Mike Meyer Network+ Chapter 19
A man-in-the-middle attack, where the attacker associates his MAC address with someone else's IP address (almost always the router), so all traffic will be sent to him first. The attacker sends out unsolicited ARPs, which can either be request or replies. Attacks ARP caches on hosts and switches.
ARP cache poisoning
If the sending device doesn't know the destination device's MAC address, it sends a special broadcast called an ____________________________.
ARP request
Cisco program/process/server that makes the decision to admit or deny a node based on posture assessment. From there, it directs the edge access device to allow a connection or to implement a denial or redirect.
Access Control Server (ACS)
All-encompassing term that defines the degree of permission granted to use a particular resource. That resource may be anything from a switch port to a particular file to a physical door within a building
Access control
When a virus does something like erase the boot sector of a drive
Activation
Specialized user accounts that have been granted sufficient access rights and authority to manage specified administrative tasks. Some exist as a default of the system and have all authority throughout the system. Others must be explicitly assigned the necessary powers to administer given resources.
Administrative Accounts
A program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows.
Adware
A process or program running within the computer that scans the computer to create an inventory of configuration information, resources, and assets
Agent
In terms of posture assessment, refers to a client that has its posture checked and presented by non-permanent software, such as a Web app program, that executes as part of the connection progress. This software does into run directly within the client but is run on behalf of the client
Agent-less
The aspect of a DoS attack that makes a server do a lot of processing and responding
Amplification
Software that attempts to block several types of threats to a client including viruses, Trojan horses, worms, and other unapproved software installation and execution
Anti-malware program
Software that attempts to prevent viruses from installing or executing on a client. Some software may also attempt to remove the virus or eradicate the effects of it after an infection
Antivirus
The way (software or methods) an exploit takes advantage of a vulnerability is called _____________________.
Attack surface
The time frame in which a bad guy can apply an attack surface against a vulnerability before patches are applied to prevent the exploit.
Attack window
When a malicious user gains access to an open port and uses it to probe a host to gain information and access, as well as learn details about running services.
Banner grabbing
Uses a unique physical characteristic of a person to permit access to a controlled IT resource.
Biometric
A group of computers under the control of one operator
Botnet
A type of attack wherein every permutation of some form of data is tried in an attempt to discover protected information. Commonly used on password cracking, search for open ports, network IDs, user names, and so on.
Brute force
Where a buffer cannot hold all the data sent to it
Buffer overflows
A door unlocking system that uses a door handle, a latch, and a sequence of mechanical push buttons
Cipher lock
Any login process conducted over a network where account names, passwords, or other authentication elements are sent from the client or server in an unencrypted fashion
Cleartext credentials
A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices
Closed-circuit television (CCTV)
Where a user doesn't get access to a needed resource because one of his groups has Deny permission that that resource
Conflicting permissions
Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically used to block attacks that use a rogue DHCP server
DHCP snooping
Attack is a targeted attack on a server (or servers) that provide some form of service on the Internet (such as a Web site), with the goal of making that site unable to process any incoming server requests.
Denial of service (DoS)
Which permission always trumps any other permission no matter what group the user is associated too.
Deny
Although CompTIA uses the term "non-persistent agent" in its objectives, Cisco uses the term "___________".
Dissolvable agent
Multicomputer assault on a network resource that attempts, with sheer overwhelming quantity of requests, to prevent regular users from receiving services from the resource. Can also be used to crash systems.
Distribute Denial of Service (DDoS)
The CompTIA Network+ objectives call the proper setup of groups ___________.
Domain/local group configurations
Methodology to grant permission or to deny passage through a doorway. The method may be computer-controlled, human-controlled, token-oriented, or many other means
Door access controls
Cisco process that updates a database of trusted systems. It then watches for false or suspicious ARPs and ignores them to prevent ARP cache poisoning and other malevolent efforts.
