Mike Meyer Network+ Chapter 19

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

A man-in-the-middle attack, where the attacker associates his MAC address with someone else's IP address (almost always the router), so all traffic will be sent to him first. The attacker sends out unsolicited ARPs, which can either be request or replies. Attacks ARP caches on hosts and switches.

ARP cache poisoning

If the sending device doesn't know the destination device's MAC address, it sends a special broadcast called an ____________________________.

ARP request

Cisco program/process/server that makes the decision to admit or deny a node based on posture assessment. From there, it directs the edge access device to allow a connection or to implement a denial or redirect.

Access Control Server (ACS)

All-encompassing term that defines the degree of permission granted to use a particular resource. That resource may be anything from a switch port to a particular file to a physical door within a building

Access control

When a virus does something like erase the boot sector of a drive

Activation

Specialized user accounts that have been granted sufficient access rights and authority to manage specified administrative tasks. Some exist as a default of the system and have all authority throughout the system. Others must be explicitly assigned the necessary powers to administer given resources.

Administrative Accounts

A program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows.

Adware

A process or program running within the computer that scans the computer to create an inventory of configuration information, resources, and assets

Agent

In terms of posture assessment, refers to a client that has its posture checked and presented by non-permanent software, such as a Web app program, that executes as part of the connection progress. This software does into run directly within the client but is run on behalf of the client

Agent-less

The aspect of a DoS attack that makes a server do a lot of processing and responding

Amplification

Software that attempts to block several types of threats to a client including viruses, Trojan horses, worms, and other unapproved software installation and execution

Anti-malware program

Software that attempts to prevent viruses from installing or executing on a client. Some software may also attempt to remove the virus or eradicate the effects of it after an infection

Antivirus

The way (software or methods) an exploit takes advantage of a vulnerability is called _____________________.

Attack surface

The time frame in which a bad guy can apply an attack surface against a vulnerability before patches are applied to prevent the exploit.

Attack window

When a malicious user gains access to an open port and uses it to probe a host to gain information and access, as well as learn details about running services.

Banner grabbing

Uses a unique physical characteristic of a person to permit access to a controlled IT resource.

Biometric

A group of computers under the control of one operator

Botnet

A type of attack wherein every permutation of some form of data is tried in an attempt to discover protected information. Commonly used on password cracking, search for open ports, network IDs, user names, and so on.

Brute force

Where a buffer cannot hold all the data sent to it

Buffer overflows

A door unlocking system that uses a door handle, a latch, and a sequence of mechanical push buttons

Cipher lock

Any login process conducted over a network where account names, passwords, or other authentication elements are sent from the client or server in an unencrypted fashion

Cleartext credentials

A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices

Closed-circuit television (CCTV)

Where a user doesn't get access to a needed resource because one of his groups has Deny permission that that resource

Conflicting permissions

Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically used to block attacks that use a rogue DHCP server

DHCP snooping

Attack is a targeted attack on a server (or servers) that provide some form of service on the Internet (such as a Web site), with the goal of making that site unable to process any incoming server requests.

Denial of service (DoS)

Which permission always trumps any other permission no matter what group the user is associated too.

Deny

Although CompTIA uses the term "non-persistent agent" in its objectives, Cisco uses the term "___________".

Dissolvable agent

Multicomputer assault on a network resource that attempts, with sheer overwhelming quantity of requests, to prevent regular users from receiving services from the resource. Can also be used to crash systems.

Distribute Denial of Service (DDoS)

The CompTIA Network+ objectives call the proper setup of groups ___________.

Domain/local group configurations

Methodology to grant permission or to deny passage through a doorway. The method may be computer-controlled, human-controlled, token-oriented, or many other means

Door access controls

Cisco process that updates a database of trusted systems. It then watches for false or suspicious ARPs and ignores them to prevent ARP cache poisoning and other malevolent efforts.

