An agreed-upon (during connection) key used between a client and a server during a session.

Collusion

An agreement between individuals to commit fraud or deceit.

reciprocal agreement

An agreement between two companies to provide services in the event of an emergency, a best-effort basis

Service-level agreement (SLA)

An agreement between you or your company and a service provider.

Message Digest Algorithm (MDA)

An algorithm that creates a hash value. The hash value is also used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.

International Data Encryption Algorithm (IDEA)

An algorithm that uses a 128-bit key. It is similar in speed and capability to Digital Encryption Standard (DES), but it's more secure. It is used in Pretty Good Privacy (PGP).

Asymmetric algorithm

An algorithm that utilizes two keys. These asymmetric keys are referred to as the public key and the private key.

UTM security appliance

An all-in-one appliance, also known as Unified Threat Management (UTM) that provides a good foundation for security.

SCP

An alternate utility for copying files.

Network-based IDS (N-IDS)

An approach to an intrusion detection system (IDS); it attaches the system to a point in the network where it can monitor and report on all network traffic.

Demilitarized zone (DMZ)

An area for placing web and other servers outside the firewall, therefore, isolating them from internal network access.

Zone

An area in a building where access is individually monitored and controlled.

Digital signature

An asymmetrically encrypted signature whose sole purpose is to authenticate the sender.

IP spoofing

An attack during which a hacker tries to gain access to a network by pretending their interface has the same network address as the internal network.

XML injection

An attack in which a user enters values that query XML with values that take advantage of exploits.

TCP/IP hijacking

An attack in which an attacker gains access to a host in the network, disconnect it from the network and then inserts another machine with the same IP address. An older term generically used for all man-in-the-middle attacks.

Directory traversal

An attack in which an attacker is able to gain access to restricted directories (such as the root directory) through HTTP.

Command injection

An attack in which an attacker is able to gain access to restricted directories (such as the root directory) through HTTP. also called Directory Traversal.

SQL injection

An attack in which an attacker manipulates database code to take advantage of a weakness in it. Escape characters not filtered correctly Type handling not properly done Conditional errors Time delays The way to defend against this attack is always to filter input. That means that the website code should check to see if certain characters are in the text fields and, if so, to reject that input.

Repudiation attack

An attack in which an intruder modifies information in a system.

IV attack

An attack in which attackers crack the WEP secret key by examining the repeating result of the initialization vector (IV).

The Type I hypervisor model

is independent of the operating system and boots before the OS.

baseline

represents a secure state

Accountability

Being responsible for an item. An administrator is often accountable for a network and resources on it.

Who typically sign an NDA (nondisclosure agreement)?

Beta testers

Uses one or more unique biological traits to identify a person

Biometrics

BPO

Blanket Purchase Order. This is usually applicable to government agencies. It is an agreement between a government agency and a private company for ongoing purchases of goods or services.

Pop-up blockers

Block unwanted programs running on a system.

Which of the following is the first step to be implemented to reduce security risks?

Classifying system

Load balancers

Can be implemented as a software or hardware solution, and associated with a device - a router, a firewall, NAT appliance, and so on.

CMP

Certificate Management Protocol, is a messaging protocol used between PKI entities.

Baseline reporting

Checks to make sure that things are operating status quo.

Firmware version control

Closely related to updating the firmware.

Provides office space, but the customer provides and installs the equipment needed for operations

Cold Site

Vishing

Combination of phishing with Voice over IP (VoIP).

Compensating

Come into play only when other controls have failed.

Administrative control

Comes down through policies, procedures, and guidelines.

LS (locally shared object)

Commonly known as a Flash Cookie; it's a data stored on a user's computer by Adobe Flash.

Community cloud

Community clouds are provisioned for use by a group of related organizations with shared concerns, hosted locally (private) by one or more members but otherwise operating as remote (public) clouds for other members of the community.

CFAA

Computer Fraud and Abuse Act, was made into law in 1986. The original law was introduced to address issues of fraud and abuse that weren't well covered under existing statutes. The law was updated in 1994, in 1996, and again in 2001. This act gives federal authorities, primarily the FBI, the ability to prosecute hackers, spammers, and others as terrorists.

CSIRT

Computer Security Incident Response Team, a formalized or an ad hoc team you can call upon to respond to an incident after it arises

CIA Triad: Confidentiality, Integrity, Availability

Confidentiality means preventing unauthorized users from accessing data. Integrity means ensuring that data has not been altered, nonrepudiation. Simply making sure that the data and systems are available for authorized users is what availability is all about.

