Professor messer

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

FatAp

(Blank) also know as a stand alone AP, includes everything needed to connect wireless clients to a wireless network

Custom Firmware

(blank) can also root an Android.

PEAP (Protected Extensible Authentication Protocol)

(blank) is often implemented with MS-CHAPv2

identification, authentication, authorization

3 part of access control

IPSec (Internet Protocol Security)

A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption.

VPN concentrator

A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels.

third party app store

A site from which unofficial apps can be downloaded.

host-based intrusion detection system (HIDS)

A software-based application that runs on a local host computer that can detect an attack as it occurs.

EMI (electromagnetic interference)

A type of interference that may be caused by motors, power lines, televisions, copiers, fluorescent lights, or other sources of electrical activity.

WiFi protected setup (WPS)

A way to set up a secure wireless network by using a button personal identification number (PIN), or USB key to automatically configure devices to connect a network. WPS is not secure.

PEAP and EAP-TTLS

BLANK and BLANK only require certificate on the server not the clients.

COPE (Corporate Owned, Personally Enabled)

Bridges the gap by providing corporate owned resources that employees can use for personal tasks.

TACACS+

CISCO alternative to RADIUS. encrypts the entire authentication process and supports multiple challenges and responses. also uses TCP

PaaS (Platform as a Service)

Cloud-based virtual server(s). These virtualized platforms give programmers tools needed to deploy, administer, and maintain a Web application.

VDI (Virtual Desktop Infrastructure)

Company provides a "thin client" to the user where the desktop resides on a centralized server.

logic bomb

Computer virus triggered by the appearance or disappearance of specified data. executes in the response to an event. usually created by someone after they have left a company such as let go, or fired.

shoulder surfing

Gaining compromising information through observation (as in looking over someone's shoulder) or using cameras.

RSA

HSM generates and stores (blank) encryption keys and can be integrated with servers to provide hardware based encryption.

443

HTTPS encrypts HTTP traffic in transits and uses port

HTTP

HTTPS uses port (blank) for web traffic.

STP or RSTP

Helps prevent switching loops.

SCADA

IDS and IPS can also protect internal private networks such as

143

IMAP4 uses TCP port

authentication header AH

IPsec provides authentication with an ()

Iaas

Infrastructure as a Service. A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers.

hybrid cloud

Integrates one cloud service with other cloud services

389

LDAP uses TCP port

636

LDAPS uses TCP port

tracert

List the routes between two routers

Dumpster divers

Look through trash to try and find valuable information.

MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2)

Microsofts improvements over CHAP. Provides mutual authentication.

omnidirectional antennas

Most WAPS have

Unified Threat Management (UTM)

Network hardware that provides multiple security functions. Typically raise alerts and send them to an administrator.

110

POP recives email using TCP

Change Management

Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.

rootkits

Programs that allow hackers to gain access to your computer and take almost complete control of it without your knowledge.(Take Root control) These programs are designed to subvert normal login procedures to a computer and to hide their operations from normal detection methods.

Private Cloud

Provides cloud services to a single organization

3389

RDP uses TCP port

remote wipe

Remotely erases all contacts, email, photos, and other data from a device to protect your privacy.

web based applications

SAML provides SSO for

25

SMTP sends email using TCP port

161 and 162

SNMP uses UDP ports (blank) and Blank

993(legacy), 143

Secure IMAP uses TCS on port (Blank) or with STARTLS on port (blank)

995(legacy), 110

Secure POP uses TCS on port (Blank) or with STARTLS on port (blank)

SaaS (Software as a Service)

Services for delivering and providing access to software remotely as a web-based service

ipconfig/displaydns

Shows the contents of a DNS cache

Anti-spam software

Software designed to detect and block spam that has been sent to a computer.

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it.

iptables or xtables

Some Linux or other networks use (blank) or (blank) for firewall capabilities.

TLS (Transport Layer Security)

Some VPNS use (blank) to encrypt traffic within the VPN tunnel.

hacktivist

Someone who uses computers and computer networks to disrupt services or share secret information in an effort to draw attention to political or social issues.

