CEH v10 Ch - 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Management Network Zone or Secured Zone:

Access to this zone is limited to authorized users. Access to one area of the zone does not necessarily apply to another area of the zone.

Intranet Zone

a controlled zone, contains a set of hosts in an organization's network located behind a single firewall or set of firewalls, and generally has less restriction.

Internet DMZ:

a controlled, Internet-facing zone that typically contains Internet-facing components of network web servers and email gateways through which employees of an organization directly communicate. It acts as a barrier between the organization's private network and its public network.

Botnet

a huge network of compromised systems used by attackers to perform denial-of-service attacks.

noun "hacker"

a person who enjoys learning the details of computer systems and stretching his or her capabilities.

Enterprise Information Security Architecture (EISA)

a set of requirements, processes, principles, and models that determine the current and/or future structure and behavior of an organization's security processes, information security systems, personnel, and organizational sub-units.

Intelligence-based warfare

a warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battle space.

Non-Repudiation

a way to guarantee that the sender of a message cannot later deny having sent the message, and that the recipient cannot deny having received the message. Individuals and organization use digital signatures to ensure non-repudiation.

Economic Warefare

affect the economy of a business or nation by blocking the flow of information. This could be especially devastating to organizations that do a lot of business in the digital world.

Production Network Zone

also known as a restricted zone, supports functions for which access should be limited.

Insider Attack

an attack by someone from within an organization who has authorized access to its network and is aware of the network architecture.

Advanced Persistent Threats (APT)

an attack that focuses on stealing information from the victim machine without its user being aware of it.

Cloud Computing Threats

an on-demand delivery of IT capabilities in which IT infrastructure and applications are provided to subscribers as a metered service over a network. Clients can store sensitive information on the cloud. Flaw in one client's application cloud could potentially allow attackers to access another client's data.

Exploit

breach of IT system security through vulnerabilities, in the context of an attack on a system or network. It also refers to malicious software or commands that can cause unanticipated behavior of legitimate software or hardware through attackers taking advantage of the vulnerabilities.

Daisy Chaining

gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information.

Suicide Hackers

individuals who aim to bring down critical infrastructure for a "cause" and are not worried about facing jail terms or any other kind of punishment.

Black Hats

individuals who use their extraordinary computing skills for illegal or malicious purposes. This category of hacker is often involved with criminal activities. They are also known as cracker

White Hats

individuals who use their hacking skills for defensive purposes. These days, almost every organization has security analysts who are knowledgeable about hacking countermeasures, which can secure its network and information systems against malicious attacks. They have permission from the system owner.

Internet Zone

is the part of the Internet that is outside the boundaries of an organization. It is highly susceptible to security breaches, as there may be little or no security controls that can block an invasion.

Worms

malicious program that replicates, executes and spreads across network connections.

Information Risk Management (IRM)

only authorized personnel access and use information. This helps in achieving information security and business continuity.

Payload

part of a malware or an exploit code that performs the intended malicious actions, which can include creating backdoor access to a victim's machine, damaging or deleting files, committing data theft and hijacking computer.

Bot

perform tasks such as uploading viruses, sending mails with botnets attached to them, stealing data, and so on. Antivirus programs might fail to find—or even scan for—spyware or botnets.

Electronic Warefare

radio electronic and cryptographic techniques to degrade communication. Radio electronic techniques attack the physical means of sending information, whereas c

"cracker"

refer to persons who employ their hacking skills for offensive purposes.

Doxing

refers to gathering and publishing personally identifiable information such as an individual's name and email address, or other sensitive information pertaining to an entire organization.

Information Assurance

refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during usage, processing, storage, and transmission of information.

Command and control warfare (C2 warfare)

refers to the impact an attacker possesses over a compromised system or network that they control.

Defense In Depth

security professionals use several protection layers throughout an information system. helps to prevent direct attacks against an information system and its data because a break in one layer only leads the attacker to the next layer. If a hacker gains access to a system, minimizes any adverse impact and gives administrators and engineers time to deploy new or updated countermeasures to prevent a recurrence of intrusion.

Ethical Hacker

security professionals who employ their hacking skills for defensive purposes.

Viruses

self-replicating program that produces a copy of itself by attaching to another program, computer boot sector or document.

Bot

software application or program that can be controlled remotely to execute or automate predefined tasks.

Confidentiality

the assurance that the information is accessible only to those who are authorized to have access.

Availability

the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users.

Zero-Day Attack

the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them.

Authenticity

the characteristic of a communication, document, or any data that ensures the quality of being genuine or uncorrupted.

Vulnerability

the existence of weakness, design, or an implementation error that, when exploited, leads to an unexpected and undesirable event compromising the security of the system.

Hack Value

the notion among hackers to evaluate something that is worth doing or is interesting. Hackers derive great satisfaction from breaking down the toughest network security, and consider it their accomplishment as it is something that not everyone can do.

Hacker Warfare

the purpose of this type of warfare can vary from shutdown of systems, data errors, theft of information, theft of services, system monitoring, false messaging, and access to data.

verb "to hack"

the rapid development of new programs or the reverse engineering of existing software to make it better or more efficient in new and innovative ways.

Integrity

the trustworthiness of data or resources in the prevention of improper and unauthorized changes—the assurance that information is sufficiently accurate for its purpose. Checksums

Psychological warfare

use of various techniques such as propaganda and terror to demoralize one's adversary in an attempt to succeed in the battle.

Gray Hats

who work both offensively and defensively at various times. Fall between black and white hats.

Tiger Team

works together to perform a full-scale test covering all aspects of the network, as well as physical and system intrusion.


Ensembles d'études connexes

Health Online- Nutrition and Physical Activity- Nutrition and Health

View Set

VB Management Lesson 1 - Recruiting, Resumes, & Hiring

View Set

Life Insurance ch. 4 & 5 - Premiums, Proceeds and Beneficiaries & Life Insurance Underwriting and Policy Issue

View Set