Trivial File Transfer Protocol (TFTP)

Configured to transfer files between hosts without any user interaction.

Encypher

Convert from unencrypted to encrypted

A text file that a browser maintains on a user's hard disk

Cookie

CCMP

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. Uses 128-bit AES encryption with a 48-bit initialization vector.

Arbitrary code execution/remote code execution

Creates a means by which a program that they write can remotely accept commands and execute them.

NAT

Creates a unique opportunity to assist in the security of a network. it allows an organization to present a single address to the Internet for all computer connections (can use multiple public IP addresses). acts as a proxy between the local area network and the Internet.

Quantum cryptography

Cryptography based on changing the polarity of a photon. Quantum cryptography makes the process of interception difficult because any attempt to intercept the message changes the value of the message.

CESA

Cyberspace Electronic Security Act , was passed in 1999 and gives law enforcement the right to gain access to encryption keys and cryptography methods. Some portions have been revoked.

Privacy policy

Defines what controls are required to implement and maintain the sanctity of data privacy in the work environment.

used to secure L2TP connections

IPsec

Direct-sequence spread spectrum

DSSS accomplishes communication by adding data that is to be transmitted to a higher-speed transmission. The higher-speed transmission contains redundant information to ensure data accuracy. Each packet can then be reconstructed in the event of a disruption.

DLP

Data Loss Prevention

Clark-Wilson Mode

Data can't be accessed directly, but through applications with predefined capabilities. This process prevents unauthorized modification, errors, and fraud. This model focuses on business applications and consistency.

Risk assessment

Deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or a loss of information itself.

Privacy policies

Define controls required to maintain the data privacy.

Acceptable use policies

Define how employees can use company resources.

Document disposal and destruction policies

Define how the information that is no longer needed is handled.

Usage policies

Defined policies governing computer usage.

IEEE 802.11 Wireless LAN

Defines standards for implementing wireless technologies such as infrared and spread-spectrum radio.

Recovery point objective

Defines the point at which the system needs to be restored.

Shiva Password Authentication Protocol (SPAP)

Encrypts the username and password.

SCADA

Equipment used to manage automated factory equipment, dams, power generators, and similar equipment.

EALs

Evaluation Assurance Levels: EAL 1 is primarily used when the user wants assurance that the system will operate correctly but threats to security aren't viewed as serious. EAL 2 requires product developers to use good design practices. Security isn't considered a high priority in EAL 2 certification. EAL 3 requires conscientious development efforts to provide moderate levels of security. EAL 4 requires positive security engineering based on good commercial development practices. It is anticipated that EAL 4 will be the common benchmark for commercial systems. EAL 5 is intended to ensure that security engineering has been implemented in a product from the early design phases. It's intended for high levels of security assurance. The EAL documentation indicates that special design considerations will most likely be required to achieve this level of certification. EAL 6 provides high levels of assurance of specialized security engineering. This certification indicates high levels of protection against significant risks. Systems with EAL 6 certification will be highly secure from penetration attackers. EAL 7 is intended for extremely high levels of security. The certification requires extensive testing, measurement, and complete independent testing of every component.

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

Event

Black box

Examines the functionality of an application without peering into its internal structures or workings.

Reference documents

Explains how the standard relates to the organization's different policies

Scope and purpose

Explains the intention of an organization

LDAP injection

Exploits weaknesses in LDAP implementations which occurs when the user's input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries. The best way to prevent LDAP injection attacks is to filter the user input and to use a validation scheme to make certain that queries do not contain exploits.

XTACACS

Extended TACACS replaced the original and combined authentication and authorization with logging to enable auditing.

EAP-TTLS

Extensible Authentication Protocol—Tunneled Transport Layer Security

Frequency-hopping spread spectrum

FHSS accomplishes communication by hopping the transmission over a range of predefined frequencies. The changing or hopping is synchronized between both ends and appears to be a single transmission channel to both ends.

FERPA

Family Educational Rights and Privacy Act , dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or, in the case of a minor, the parents of the student.

FIPS

Federal Information Processing Standards

FIPS

Federal Information Processing Standards, are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. FIPS-compliant (AES, 3DES, DES, and SHA1)

FCoE

Fibre channel over ethernet. A protocol commonly used with the fibre channel. is not routable at the IP layer, and thus it cannot work across large networks.