FDE (Full Disk Encryption)

Systems which encrypt everything stored on the drive (the operating system, application programs, data, temporary files, and so forth) automatically without any user interaction.

EAP-TLS

The most secure EAP method is (blank). It requires a certificate on the server and on each wireless client.

BYOD (bring your own device)

The practice of allowing users to use their own personal devices to connect to an organizational network.

application blacklisting

The practice of preventing undesirable programs from running on a computer, computer network, or mobile device.

hypervisor

The software that creates, runs, and manages the VM is the

data exfiltration

The unauthorized transfer of data outside an organization.

Geofencing

The use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area.

ipconfig/all

This command includes TCP/IP configuration,MAC address,DNS< and DHCP if a client of one.

principal

This is a typical user. The user logs on once, if necessary it request a identity from the identity provider.

tethering

Transforms a smartphone or Internet-capable tablet into a portable communications device that shares its Internet access with other computers and devices wirelessly

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

TKIP (Temporal Key Integrity Protocol), or a CCMP

WiFi Protected Access (WPA) can use (blank) or (blank), however both have been deprecated. second choice is better.

false rejection

a biometeric system incorrectly rejects an authorized user.

Thin Ap

a controller based AP, a controller configures and manages the AP

DMZ

a layer of protection for servers that are accessible from the internet.

airgap

a metaphor for a physical isolation, indicating a systems network is completely isolated from another system or network.

sideloading

a method of downloading Android apps from the Internet without using the official Android Market

role BAC

a model used on job and functions or an individuals task at work.

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

Vishing

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information. Often us (VOIP)

matrix

a planning document that matches the roles with the required privileges

jailbreaking

a process to break through the restrictions that only allow apps to an iOS device to be downloaded from the iTunes Store at itunes.apple.com. Gives the user root or administrative privileges to the operating system and the entire file system and complete access to all commands and features.

HSM (Hardware Security Module)

a removable or external device used for encryption.

Evil Twin Attack

a rogue wireless access point with the same SSID as a legitimate access point.

worm

a self-replicating program able to propagate itself across a network without user intervention.

transparent proxy

accepts and forwards request without altering them.

reverse proxy

accepts traffic from the internet and forwards it to one or more internal web servers.

non-persistent virtual desktop

all users login using the same virtual desktop. it can be modified at the time of use, however after use the desktops reverts back to the known snapshot

SSL decryptors

allow an origination to inspect traffic, even when it is using SSL or TLS.

audit trial

allows security professionals to re-create the events that led up to a security incident.

out band

an IDS is (blank)

intarnet

an internal network, communicate and share information from within the network.

Shibboleth

an open source federated identity solution that includes open SAML libraries.

rouge access point

an unauthorized access point placed in a wireless network.

ACLs

antispoofing is implemented with

Oauth and Open ID Connect

applications that help streamline the authentication process, such as pay pal.

Honeypots/Honeynets

are individual computers created as a trap for intruders. they look and act like legitimate computers but do not host real data. usually configured with vulnerabilities in order to lure attackers to it. Also used to observe current attack methods and strategies.

On-premises clouds

are owned and maintained by an organization. Usually know as private cloud computing.

initialization vector IV

attack attempts to discover the IV and use it to discover the passphrase.

Near Field Communication

attack uses an NFC reader to read data from mobile devices.

spoofing

attackers discovering authorized MAC addresses and using them.

detective controls

attempt to detect incidents after they occur

preventative control

attempt to prevent an incident before it occures.

Flood guards

block MAC flood addresses

root of trust

can be described as the concept of trust in a system, software, or data. It is the most common form of attestation and provides a basic set of functions that care always trusted by the operating system. Attestation means that you are validation something as true. A root of trust can be designed as hardware based, or hybrid. The Trusted Platform Module (TPM) is on of the most common.

common acess cards CAC, Personal identity verification PIV

can be used as photo IDS and smart cards. both identification and authentication.

WPS attack

can discover the PIN in hours. Then it can use the PIN to find out the passphrase

Cloud base DLP

can enforce security polices for any data stored in the cloud

chmod command

change permission on Linux system.

identification

claims their identity with something like a username or email address.

nslookup and dig

command lines use to query DNS

FTP

commonly used to transfer files over network, but does not encrypt data.

routers

connect networks and direct traffic based on destination IP addresses.

