Security + Skillport

HTTPS

Hypertext Transfer Protocol over Secure Sockets Layer is the secure method of communicating data between a web browser and a web server. HTTP communications are sent in clear text, which means there is no security. HTTPS uses SSL and certificates to secure the communication channel. HTTPS uses TCP port 443 by default.

IPSec

IP Security is a security protocol suite that provides authentication and encryption to information transferred across IP networks. It is most often used to secure virtual private network communications. IPSec uses TCP port 1293 by default.

IDEA

International Data Encryption Algorithm is a block cipher that uses a 64 bit block size and a 128 bit key. IDEA splits the plain text into four 16 bit segments.

ISAKMP

Internet Security Association and Key Management Protocol provides a framework for authentication and key exchange. Within ISAKMP, IKE/IKE2 is an example of a protocol that provides the actual authentication key material used by ISAKMP.

Risk Assessment

Is used to determine the probability of a threat occurring, including the potential loss if the threat occurs.

Key Escrow

Key escrow is a form of key archiving that enables a third party, such as a law enforcement agency, to access a key even without the owner's permission. The keys are copied and all copies are stored in an off-site repository called a key escrow agency.

MD5

Message Digest 5 is a hashing algorithm. It is used to verify data integrity, it is considered to be quite fast among hashing algorithms, and is the fastest.

Netsh

Netsh (Network Shell) is a Windows command-line scripting utility. It is used to configure various networking parameters from the command line. It allows scripting commands to run locally or remotely. These commands can be used to view or modify system configurations.

Netstat

Netstat is a command line utility within the Windows operating system that is used to display networking connections. This includes open ports. With the proper switch, Netstat can even display the process ID of the service using that port. This can be cross-referenced to determine what service is attached to that process ID.

NAT

Network address translation is the process of mapping a network's internal private IP addresses to globally unique IP addresses. This allows internal clients to access the Internet, while minimizing the number of globally unique IP addresses required by an organization.

OTPs

One time passwords also known as dynamic passwords, can be used only once after which they become invalid.

OCSP

Online Certificate Status Protocol is used to obtain revocation status information regarding an X.509 digital certificate. Other common ways of validating a certificate by reviewing its revocation status is by using a CRL, or a delta CRL. The OCSP cannot be used within a PKI to request a certificate from a CA.

Web Application Firewall

Operates at the Application Layer (Layer 7) of the OSI model and deals exclusively with information contained in HTTP conversations. When you enter information in a web form field, the firewall analyzes it to ensure that it conforms to the type of input expected for the field. For example, if a field requires an e-mail address and you specify a date, the web application firewall will refuse the form and prevent the information from being added to a database. This is an important security measure because unexpected input is a common method of exploiting an application and gaining access to the database or web server behind it. For instance, hackers often try to add their own commands to an application's SQL query by writing them into an open field on a web form. This is known as SQL injection.

Packet Filtering Firewall

Operates at the Network Layer (Layer 3) of the OSI model and are the most basic types of firewall. They inspect the headers of IP packets and use rules relating to the source and destination IP addresses, protocol ID and type, and source and destination port numbers.

PBKDF2

PBKDF2 is a key derivation function, which is also known as a key stretcher. PBKDF2 adds a cryptographic hash, cipher, or HMAC to the password along with a salt value to produce a derived key. This increases key security.

PAP

Password Authentication Protocol does not use a token device consisting of an internal clock to help determine when to generate a user password. PAP is a method of authentication that uses passwords, presented in plaintext, to authenticate.

Phage Virus

Phage viruses modify other programs and databases instead of attaching themselves to other files. Phage viruses will normally modify the executable file of a program, which often causes the program to become corrupt or unusable.

Pharming Attack

Pharming attacks are used to redirect traffic to a different host other than the one intended. Pharming attacks are often used to try to redirect users to an illegitimate web site that is designed to appear as a legitimate one. This is normally done by changing host files or DNS entries.

Polymorphic Virus

Polymorphic viruses are able to change their virus signature to avoid detection. This is done by using a polymorphic engine that changes the code each time it is run, while leaving the algorithm and code function unchanged.

PortQry

PortQry is a Windows command that can be used to perform a port scan of a system. This command, however, is not installed by default and must be downloaded from the Microsoft website before it can be used.