Dynamic ARP Inspection (DAI)

A piece of hardware that has been optimized to perform a task in coordination with other same devices and controllers

Edge

The permissions of all groups combined in any network operating system

Effective permissions

The capability of any system to continue functioning after some parts of the system has failed. RAID is an example of a hardware device that provides it for hard drives.

Fault tolerance

A network that can contain or allow access to any resource that management deems acceptable to be used by insecure hosts that attach to the guest network

Guest network

Applying security hardware, software, and process to your network to prevent bad things from happening

Hardening

Still-frame or video camera with a network interface and TCP/IP transport protocols to send output to a network resource or destination.

IP camera

Occurs when a user who shouldn't have access gains access through some means

Improper access

A method of assigning user permissions, in which folder permissions flow downward into subfolders

Inheritance

Small device that can be easily carried in a pocket or purse or attached to a key ring. This device is used to identify the person possessing it for the purpose of granting or denying access to resources such as electronic doors

Key fob

The device in which an alphanumeric code or password that is assigned to a specific individual for particular asset can be entered.

Keypad

A specially written application of collection of commands that performs the same functions as a virus. These normally autostart when the application is run and then make copies of themselves, often propagating across networks.

Macro

Programs that inject unwanted information into packets in an attempt to break another system

Malformed packets

They are a huge threat because of their ability to directly destroy data, inject malware, and initiate attacks

Malicious employee

Users who consciously attempt to access, steal, or damage resources

Malicious users

A program or code that's designed to do something on a system or network that you don't want to have happen.

Malware

An attacker taps into communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on.

Man-in-the-middle

An entryway with two successive locked doors and a small space between them providing one-way entry or exit. This is a security measure taken to prevent tailgating.

Mantrap

A query that asks the Network Time Protocol (NTP) server about the traffic going on between itself and peers

Monlist

Where access is granted based on more than one access technique

Multifactor authentication

Cisco's version of network access control

Network Admission Control (NAC)

A standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network

Network access control (NAC)

An equipment room that holds servers, switches, routers, and other network gear

Network closet

Software used in posture assessment that doesn't stay resident in client station memory. It is executed prior to login and may stay resident during the login session but is removed from client RAM when the login or session is complete. The agent presents the security characteristics to the access control server, which then decides to allow, deny, or redirect the connection

Non-Persistent Agent

MAC addresses of Ethernet NICs have their first 24 bits assigned by the IEEE, sometimes called the vendor ID.

Organizationally unique identifier (OUI)

No computer's clock is perfect, so Network Time Protocol (NTP) is designed for each NTP server to have a number of __________. They are other NTP servers that one NTP server can compare its own time against to make sure its clock is accurate.

Peers

An attack that damages the targeted machine - router, server, and so on - and renders that machine inoperable.

Permanent DoS (PDoS) AKA Phlashing

A small scanning program that, once installed on the computer, stays installed and runs every time the computer boots up. These agents are composed of modules that perform a thorough inventory of each security-oriented element int he computer.

Persistent agent

The attacker poses as some sort of trusted site and solicits you to update your financial information

Phishing

The simplest DoS example is where a person physically attacks the servers.

Physical attack

Process by which a client presents it security characteristics via an agent or agent-less interface to an access control server. The server checks the characteristics and decides whether to grant a connection, deny a connection, or redirect the connection depending on the security compliance invoked.

Posture Assessment

Access to user accounts should be restricted to the assigned individuals (no sharing, no stealing), and those accounts should have permission to access only the resources they need, no more; the control over what a legitimate account can do is called _____________________.

Principle of least privilege

Anytime you do things with a protocol that it wasn't meant to do and that abuse ends up creating a threat

Protocol abuse

Sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token

Proximity reader

Safe network to which are directed stations that either do not require or should not have access to protected resources

Quarantine Network

The transmission, intended or unintended, of radio frequencies. These transmissions may come from components that are intended to transmit RF, such as Wi-Fi network card, or something less expected, such as a motherboard or keyboard. These may be detected and intercepted, posing a potential threat to security

RF emanation

Use in DDoS attacks, requests are sent to normal servers as if they had come from the target server. The response from the normal servers are copied to the target server, overwhelming it without identifying the true initiator.