Dynamic ARP Inspection (DAI)
A piece of hardware that has been optimized to perform a task in coordination with other same devices and controllers
Edge
The permissions of all groups combined in any network operating system
Effective permissions
The capability of any system to continue functioning after some parts of the system has failed. RAID is an example of a hardware device that provides it for hard drives.
Fault tolerance
A network that can contain or allow access to any resource that management deems acceptable to be used by insecure hosts that attach to the guest network
Guest network
Applying security hardware, software, and process to your network to prevent bad things from happening
Hardening
Still-frame or video camera with a network interface and TCP/IP transport protocols to send output to a network resource or destination.
IP camera
Occurs when a user who shouldn't have access gains access through some means
Improper access
A method of assigning user permissions, in which folder permissions flow downward into subfolders
Inheritance
Small device that can be easily carried in a pocket or purse or attached to a key ring. This device is used to identify the person possessing it for the purpose of granting or denying access to resources such as electronic doors
Key fob
The device in which an alphanumeric code or password that is assigned to a specific individual for particular asset can be entered.
Keypad
A specially written application of collection of commands that performs the same functions as a virus. These normally autostart when the application is run and then make copies of themselves, often propagating across networks.
Macro
Programs that inject unwanted information into packets in an attempt to break another system
Malformed packets
They are a huge threat because of their ability to directly destroy data, inject malware, and initiate attacks
Malicious employee
Users who consciously attempt to access, steal, or damage resources
Malicious users
A program or code that's designed to do something on a system or network that you don't want to have happen.
Malware
An attacker taps into communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on.
Man-in-the-middle
An entryway with two successive locked doors and a small space between them providing one-way entry or exit. This is a security measure taken to prevent tailgating.
Mantrap
A query that asks the Network Time Protocol (NTP) server about the traffic going on between itself and peers
Monlist
Where access is granted based on more than one access technique
Multifactor authentication
Cisco's version of network access control
Network Admission Control (NAC)
A standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network
Network access control (NAC)
An equipment room that holds servers, switches, routers, and other network gear
Network closet
Software used in posture assessment that doesn't stay resident in client station memory. It is executed prior to login and may stay resident during the login session but is removed from client RAM when the login or session is complete. The agent presents the security characteristics to the access control server, which then decides to allow, deny, or redirect the connection
Non-Persistent Agent
MAC addresses of Ethernet NICs have their first 24 bits assigned by the IEEE, sometimes called the vendor ID.
Organizationally unique identifier (OUI)
No computer's clock is perfect, so Network Time Protocol (NTP) is designed for each NTP server to have a number of __________. They are other NTP servers that one NTP server can compare its own time against to make sure its clock is accurate.
Peers
An attack that damages the targeted machine - router, server, and so on - and renders that machine inoperable.
Permanent DoS (PDoS) AKA Phlashing
A small scanning program that, once installed on the computer, stays installed and runs every time the computer boots up. These agents are composed of modules that perform a thorough inventory of each security-oriented element int he computer.
Persistent agent
The attacker poses as some sort of trusted site and solicits you to update your financial information
Phishing
The simplest DoS example is where a person physically attacks the servers.
Physical attack
Process by which a client presents it security characteristics via an agent or agent-less interface to an access control server. The server checks the characteristics and decides whether to grant a connection, deny a connection, or redirect the connection depending on the security compliance invoked.
Posture Assessment
Access to user accounts should be restricted to the assigned individuals (no sharing, no stealing), and those accounts should have permission to access only the resources they need, no more; the control over what a legitimate account can do is called _____________________.
Principle of least privilege
Anytime you do things with a protocol that it wasn't meant to do and that abuse ends up creating a threat
Protocol abuse
Sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token
Proximity reader
Safe network to which are directed stations that either do not require or should not have access to protected resources
Quarantine Network
The transmission, intended or unintended, of radio frequencies. These transmissions may come from components that are intended to transmit RF, such as Wi-Fi network card, or something less expected, such as a motherboard or keyboard. These may be detected and intercepted, posing a potential threat to security
RF emanation
Use in DDoS attacks, requests are sent to normal servers as if they had come from the target server. The response from the normal servers are copied to the target server, overwhelming it without identifying the true initiator.