ASCII Characters

Pronounced ask-ee, ASCII is a code for representing English characters as numbers, with each letter assigned a number from 0 to 127. For example, the ASCII code for uppercase M is 77. Most computers use ASCII codes to represent text, which makes it possible to transfer data from one computer to another.

RC4

RC4 is a symmetric cryptosystem that is commonly used for wireless WEP and WPA encryption. RC4 uses a stream cipher and works with keys sizes between 40 and 2,048 bits.

RSA

RSA is an asymmetric encryption algorithm that can be used for encryption and digital signatures. RSA functions on the difficulty of factoring two large prime numbers. It is one of the most widely used asymmetric algorithms. It's a public key cryptosystem and is commonly used to protect data on the internet. It is one of the systems used in PGP.

Rainbow Table Attack

Rainbow table attacks are used to attempt to reverse a password's hash value. This is done by comparing the password's hash to a large database or precomputed hashes, known as a rainbow table.

RADIUS

Remote Authentication Dial-In User Service is a client/server authentication protocol that provides centralized authentication, authorization, and accounting (AAA) for remote access services. Although originally developed for dial-in user authentication, RADIUS is often applied to wireless and virtual private networking (VPN) connections. RADIUS uses UDP and encrypts only the password for the access request packet.

RDP

Remote desktop protocol allows Windows computers to virtually connect to a remote computer. Once the connection is established, the user is presented with the remote computer's desktop. This protocol is not used to monitor and configure these devices. Also, the RDP protocol is not secure.

RFC

Request for Comments 3227 provides guidelines for the collection and archiving of forensic evidence, including information related to evidence collection based on order or volatility. Order of volatility identifies that evidence should be collected from the most volatile system components to the least volatile. For example, evidence should be collected from system memory before evidence is collected from a hard drive. This is because if a system is turned off, all information contained in memory will be lost.

Retrovirus

Retroviruses are designed to avoid discovery by actively seeking out antivirus programs and attempting to disable or infect them. Some retroviruses are also designed to attack the antivirus software's virus signatures, leaving the antivirus program unable to properly detect threats.

RBAC

Role-based Access Control is an access control model that is based upon individual or group assignment of permissions by centralized administration. This type of access is determined by the role that the subject has within the organization.

SFTP

Secure File Transfer Protocol is an extension of the SSH protocol designed to provide secure file transfer capabilities through an SSH channel. SFTP uses TCP post 115 by default.

SHA

Secure Hash Algorithm is a one way hashing algorithm that is used to ensure a message's integrity. The most popular version of SHA is SHA-2, which normally creates either a 256-bit or 512-bit hash value.

SSH

Secure Shell Is a protocol that provides authentication and encryption security. It allows users to access remote computers and execute commands. SSH was created to be a replacement for Telnet. SSH uses TCP port 22 by default.

SSL

Secure Sockets Layer is a cryptographic protocol that is used to encrypt network connections. SSL uses the MD5 and SHA-1 hashing algorithms to determine the session key. SHA-1 generates a 160-bit hash value.

SSID Broadcasting

Service Set Identifier broadcasting in the network identifier that users see when they search for a wireless network.

Session Hijacking

Session hijacking occurs when a computer's active session to a web site is hijacked by a malicious user. This allows the malicious user to keep the browser session active as if they were the original user.

SNMP

Simple network management protocol is a protocol that can be used to configure network devices. The protocol is capable of collecting data from devices as well as providing them configuration settings. The first two versions of the protocol were not secure, but SNMP v3 offers many updated security features. This protocol fulfills the question's requirements.

Smishing

Smishing is a form of social engineering that relies on SMS messages to obtain personal information. Smishing messages often contain a phone number to call or URL to visit to resolve an urgent matter.

Sniffer Attack

Sniffer attacks make use of protocol analyzers to inspect data as it is transmitted over a network. This allows all clear-text data, including passwords, to be captured and read by an attacker.

Spear Phishing

Spear Phishing is a form of social engineering that uses targeting e-mails to try and obtain personal information from a specific entity. Spear fishing e-mails are designed to appear as though they have been sent by a known and trusted party. In an attempt to appear trustworthy, spear phishing e-mails will often also contain personal information about the user who receives the e-mail.

Spim

Spim if a form of spam that is sent via an instant messaging service. Spim is generally performed by bots and is often used to advertise serives and perfom click fraud.