Wireless Access Points (AP)

connect wireless clients to a wired network.

aggregation switch

connects multiple switches together in a network.

technical

controls that use technology

stateless firewall

controls traffic based between networks using rules within an acl. can block traffic based on ports, IP addresses, subnets, and some protocols.

physical

controls you can physically touch

TOTP (Time-Based One-Time Password)

creates a one time password that expires after 30 seconds.

chroot command

creates virtual sandboxes on Linux systems.

identity provider

creates, maintains, manages, identity information for principles

smart cards

credit card sized cards that have embedded certificates used for authentication. Require PKI to issue certificates.

TLS/SSL accelerators

dedicated hardware devices that handle Transport layer security TLS traffic.

maximum password age

defines when a user must change their password name. usually a given time like 45 days

network-based IDS NIDS

detects attacks on networks

integrity measurement tools

detects when an image deviates from its baseline.

deterrent controls

discourage individuals from causing an incident

water holing

discovers sites that target groups trust. They modify these sites to DL malware. Then lure these individuals to this site.

tokens or key fobs

display numbers in LCD. provide rolling one time use passwords that are verified and sync with a server.

open mode

doesnt use a PSK or 802.1x server. Many hotspots use this when providing free wifi to clients.

persistent virtual desktop

each user has a custom desktop interface which they cant utilize

ifconfig etho allmulti

enables multicast mode on the NIC. This allows the interface to receive all multicast traffic. By default it only accepts multicast traffic from groups that it has joined.

if config eth0 promisc.

enables promiscuous mode on the first Ethernet interface. This mode allows the interface to process all traffic it receives.

TLS (Transport Layer Security)

encrypt data in transit

Encapsulation Security Payload (ESP)

encrypts VPN traffic and provides confidentiality, integrity, and authentication.

Full Tunnel

encrypts all traffic once a user has connected to the VPN

Ipsec tunnel mode

encrypts the entire ip packet used in the internal network.

LDAPS

encrypts transmissions with TLS or SSL

patch management

ensure operating systems and applications are kept up to date.

service provider

entity that provides services to principals

ipconfig/flushdns

erases the contents of a DNS cache

DAC model

every object has an owner and that owner has explicit control over that object.

screen lock

features: putting a lock on a screen after the device times out

stateful firewall

filter traffic based on the state of a packet within the session.

networkbased firewalls

filter traffic in and out of a network. They are placed at the border of the network, such as between the internet and internal network.

Host based fire walls (application based)

filter traffic out of an individual host

jamming attack

floods a wireless frequency with noise, blocking wireless traffic.

Forward proxy servers

forward request for servers from a client. It can cache content and record users internet activity,

something you do

gestures on a touch screen

need to know

granted only access to data and information needed to do their job. (permission)

Social Engineering

hackers use their social skills to trick people into revealing access credentials or other valuable information

VM sprawl

happens when an organization has many VMs that arent managed correctly

DLP (data loss prevention)

help prevent data lose. Can block the use of USB and analyze outgoing email.

mantraps

help prevent tailgating

embedded certificate

holds the users private key and is matched with a public key. The private key is used each time the user logs onto the network.

account lockout duration

how long an account will be locked out for

minimum password age

how long the user must wait before changing their password again.

hashing,digital signatures, non-repudiation

how to provide integrity

Group Policy

implemented on a domain controller within a domain.

SED (self-encrypting drives)

includes hardware and software necessary to automatically encrypt a drive.

Open Source Intelligence

including any information available via websites and social media.

false positive

incorrectly raises an alert indicating there is an attack when there is none.

availability

indicates data and services are available when needed.

intrusion detection system IDS, intrusion prevention system IPS

inspect traffic using the same functionality as a protocol analyzer.

SoC (System on a Chip)

integrated system circuit that includes a full system.

kerberos

is a network authentication protocol using tickets issued by a TGT or KDC server. Tickets expire which cause for a higher level of security

Least Privilege

is a technical control. it specifies that individuals only granted access to the rights (actions) and permissions (information) needed to perform their task.