FAT

File Allocation Table. was designed for relatively small disk drives. It was upgraded first to FAT-16 and finally to FAT-32. FAT-32 allows large disk systems to be used on Windows systems. FAT allows only two types of protection: share-level and user-level access privileges. If a user has Write or Change Access permission to a drive or directory, they have access to any file in that directory. This is very unsecure in an Internet environment.

FMS

File management system

Audit files

Files that hold information about audit events.

Operational security

Focuses on how an organization achieves its goals.

Rainbow table attack

Focuses on identifying a stored value. By using values in an existing table of hashed phrases or words (think of taking a word and hashing it every way you can imagine) and comparing them to values found, a rainbow table attack can reduce the amount of time needed to crack a password significantly. Salt (random bits added to the password) can greatly reduce the ease by which rainbow tables can be used.

Guidelines

Guidelines help an organization implement or maintain standards by providing information on how to accomplish the policies and maintain the standards. Provide specific advice on how to accomplish a given task or activity.

HIPAA

Health Insurance Portability and Accountability Act

HSM

Hierarchical storage management. provides continuous online backup by using optical or tape jukeboxes.

Cloud computing

Hosting services and data on the Internet instead of hosting it locally.

Location that can provide operations within hours of a failure

Hot Site

Incident response policy

How an organization responds to an incident. policies must also clearly outline who needs to be informed in the company, what they need to be told, and how to respond to the situation. Incidents should include not only intrusions but also attempts.

Wiping

How data is removed from media.

postmortem

How did the policies work or not work in this situation? What did we learn about the situation that was new? What should we do differently next time?

Disposing

How media (hard drives, removable drives, and so on) are discarded when they are no longer needed.

Response

How you react to an event.

The combination of two or more methods of non-mathematical cryptography

Hybrid Systems

Hybrid cloud

Hybrid clouds are provisioned using two or more components of private, community, or public clouds. They require more maintenance than the other models but offer greater flexibility for the organization in return.

HTTPS

Hypertext Transport Protocol over SSL

IPSec

IP Security, is a security protocol that provides authentication and encryption across the Internet. IPSec is becoming a standard for encrypting virtual private network (VPN) channels and is built into IPv6. works at layer 3 of the OSI model.

active IDS

IPS

how to configure the SSL port in Windows Server 2012

Open Internet Information Services Manager by choosing Start > Administrative Tools > Internet Information Services (IIS) Manager. Expand the left pane entries until your website becomes an option. Right-click the website and choose Properties from the context menu. Select the Web Site tab. Check whether the port number for SSL is filled in. If it isn't, enter a number here. Click OK and exit Internet Information Services Manager. Notice that the SSL port field is blank by default, and any port number can be entered here—this differs from the way some previous versions of IIS worked. The default SSL port is 443; if you enter a number other than that in this field, then clients must know and request that port in advance in order to connect.

how to configure IPSec monitoring on a Windows 7 or Windows 8 workstation

Open Performance Monitor by pressing the Windows button on the keyboard and typing R. Type perfmon.msc in the Run box (if the UAC asks you to confirm to continue, click to continue). Click Performance Monitor. Right-click the graph and choose Add Counters from the pop-up menu to open the dialog box For an object, select IPsec IKEv1 IPv4 and expand the options Click the Show Description check box, and read the comments. The descriptions appear in the bottom of the dialog box Click Add, and add the following counters: Failed Main Mode Negotiations and Failed Quick Mode Negotiations. Click OK.

OWASP

Open Web Application Security Project

/var/log/wtmp

Open a shell prompt and use the last command to view a list of users who have authenticated to the system

TCP SYN flood DoS attack

Open as many TCP sessions as possible

International Telecommunications Union (ITU)

Organization responsible for communications standards, spectrum management, and the development of communications infrastructures in underdeveloped nations.

Risk awareness

Organizations communicate with each other to share information regarding risks.

OFDM

Orthogonal Frequency division multiplexing

Performance criteria

Outlines how to accomplish the task

Succession planning

Outlines those internal to the organization who have the ability to step into positions when they open.

Maintenance and administrative requirements

Outlines what is required to manage and administer the systems

Which of the following encryption methods uses public key encryption to encrypt and digitally sign e-mail messages?

PGP

RSA Cryptography Standard

PKCS #1

Elliptic Curve Cryptography Standard

PKCS #13

Password-Based Cryptography Standard

PKCS #5

Private-Key Information Syntax Standard

PKCS #8

Provides cryptographic systems to both private businesses and governments.