Stealth

Stealth virus use various mechanisms to avoid being detected by antivirus programs. These mechanisms include hiding in system memory and keeping an original copy of the infected data to avoid detection.

Symmetric Algorithms

Symmetric algorithms use a secret key for both encrypting and decrypting data. When messages are sent using a symmetric algorithm, both parties need to use the same secret key. Symmetric algorithms do not have a built-in method of securely transmitting these keys. For that reason, symmetric algorithms rely on out-of-band key exchanges. Examples of out-of-band key exchange methods include USB sticks, mail, and couriers.

Whaling

Targeting upper management personnel.

Telnet

Telnet is a protocol that is used for remote configuration of devices. This protocol is commonly used to remotely configure network devices. Telnet is not a means of monitoring a device nor is it a secure protocol.

TACACS+

Terminal Access Controller Access Control System Plus is a proprietary authentication protocol developed by Cisco. It provides centralized authentication, authorization, and accounting (AAA) for remote access services. TACACS+ uses UDP and encrypts the entire body for the access request packet.

CAC

The Common Access Card is used by the DoD to verify the identity of all military personnel, civilian employees, and contractors. A smart card contains a microchip that stores the holder's credentials. Smart cards can store a lot of information, including access transactions, licenses held by individuals, qualifications, details of safety training, security access levels, and biometric templates.

EAP

The Extensible Authentication Protocol is one of the authentication protocols used with wireless networks. It is not the most secure authentication protocol.

MAC

The Mandatory Access Control method involves providing a clearance level to users and classification labels to resources. The clearance level will determine which resources the users can access based on their classification labels.

Role Based Access Control

The Role Based Access Control method involves placing users into groups, also known as roles, and then applying privileges to the groups.

Rule Based Access Control

The Rule Based Access Control method involves creating rules to determine which actions are allowed or not allowed. For example, with a firewall, you create rules to determine what traffic is allowed to enter or exit the network.

TKIP

The Temporal Key Integrity Protocol is used with Wi-Fi Protected Access (WPA). It was created to fix some of the security issues known with the RC4 cypher used with Wired Equivalent Privacy (WEP). TKIP will change the encryption keys for every packet that is sent.

Rule-Based Access Control

The rule-based access control method involves creating rules on a system to determine which actions are allowed or not. For example, with a firewall, you create rules to determine what traffic is allowed to enter or exit the network.

TFTP

Trivial file transfer protocol is a file transfer protocol. It is commonly used to transfer configuration data to network devices, but it not used for monitoring.

Twofish

Twofish is a public domain symmetric block cipher designed to be a replacement for Blowfish. Twofish uses 128 bit block sizes and creates key sizes of up to 256 bits.

TOTP

A Time Based One Time Password algorithm uses a clock-based synchronous token device consisting of a clock combined with a base secret key. These are used to generate a password for the user. The authentication server validates the password the user receives. It holds the same time value as the token device and determines the value of the password by combining the time with a copy of the token's bases secret key. If this password matches the password the user provides, the user is authenticated. A time delay 60 seconds between the token device submitting a password and the authentication server authenticating it is usually allowed.

Buffer Overflow

A buffer overflow is a programmer error that can occur when a program attempts to write data to a buffer and overruns the buffer's boundaries. This results in data being written by the program to memory adjacent to the program's buffer memory.

CPS

A certificate Practice Statement is used by a CA for issuing certificates and implementing policies. A CPS contains documentation practices for several areas of managing and issuing certificates, including revocation, renewal, archiving, issuance, and publication. A CPS is not used within a PKI to request a certificate from a CA.

CSR

A certificate signing request is used by a user within a PKI to request a certificate from a CA. A CSR is also commonly referred to as a certificate request. Before a CSR is created, the user must first generate a key pair, which consists of a private and a public key. Then, when the CSR is issued, it will contain information regarding the user that has been signed by their private certificate for authenticity.

Combination Attack

A combination attack is a form of dictionary attack that uses two dictionaries. It matches each word from one dictionary to every word in the other dictionary. This is done until a password match is found.

Firewalls

A firewall is either a hardware or software security tool that permits or denies network traffic based on a set of created rules.

Firewall

A firewall is used to permit and deny traffic in and out of the network. It can be used to block specific services, including e-mail. A firewall would block all e-mail, not just e-mail with specific contents.