Reflection AKA Reflective DDoS
It makes copies of itself, often as code stored in boot sectors or as extra code added to the end of executable programs
Replication
A Trojan horse that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools
Rootkit
Person responsible for controlling access to physical resources such as buildings, secure rooms, and other physical assets
Security guard
Background programs in an operating system that do the behind-the-scenes grunt work that users don't need to interact with on a regular basis.
Services
Tries to intercept a valid computer session to get authentication information. Unlike man-in-the-middle attacks, it only tries to grab authentication information, not necessarily listening in like a man-in-the-middle attack
Session hijacking
Specific pattern of bits or bytes that is unique to a particular virus. Virus scanning software maintains a library of these and compares the contents of scanned files against this library to detect infected files.
Signature
The massive influx of traffic on a small or lesser-known Web site when it is suddenly made popular by a reference from the media.
Slashdotting, Reddit effect, hug of death, friendly or unintentional DoS
A type of hacking attack in which an attacker floods a network with ping packets sent to the broadcast address. The trick that makes this attack special is that the return address of the ping is spoofed to that of the intended victim. When all the computers on the network respond to the initial ping, they send their response to the intended victim.
Smurf attack
The process of using or manipulating people inside the networking environment to gain access to that network from the outside.
Social engineering
The process of pretending to be someone or something you aren't by placing false information into your packets
Spoofing
A function of any program that sends information about your system or actions over the Internet
Spyware
Implementing Dynamic ARP Inspection (DAI) and DHCP snooping enhances ______________, a key network hardening technique.
Switchport security
The NSA's security standard that is used to combat radio frequency (RF) emanation by using enclosures, shielding, and even paint
TEMPEST
When an unauthorized person attempts to enter through an already open door
Tailgating
Any form of potential attack against a network
Threat
Some writers use the term _________________ to describe the people who can carry out the threats.
Threat agents
A virus that masquerades as a file with a legitimate purpose, so that a user will run it intentionally. The classic example is a file that runs a game, but also causes some type of damage to the player's system.
Tojan horse
Unusual and usually dramatic increase in the amount of network traffic. It may be the result of normal operations within the organization or may be an indication of something more sinister.
Traffic spike
An account that has been granted specific authority to perform certain or all administrative tasks
Trusted user
A person does something beyond his or her authority to do
Unauthorized access
Unsecure communication between two hosts that pass data cleartext. A Telnet connection is a common type.
Unencrypted Channel
An account that has been granted no administrative powers
Untrusted user
Administering your super accounts is only part of what's called _____________.
User account control
Older technique to hack a switch to change a normal switch port from an access port to a trunk port. This allows the station attached to the newly created trunk port to access different VLANs. Modern switches have preventative measures to stop this type of abuse.
VLAN Hopping
Entails using remotely monitored visual systems and covers everything from identifying a delievery person knocking on the door at the loading dock, to looking over the shoulder of someone working on the keyboard of a server
Video monitoring
A program that can make a copy of itself without your necessarily being aware of it. They all carry some payload that may or may not do something malicious
Virus
Anti-malware program that passively monitors a computer's activity, checking for the viruses only when certain events occur, such as a program executing or a file being downloaded.
Virus shield
A potential weakness in our infrastructure that a threat might exploit
Vulnerability
A very special form of virus. Unlike other viruses, it does not infect other files on the computer. Instead, it replicates by making copies of itself on other systems on a network by taking advantage of security weaknesses in networking protocols.
Worm
New attacks using vulnerabilities that haven't yet been identified or fixed
Zero-day attacks
A single computer under the control of an operator
Zombie
On a Windows system you can see the ARP cache using the __________________ command.
arp -a
The command used on just about every Network Time Protocol (NTP) server to submit queries, this command puts the NTP server into interative mode so that you can then make queries to the NTP server.
ntpdc