PKCS (Public-Key Cryptography Standards)

Locks

Passwords that are need to be easy enough to work that those who are authorized can effectively navigate them but strong enough to keep those who are not authorized out.

The first line of defense in your security model, typically outside a building or campus

Perimeter Security

PII

Personally identifiable information. This data can be anything from the person's name to a fingerprint (think biometrics), credit card number, or patient record.

Modifies and alters other programs and databases.

Phage

Redirection of traffic originally intended for another host. It is a scamming practice in which malicious code is installed on server or a personal computer, misdirecting users to fraudulent web sites without their knowledge.

Pharming

SSH connections are established in two phases

Phase 1: The first phase is a secure channel to negotiate the channel connection. Phase 2: The second phase is a secure channel used to establish the connection.

Tailgating with the permission of the person being followed is known as:

Piggybacking

Certificate policies

Policies governing use of certificates.

Changes its form to avoid detection.

Polymorphic

Application control

Primarily concerned with controlling what applications are installed on the mobile device.

Signature based detection IDS

Primarily focused on evaluating attacks based on attack signatures and audit trails.

Certificate Practice Statement (CPS)

Principles and procedures employed in issuing and managing of certificates.

Which of the following is recovered by the recovery agent?

Private key

User assigned privileges

Privileges assigned by a user.

Logic bomb

Programs or code snippets that execute when a certain predefined event occurs.

Locking cabinets

Protect backup media, documentation, and other physical artifacts that could do harm if they fell into wrong hands.

PEAP

Protected Extensible Authentication Protocol. Establishes an encrypted channel between the server and the client.

WPA2

Provides security that's equivalent to that on a wired network, and implements mandatory elements of the 802.11i standard.

PKC

Public Key Cryptography. Two-key systems

Although a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of which of the following?

Public and private

_______ information is made available to either large public or specific individuals, whereas _______ information is intended for only those internal to the organization.

Public; private

Consensus/Social proof

Putting the person being tricked at ease by putting focus on them, listening intently to what they are saying, validating their thoughts, and charming them.

RIPEMD

RACE Integrity Primitives Evaluation Message Digest. Algorithm based on MD4.

A coding system that changes one character or symbol into another

Substitution Ciphers

SQL Database

Relational, Individual records are stored as rows in tables (table-based), Widely supported and easy to configure for structured data, Vertical scaling, Oracle, Microsoft, MySQL, and others, Susceptible to SQL Injection Attacks

RDN

Relative Distinguished Name

RIDs

Relative Identifiers

RPC

Remote Procedure Call. is a programming interface that allows a remote computer to run programs on a local machine. It has created serious vulnerabilities in systems that have RPC enabled.

Capturing information over a network and fraudulently repeating data transmission or stream of messages.

Replay

Software as a Service (SaaS)

Represents cloud resources provided as prebuilt applications accessible over the Internet. Consuming organizations have limited or no control over feature additions or application changes.

Platform as a Service (PaaS)

Represents cloud resources provided at the development level for custom application development and hosting. Consuming organizations have no concern over infrastructural decisions but may be limited by the available languages supported by their PaaS provider.

Infrastructure as a Service (IaaS)

Represents cloud resources provided at the lowest level-storage, databases, network interconnections, and similar functions. This is the most flexible level of cloud service but requires the most management and planning of the consuming organization.

Public cloud

Represents the most thoroughly virtualized cloud infrastructural design, removing data center resources partially or completely from the organization's data center. Public clouds may be configured for access by an organization or partitioned group (community) or for the general public.

Transmission Control Protocol (TCP)

Responsible for providing a reliable, one-to-one, connection-oriented session. It establishes a connection and ensures that the other end receives any packets sent.

security audit

Review of security logs Review of policies and compliance with policies A check of security device configuration Review of incident response reports

Job rotation

Rotation of jobs on a frequent enough basis that you are not putting yourself - and your data - at the mercy of any one administrator.

Policies

Rules or standards governing usage. These are typically high level in nature.

Security policies

Rules set in place by a company to ensure the security of a network. These may include how often a password must be changed or how many characters a password should be. define how identification and authorization occur and determine access control, audits, and network connectivity

IPv6

Supports 128-bit addresses.

Rootkit

Software program that has the ability to obtain root-level access and hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display-the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like.