Broadcast Domains

A form of network segmentation. They are a result of a physical implementation or configuration. Broadcast domains are created when Layer 3 devices, such as routers, are implemented to the network.

Hoax

A hoax is usually carried out via e-mail or by phone, and it involves getting a false story that requires an action.

Caching Proxy

A proxy server acts as an intermediary between clients on a local area network (LAN) and web servers on the internet. A cashing proxy server has the ability to cache web pages on their hard drives. The advantage of having web pages cached locally is that the proxy server will need to access the internet less often, reducing bandwidth usage and increasing performance for clients.

Proxy

A proxy server is an intermediary between a host and a computer hosting another service. For example, web proxies allow frequently accessed content to be cached, as well as control what sites or content users are able to access. A proxy would not have been the technology that prevented the e-mail from being sent.

Sandbox

A sandbox is used to help protect systems and users by limiting the resources that the app can access in the mobile platform.

Service Pack

A service pack is a collection of fixes, or upgrades, packaged into a single product. These updates can be used to provide additional functionality or to fix a large number or bugs. Service packs are commonly applied to operating systems and should be tested prior to deployment.

Support Pack

A support pack is simply another name for a service pack, it is a collection of fixes, or upgrades, packaged into a single product. These updates can be used to provide additional functionality or to fix a large number of bugs. Support packs are commonly applied to operating systems and should be tested prior to deployment.

ARP Poisoning Attack

ARP poisoning attacks, also known as ARP spoofing attacks, work by using a fake MAC address to make it appear that that data was sent by another host. ARP spoofing can be used to perform malicious tasks such as bypassing MAC address filters, gaining network access, and receiving data that was intended for another host.

AES

Advanced Encryption Standard is an industry standard symmetric cryptosystem that uses the Rijndael algorithm. AES uses a block cipher or 128 bits, and it uses key sizes of 128, 192, or 256 bits.

Adware

Adware is a form of spyware whose primary purpose is to generate ads and provide revenue for its creator. In addition to creating pop-up ads, adware software often observes the user's activities and internet browsing and reports this information back to the adware's creator.

HOTP

An HMAC-Based One-Time Password algorithm uses a counter-based synchronous token device consisting of a base secret key and an internal counter inserted by a system administrator. The system administrator inserts the same value of the base secret key and the counter into the authentication server. When the user needs the OTP, the system administrator presses a button on the token device. The device increments the counter value, combines it with the bases secret key, performs a hash function, computes and formats the result, and then display it for the user.

iCloud Keychain

An iCloud Keychain refers to the password management system available with the Apple mobile devices. The Keychain provides secure storage for user login information and passwords for web sites and network shares.

Integer Overflow

An integer overflow is an application error that occurs when an arithmetic operation attempts to place its resulting numerical value into a storage space that is too small. For example, if a storage space within an application can only hold four digits and the number, 9,999 is already stored within the storage space, adding 1 to the value would cause an integer overflow.

Baselining

Applications, such as IE, will have vendor created recommended settings related to both their functionality and security. These settings are known as application configuration baselines. Implementation of recommended settings for applications.

Asymmetric Algorithms

Asymmetric algorithms use two separate keys to encrypt and decrypt data. Data is encrypted using the recipient's public key, and data is decrypted using the recipient's private key. Because asymmetric algorithms do not use the same keys to encrypt and decrypt data, they do not rely on out-of-band key exchanges to transport keys.

AH

Authentication Header is one of the two primary protocols that make up IPSec. AH provides authentication for data. As such, AH provides integrity and protection against anit-reply attack. AH does not provide the framework for authentication and key exchange within IPSec.

Bcrypt

Bcrypt is a key derivation function, which is also known as a key stretcher. It is based on the Blowfish cipher. Bcrypt incorporates a salt to protect against rainbow table attacks. It also adaptively increases the iteration count, which makes it slower and more resistant to brute force attacks.

Big Data Analysis

Big Data analysis is a security procedure used to detect abnormal behavior. This audit is commonly used by banks to identify abnormal spending patterns and possible credit card fraud by auditing large amounts of data.

Blowfish

Blowfish is an older public domain symmetric block cipher designed to be a replacement for DES. Blowfish uses 64-bit blocks and variable length keys from 32 to 448 bits. Encryption is done by splitting the 64 bit block into two 32 bit words.