Reflection AKA Reflective DDoS

It makes copies of itself, often as code stored in boot sectors or as extra code added to the end of executable programs

Replication

A Trojan horse that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools

Rootkit

Person responsible for controlling access to physical resources such as buildings, secure rooms, and other physical assets

Security guard

Background programs in an operating system that do the behind-the-scenes grunt work that users don't need to interact with on a regular basis.

Services

Tries to intercept a valid computer session to get authentication information. Unlike man-in-the-middle attacks, it only tries to grab authentication information, not necessarily listening in like a man-in-the-middle attack

Session hijacking

Specific pattern of bits or bytes that is unique to a particular virus. Virus scanning software maintains a library of these and compares the contents of scanned files against this library to detect infected files.

Signature

The massive influx of traffic on a small or lesser-known Web site when it is suddenly made popular by a reference from the media.

Slashdotting, Reddit effect, hug of death, friendly or unintentional DoS

A type of hacking attack in which an attacker floods a network with ping packets sent to the broadcast address. The trick that makes this attack special is that the return address of the ping is spoofed to that of the intended victim. When all the computers on the network respond to the initial ping, they send their response to the intended victim.

Smurf attack

The process of using or manipulating people inside the networking environment to gain access to that network from the outside.

Social engineering

The process of pretending to be someone or something you aren't by placing false information into your packets

Spoofing

A function of any program that sends information about your system or actions over the Internet

Spyware

Implementing Dynamic ARP Inspection (DAI) and DHCP snooping enhances ______________, a key network hardening technique.

Switchport security

The NSA's security standard that is used to combat radio frequency (RF) emanation by using enclosures, shielding, and even paint

TEMPEST

When an unauthorized person attempts to enter through an already open door

Tailgating

Any form of potential attack against a network

Threat

Some writers use the term _________________ to describe the people who can carry out the threats.

Threat agents

A virus that masquerades as a file with a legitimate purpose, so that a user will run it intentionally. The classic example is a file that runs a game, but also causes some type of damage to the player's system.

Tojan horse

Unusual and usually dramatic increase in the amount of network traffic. It may be the result of normal operations within the organization or may be an indication of something more sinister.

Traffic spike

An account that has been granted specific authority to perform certain or all administrative tasks

Trusted user

A person does something beyond his or her authority to do

Unauthorized access

Unsecure communication between two hosts that pass data cleartext. A Telnet connection is a common type.

Unencrypted Channel

An account that has been granted no administrative powers

Untrusted user

Administering your super accounts is only part of what's called _____________.

User account control

Older technique to hack a switch to change a normal switch port from an access port to a trunk port. This allows the station attached to the newly created trunk port to access different VLANs. Modern switches have preventative measures to stop this type of abuse.

VLAN Hopping

Entails using remotely monitored visual systems and covers everything from identifying a delievery person knocking on the door at the loading dock, to looking over the shoulder of someone working on the keyboard of a server

Video monitoring

A program that can make a copy of itself without your necessarily being aware of it. They all carry some payload that may or may not do something malicious

Virus

Anti-malware program that passively monitors a computer's activity, checking for the viruses only when certain events occur, such as a program executing or a file being downloaded.

Virus shield

A potential weakness in our infrastructure that a threat might exploit

Vulnerability

A very special form of virus. Unlike other viruses, it does not infect other files on the computer. Instead, it replicates by making copies of itself on other systems on a network by taking advantage of security weaknesses in networking protocols.

Worm

New attacks using vulnerabilities that haven't yet been identified or fixed

Zero-day attacks

A single computer under the control of an operator

Zombie

On a Windows system you can see the ARP cache using the __________________ command.

arp -a

The command used on just about every Network Time Protocol (NTP) server to submit queries, this command puts the NTP server into interative mode so that you can then make queries to the NTP server.

ntpdc


Kaugnay na mga set ng pag-aaral

Q6 Gen Med Quiz 2 Utah Questions

View Set