Spyware

Software programs that work—often actively—on behalf of a third party. spyware is spread to machines by users who inadvertently ask for it. it almost always exists to provide commercial gain. One of the reasons spyware is so prevalent is that there are many legal uses for it, such as monitoring children's or employees' online habits.

Botnets

Software running on infected computers called zombies.

Antivirus software

Software that identifies the presence of a virus and is capable of removing or quarantining the virus.

Intrusion detection system (IDS)

Software that runs either on individual workstations or network devices to monitor and track network activity. An IDS can be network or host based.

scareware

Software that tries to convince unsuspecting users that a threat exists

Out-of-band key exchange

Some other channel that is going to be secured, is used to exchange the key.

Malicious insider threat

Someone inside the company who is displeased with the company give away information for profit.

5 factors of Authentication

Something you know, such as a password or PIN Something you have, such as a smart card, token, or identification device Something you are, such as your fingerprints or retinal pattern (often called biometrics) Something you do, such as an action you must take to complete authentication Somewhere you are (this is based on geolocation)

Masquerading as someone else.

Spoofing

Plain old telephone service (POTS)

Standard telephone service, as opposed to other connection technologies like Digital Subscriber Line (DSL).

Protocols

Standards or rules.

Automated System Recovery in Windows Server 2012

Start the backup utility by choosing Start > All Programs > Accessories > System Tools > Backup. Choose the Automatic System Recovery Wizard. Walk through the wizard and answer the questions appropriately. When you finish, you'll create the backup set first and a disk (either optical disk or USB drive) second. The disk contains files necessary to restore system settings after a disaster.

The process of hiding a message in a medium

Steganography

Preventive

Stops something from happening.

SAN

Storage Area Network

TKIP

Strengthens WEP encryption by placing a 128-bit wrapper around it with a key based on things such as the MAC address of the destination device and the serial number of the packet.

SIM

Subscriber Identification Module (sim card), contains PII

According to NIST, Infrastructure as a Service (IaaS), is defined as

The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possible limited control of select networking components (e.g., host firewalls).

According to NIST, Software as a Service (SaaS) is defined as

The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Smart cards

The card itself usually contains a small amount of memory that can be used to store permissions and access information. Not a good idea to put identifying information on the card, and to use with other forms of authentication. There are two main types of smart cards: Common Access Cards and Personal Identification Verification Cards.

According to NIST, a hybrid cloud is defined as follows

The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

According to NIST, a private cloud is defined as follows

The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises

According to NIST, a community cloud is defined as follows

The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

According to NIST, a public cloud is defined as follows

The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider

Analyzer

The component or process that analyzes the data collected by the sensor.

Lattice

The concept that access differs at different levels. Often used in discussion with the Biba and Bell-LaPadula models as well as with cryptography to differentiate between security levels based on user/group labels.

Working copy

The copy of the data currently in use on a network. It's a partial or full backup that are kept at the computer center for immediate recovery purposes. sometimes referred to as shadow copies. are partial or full backups that are kept at the computer center for immediate recovery purposes.

Single loss expectancy (SLE)

The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.

Snort

The de facto standard for intrusion detection in Linux

strength

The effectiveness of a cryptographic system in preventing unauthorized decryption

Strength

The effectiveness of a cryptographic system in preventing unauthorized decryption.

perimeter

The external entrance to the building

Cryptography

The field of mathematics focused on encrypting and decrypting data. the science of altering information so that it cannot be decoded without a key. It is the practice of protecting information through encryption and transformation. The study of cryptographic algorithms is called cryptography.

Boot sector

The first sector of a hard disk, where the program that boots the operating system resides. It's a popular target for viruses.

Transport layer

The fourth layer of the OSI model that provides the Application layer with session and datagram communications services.

Network Interface layer

The lowest level of the TCP/IP suite that is responsible for placing and removing packets on a physical network.

VNC

Virtual Network Computing

white list

a list of items that are allowed.

Vigenère cipher

a multi-alphabet substitution from historical times. It used a keyword to look up the ciphertext in a table. The user would take the first letter in the text they wanted to encrypt, go to the Vigenère table, and match that with the letter from the keyword in order to find the ciphertext letter. This would be repeated until the entire message was encrypted. Each letter in the keyword generated a different substitution alphabet.

bridge trust model

a peer-to-peer relationship exists among the root CAs. The root CAs can communicate with one another, allowing cross certification.

microwave

a portion of the radio frequency (RF) spectrum

virtual private network

a private network connection that occurs through a public network.

flood guard

a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks.

sandbox

a restricted area of memory

backout

a reversion from a change that had negative consequences

hierarchical trust model

a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren't.