Bluesnarfing

Bluesnarfing is the process of accessing a Bluetooth-enabled device without permission. Once the attacker has access to the device, they can retrieve data from the device or even delete data.

CAST

CAST is a symmetric encryption algorithm that can use two block sizes. CAST can use a 64 bit block to support 64 bit block to support 64 bit and 128 bit keys and a 128 bit block to support 256 bit keys.

CHAP

Challenge Handshake Authentication Protocol does not use a token device consisting of an internal clock to help determine when to generate a user password. CHAP is a method of authentication that encrypts passwords through the Message Digest 5 (MD5) hashing scheme.

CCMP

Counter Mode with Cipher Block Chaining Message Authentication Codes Protocol is the standard encryption protocol that is used for Wi-Fi Protected Access 2 (WPA2). CCMP and Advanced Encryption Standard (AES) encryption support 128-bit, 192-bit, and 256-bit encryption.

Cross-site Scripting

Cross-site scripting (XSS) is a type of attack executed by inserting malicious code into a web page or by placing a script tag into the site's URL. Once inserted, a user can unknowingly execute the malicious code when accessing the web page by selecting a link within the web page.

DLP

Data Loss Prevention is a system used to prevent this data from being sent out or taken.

DMZ

Demilitarized Zones allow network administrators to apply different security measures to devices commonly accessed by the public. These devices, such as web servers, are contained within a secure zone that is separated from the internal network by a firewall. This type of configuration provides another layer of security for the network and reduces an intruder's ability to gain access to company information.

Digital Signatures

Digital signatures are used to provide non-repudiation and validate the integrity of a message and its sender. Digital signatures are created by generating a hash value of a message, and then encrypting that hash value using their private key. Using the corresponding public key, the hash value can be decrypted and compared with the original. Digital signatures do not rely on out-of-band key exchanges to transport keys.

DAC

Discretionary Access Control involves granting permissions to users or groups to a resource. This is usually done by the creator of the resource and the permissions are configured using the discretionary access control list (DACL).

Dual-factor Authentication

Dual-factor authentication proves one's identity by implementing two authentication factors to increase the strength of authentication. For example, using a hardware token in conjunction with a PIN is dual factor authentication. This hardware token is ownership-based authentication, while the PIN is knowledge-based authentication.

DHCP

Dynamic Host Configuration Protocol is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. Used for allocating addresses to clients. This service is used in larger networks where static address assignment is not practical.

ECC

Elliptic curve cryptography is an asymmetric encryption algorithm that uses elliptic curves for encryption. It is often used on mobile devices due to its smaller key size and its decreased computing power requirements. It uses points on a curve to define private and public key pairings.

HMAC

Hash-based Message Authentication Code is a hashing algorithm that uses a secret key along with the hashing algorithm to calculate the message authentication code.

Hashing Algorithms

Hashing Algorithms are used to convert data into numerical value, referred to as a hash value. These hash values are often used to provided data integrity. Most hashing algorithms are one-way, which means that the original message cannot be built from the hash value. Hashing algorithms do not rely on out-of-band key exchanges to transport keys.

Hotfix

Hotfixes are applied to operating systems and software, and are designed to resolve a specific issue.

Hybrid Attack

Hybrid attacks work by combining multiple types of password guessing attacks. Generally, hybrid attacks work by using dictionaries of commonly used passwords along with mutation rules. These mutation rules are a list of commonly used variations, such as numbers, dates, and commonly used ASCII characters.

Kerberos Authentication

Users request a trike from the authenticating server, which in turn responses with a time-stamped ticket. The user requests a service ticket and the server response with a service ticket. The user then presents the service ticket to the resource and the resource authenticates the user and allows access.

VLAN

Virtual Local Area Networks allow network administrators to create network segmentation. VLANs are unique because network devices can be grouped together into one VLAN even thought they are not located on the same network segment. When implemented, every VLAN is its own subnet; therefore, security measures can be applied to each VLAN as required.

Vishing

Vishing is a form of social engineering that takes place over the phone. Often used to steal personal information and commit fraud by impersonating a trusted party. VoIP is often used for vishing attacks due to the ease of which called ID can be spoofed and because of how difficult VoIP traffic is to trace.

Whitelist

Whitelisting software uses a list of approved software to determine if the software is allowed to run. This is based on a deny approach where software not on the approved list is denied access.