Chapter 14 Flash Cards

What is network enumeration?

involves a thorough and systematic discovery as much of the corporate network as possible.

What is a HIDS?

a IDS installed on a single host and monitors all traffic coming into the host.

What is a SecureConfigured address?

a MAC address that has been manually identified as an allowed address.

What is a SecureSticky address?

a MAC address that is manually configured or dynamically learned and saved.

What is a NIDS?

a dedicated device installed on the network. It analyzes all traffic on the network.

What is a honeypot?

a device or virtual machine that entices intruders by displaying a vulnerability, config flaw, or appearing to contain valuable data.

What is a tarpit?

a honeypot that answers connection requests in such a way that the attacking computer is "stuck" for a period of time.

what is a honeynet?

a network of honeypots.

What is a vulnerability scanner?

a software program that passively searches an application, computer, or network for weaknesses.

What is a network mapper?

a tool that discovers devices on the network and displays the devices in a graphical representation.

What is a port scanner?

a tool that probes systems for open ports.

What is a ping scanner?

a tool that sends ICMP echo/request to one or multiple IP addresses.

What is a Open Vulnerability and Assessment Language(OVAL) ?

an international standard for testing, analyzing, and reporting the security vulnerabilities of a system.

What is DAI?

it is designed to prevent man in the middle attacks by validating ARP packets on the network.

What is a passive IDS?

it monitors, logs, and detects security breaches but takes no action to stop or prevent the attack.

What is an active IDS.

it performs the functions of an IDS bat can also react when security breaches occur.

What is signature recognition?

looks for patterns in network traffic and compares them to known attack patterns called signatures.

What is anomaly recognition?

monitors traffic to define a standard activity pattern as normal.

What is a single blind test?

one side has advanced knowledge.

What is a penetration test?

the attempt by an organization to circumvent security controls to identify vulnerabilities in their information systems.

what is a full knowledge test?

the tester has detailed info prior to starting the test.

What is a zero knowledge test?

the tester has no prior knowledge of the target system.

What is a partial knowledge test?

the tester has the same amount of info that would be available to a typical insider in the organization

What is port violation?

when the maximum number of MAC addresses has been seen on the port, and an unknown MAC address is then seen.

What is a double blind test?

where the penetration test does not have prior info about the system and the network admin has no knowledge that the test is being performed.