Tabletop Exercise

a simulation of a disaster.

Wireless Markup Language

a smaller version of HTML

system image

a snapshot of what exists

GOST

a symmetric cipher developed in the old Soviet Union that has been modified to work as a hash function. GOST processes a variable-length message into a fixed-length output of 256 bits.

nonproduction environment

a test environment

Authenticode

a type of certificate technology that allows ActiveX components to be validated by a server.

substitution cipher

a type of coding or ciphering system that changes one character or symbol into another.

transitive trusts

a type of relationship that can exist between domains

AUP

acceptable use policy

Tunneling protocols

add the ability to create tunnels between networks that can be more secure, support additional protocols, and provide virtual paths between systems.

Security updates

address security vulnerabilities.

preshared key

all of the clients and the access point share the same key

Rainbow Tables

all of the possible hashes are computed in advance.

Geo-Tagging

allows GPS coordinates (latitude, longitude, etc.) to accompany a file such as an image.

Cyber Security Enhancement Act of 2002

allows federal agencies relatively easy access to ISPs and other data-transmission facilities to monitor communications of individuals suspected of committing computer crimes using the Internet. The act is also known as Section 225 of the Homeland Security Act of 2002.

BitLocker to Go

allows you to apply the same technology to removable media.

VLAN

allows you to create groups of users and systems and segment them on the network. the key benefit is that VLANs can increase security by allowing users with similar data sensitivity levels to be segmented together.

Signature-Based-Detection IDS

also commonly known as misuse-detection IDS (MD-IDS), is primarily focused on evaluating attacks based on attack signatures and audit trails.

key recovery agent

an entity that has the ability to recover a key, key components, or plaintext messages as needed.

noise

an expression of interference that triggers a false positive signal during an intrusion detection process performed by IDS

Hot fix/hotfix

an immediate and urgent patch. Another word for a patch. When Microsoft rolls a bunch of hotfixes together, they are known as a service pack. the process of applying a repair to an operating system while the system stays in operation

cache poisoning

another name for DNS poisoning

gauntlets

another term for a barricade

work product

another term for private information

wetware

another term for social engineering.

least privilege

any given user (or system) is given the minimum privileges necessary to accomplish his or her job.

FM200

approved Gas-based fire suppression system. The principle of a gas system is that it displaces the oxygen in the room, thereby removing this necessary component of a fire.

Separation of duties policies

are designed to reduce the risk of fraud and to prevent other losses in an organization.

Alarms

are indications of an ongoing current problem

Security tokens

are similar to certificates in that they are used to identify and authenticate the user. They contain the rights and access privileges of the token bearer as part of the token.

There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service, and this is known as:

at.allow

ASR

attack surface reduction, is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.

software exploitation

attacks launched against applications and higher-level services. They include gaining access to data using weaknesses in the data access objects of a database or a flaw in a service or application.

Failover

automatically switching from a malfunctioning system to another system

Compensating control

backup controls that come into play only when other controls have failed.

BIA

business impact analysis, evaluating the processes

RAID 1

introduces fault tolerance as it mirrors the contents of the disks. A minimum of two disks are needed

Indicators of Compromise

intrusion signatures

URL filtering

involves blocking websites (or sections of websites) based solely on the URL

escalation

involves consulting policies, consulting appropriate management, and determining how best to conduct an investigation into the incident.

Risk avoidance

involves identifying a risk and making the decision not to engage any longer in the actions associated with that risk

Frequency Analysis

involves looking at blocks of an encrypted message to determine if any common patterns exist to try to break the code.

transposition cipher

involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled. The Rail Fence Cipher is a classic example of a transposition cipher.

Risk deterrence

involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you. This can be as simple as posting prosecution policies on your login pages and convincing them that you have steps in place to identify intrusions and to act on them.

Full Backup

is a complete, comprehensive backup of all files on a disk or server. The full backup is current only at the time it's performed. Once a full backup is made, you have a complete archive of the system at that point in time. A system shouldn't be in use while it undergoes a full backup because some files may not get backed up. every single file on the system is copied over, and the archive bit on each file is turned off.

honeypot

is a computer that has been designated as a target for computer attacks

HSM (Hardware Security Module)

is a cryptoprocessor that can be used to enhance security. is a type of secure-crypto processor used for managing digital keys. HSM is commonly used with PKI systems to augment security with certification authorities (CAs). As opposed to being mounted on the motherboard like TPMs, HSMs are traditionally packaged as PCI adapters.

BitLocker

is a full disk encryption feature that can encrypt an entire volume with 128-bit encryption.

VPN concentrator

is a hardware device used to create remote access VPNs. The concentrator creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional security.

Incremental Backup

is a partial backup that stores only the information that has been changed since the last full or the last incremental backup. An incremental backup backs up only files that have the archive bit turned on. That is how it can identify which files have changed or been created. At the conclusion of the backup, the archive bit is turned off for all the files that were included in the backup.

cryptographic system

is a system, method, or process that is used to provide encryption and decryption.

Secure Shell

is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems.

Risk mitigation

is accomplished any time you take steps to reduce the risk. This category includes installing antivirus software, educating users about possible threats, monitoring the network traffic, adding a firewall, and so on. In Microsoft's Security Intelligence Report, Volume 13, the following suggestions for mitigating risk through user awareness training are listed:

activity

is an element of a data source that is of interest to the operator.

event

is an occurrence in a data source that indicates that a suspicious activity has occurred

Serial Line Internet Protocol (SLIP)

is an older protocol that was used in early remote access environments and serves as the starting point for most remote discussions. SLIP was originally designed to connect Unix systems in a dial-up environment, and it only supported serial communications.

Wireless Application Protocol (WAP)

is an open international standard for applications that use wireless communication.

patch

is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. In a network environment, patches should first be applied to a single machine and tested.

leaf CA

is any CA that is at the end of a CA network or chain.

deterrent control

is anything intended to warn a would-be attacker that they should not attack.

Grandfather, Father, Son Method

is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly. Each monthly backup replaces the monthly backup from the previous year. Weekly or daily incremental backups are performed and stored until the next full backup occurs. The annual backup is referred to as the grandfather, the monthly backup is the father, and the weekly backup is the son.

Xen

is considered to be both free and open source

The Type II hypervisor model

is dependent on the operating system and cannot boot until the OS is up and running. It needs the OS to stay up so that it can boot.

gain value

is expressed in dBi numbers. A wireless antenna advertised with a 20 dBi would be 20 times stronger than the base of 0 dBi. As a general rule, every 3 dB added to an antenna effectively doubles the power output.

KVM (not keyboard)

is free and open source

Security control testing

often includes interviews, examinations, and testing of systems to look for weaknesses. It should also include contract reviews of SLAs, a look at the history of prior breaches that a provider has had, a focus on shared resources as well as dedicated servers

Risk acceptance

often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it.

Service pack

one or more repairs to system problems bundled into a single process or function.

transitive access

one party (A) trusts another party (B). If the second party (B) trusts another party (C), then a relationship can exist where the first party (A) also may trust the third party (C).

single factor authentication

only one type of authentication is checked

802.11

operates on 2.4 GHz. This standard allows for bandwidths of 1 Mbps or 2 Mbps.

Succession planning

outlines those internal to the organization who have the ability to step into positions when they open up. By identifying key roles that cannot be left unfilled and associating internal employees who can step into those roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.

Scope statement

outlines what the policy intends to accomplish and which documents, laws, and practices the policy addresses. The scope statement provides background to help readers understand what the policy is about and how it applies to them.

contingency plan

part of a disaster-recovery plan. A contingency plan wouldn't normally be part of an incident response policy.

Content Advisor

performs content inspection In Internet Explorer

administrative control

policies, procedures, and guidelines.

802.1X

port-based security for wireless network access control. it offers a means of authentication and defines the Extensible Authentication Protocol (EAP) over IEEE 802 and is often known as EAP over LAN (EAPOL). The biggest benefit of using 802.1X is that the access points and the switches do not need to do the authentication but instead rely on the authentication server to do the actual work.

exception handling

programs encounter errors. How those errors are handled is critical to security.

warm site

provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. a warm site is also called a reciprocal site

Exception Statement

provides specific guidance about the procedure or process that must be followed in order to deviate from the policy. This may include an escalation contact in the event that the person who is dealing with a situation needs to know whom to contact next.

Policy Overview Statement

provides the goal of the policy, why it's important, and how to comply with it. Ideally, a single paragraph is all you need to provide readers with a sense of the policy

performance baseline

provides the input needed to design, implement, and support a secure network.

QKE

quantum key exchange

Application-level proxy

read the individual commands of the protocols that are being served. This type of server is advanced and must know the rules and capabilities of the protocol used.

Logging

recording that an event has occurred and under what circumstances

Stateful inspection

records are kept using a state table that tracks every communications channel; it remembers where the packet came from and where the next one should come from.

non-repudiation

refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.

Granularity

refers to the ability to manage individual resources in the CA network.

Baselining

refers to the process of establishing a standard for security

Symmetric algorithms

require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key—sometimes referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system. symmetric cryptographic algorithms are always faster than asymmetric, and they can be just as secure with a smaller key size. DES, 3DES, AES, AES256, CAST, RC, Blowfish, Twofish, IDEA and One-Time Pads are all symmetric forms of encryption.

mandatory vacation policy

requires all users to take time away from work to refresh. Mandatory vacations also provide an opportunity to discover fraud

Computer Security Act of 1987

requires federal agencies to identify and protect computer systems that contain sensitive information.

Security factors while determining the risks prone to a network

risk, threat, vunerability

SmartScreen

runs in the background and sends the address of the website being visited to the SmartScreen server, where it is compared against a list kept of phishing and malware sites. If a match is found, a blocking web page appears (in red) and encourages you to not continue on.

symmetric cryptography

see Symmetric algorithms

Management security awareness training program

should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies.

fsutil fsinfo ntfsinfo C:

shows NTFS version

Cutover Test

shuts down the main systems and has everything fail over to backup systems.

SFA

single factor authentication

Network monitors

sniffers

training metrics

some quantifiable method for determining the efficacy of training.

SPIT

spam over Internet telephony

SPI

stateful packet inspection

SAN

storage area network

Keyspace

strength of cryptosystem

Point-to-Point Tunneling Protocol

supports encapsulation in a single point-to-point environment. encapsulates and encrypts PPP packets. The negotiation between the two ends of a PPTP connection is done in the clear. After the negotiation is performed, the channel is encrypted.

LANMAN

used LM Hash and two DES keys. It was replaced by the NT LAN Manager (NTLM) with the release of Windows NT.

Point-to-Point Tunneling Protocol (PPTP)

supports encapsulation in a single point-to-point environment. encapsulates and encrypts Point-to-Point Protocol (PPP) packets. The negotiation between the two ends of a PPTP connection is done in the clear. PPTP uses port 1723 and TCP for connections.

layered security

synonymous with defense in depth.

dialin privileges

the ability to remotely access a system

Typo squatting

the act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error. also known as URL hijacking.

block cipher

the algorithm works on chunks of data

Volatility

the amount of time you have to collect certain data before that window of opportunity is gone.

attack surface

the area of that application that is available to users-those who are authenticated and, more importantly, those who are not.

Chosen Plaintext

the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key. This can be difficult, but it is not impossible. Advanced methods such as differential cryptanalysis are chosen plaintext attacks.

Two-Tier Model

the client workstation or system runs an application that communicates with the database that is running on a different server.

stream cipher

the data is encrypted one bit, or byte, at a time.

tunneling mode encryption

the data or payload and message headers are encrypted

One-Tier Model

the database and the application exist on a single system.

protected distribution system (PDS)

the network is secure enough to allow for the transmission of classified information in unencrypted format—in other words, where physical network security has been substituted for encryption security.

Incident

the occurrence of any event that endangers a system or network.

Patching

the process of applying manual changes to a program. A patch is a workaround of a bug or problem in code applied manually.

Hardening

the process of improving the security of an operating system or application.

EMI Shielding

the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities.

cross certification

the process of requiring interoperability

Kerckhoffs's principle

the security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself. This literally means that the algorithm can be public for all to examine, and the process will still be secure as long as you keep the specific key secret.

guest

the virtual machines

Microsoft SmartScreen Filter

tools are available that can help limit the success of social engineering attacks.

TOS

trusted operating system is any operating system that meets the government's requirements for security.

Asymmetric algorithms

use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key.


Conjuntos de estudio relacionados

NU270 PrepU: Quality Improvement (week 11)

View Set

AP English Language + Composition - MCQ

View Set

Retail Strategy Chapter 7-8 Quiz

View Set

Chapter 23-39 for Comprehensive Test

View Set

MGMT 430 - Employment Discrimination Law - Quiz 6

View Set

Математика, сессия

View Set

2nd Trimester Screening/Diagnostic Tests

View Set