SAML (Security Assertion Markup Language)

is an XML-based standard use to exchange authentication and authorization between different parties.

VM escape

is an attack that allows the attacker to access the host system from within the virtual system

organized crime

is an enterprise that employees a group of individuals working together in criminal activities. usually motivated by money.

Rule Based Access Control (RBAC)

is based on a set of instructions. some use rules that trigger in a response to an event like ACL.

CHAP (Challenge Handshake Authentication Protocol)

is more secure than PAP and used three way handshake to authenticate clients.

rooting

jailbreaking an Android. Provides the user with root level access.

permanet NAC agent

known as a persistent NAC agent, it is installed on the client and stays with the client,

port security

limiting the number of MAC addresses per port and also disabling unused ports. You can also map specific MAC address to each port.

Mail gateways

logically placed between an email server and the internet. They can examine and analyze emails to block spam. Many include data loss prevention and encryption methods.

virus

malicious code that attaches itself to a host application. The code runs with the application is launched.

RAT (Remote Access Trojan)

malware that arrives in a trojan disguised as legitimate software and sets up a secret communication link to a hacker for remote use.

account lookout threshold

maximum number of times a wrong password can be entered.

hoax

message, often circulated through email. Tells of impending doom from a virus or security threat that doesnt exist.

Obfuscation

method to make something unclear or difficult to understand.

ABAC model

model uses attributes defined in polices to grant access and resources.

nontransparent proxy

modify or filter requests,such as filtering traffic based on destination URL.

enterprise mode

more secure than personal mode because it adds authentication. It uses an 802.1x authentication server implemented as a RADIUS server.

drive-by download

often attempt to infect systems with Trojans.

IPSec transport mode

only encrypts payload and is commonly used in private networks, but not with VPNS

split tunnel

only encrypts traffic destined for the VPNs private network.

HOTP (HMAC-based one-time password)

open source slandered used to create a one time password. Creates a one time password that does not expire.

guest

operating systems running on the host system are

compensating controls

other controls used when primary controls are not feasible

extranet

part of the network that can be accessed by authorized entities from outside the network.

steganography

practice of hiding data within data.

hardening

practice of making a system more secure than its default config.

Bluejacking

practice of sending unsolicited messages to a phone.

antispoofing

prevent ip address spoofing

disabling unused ports.

prevent unauthorized users form accessing unused ports, also known as port security.

Time of Day Restrictions

prevents users from logging on at specific times.

encryption and strong access control

primary method of protecting data is (blank) and (Blank)

public cloud

promotes massive, global, and industry-wide applications offered to the general public. Provided by third-party companies.

LEAP lightweight EAP

propriety to CISCO and does not require a certificate.

web application firewall WAF

protects a web server against web application attacks. It is typically placed in the DMZ and will alert administrators of events.

RTP and SRTP

protocols used for vocie and video include

vlans

provide increased segmentation of user computers.

SNMPv3

provide secure management of routers

backdoors

provides another way of accessing a system. often gives remote access to a system.

Radius

provides centeral authentiation for multiple remote access services. It relies on the use of shared secretes and only encrypts the password during authentication process. uses UDP

federation

provides central authentication in a non-homogeneous environment.

DNS

provides domain name resolutions

SRTP

provides encryption, message authentication, and integrity for RTP

SRTP - Secure Real Time Protocol

provides encryption, message authentication, for VoIP and other streaming media applications.

integrity

provides insurance that information has not been tampered with.

8021.x server

provides strong port security using port based-authentication. Helps to prevent rouge servers.

Network Time Protocol (NTP)

provides time sync services

DNSSEC

provides validation for DNS responses and helps prevent DNS posing attacks.

snapshot

provides you with a copy of the VM at that moment in time, which can be used as a backup.

Crypto-malware

ransomware that encrypts the user's data

SSO (Single Sign-On)

refers to the ability of a user to login on or access multiple systems by providing credentials only once.

heuristic based or behavioral based IDS

requires a base line and detects attacks based on abnormalities or when traffic is outside expected boundaries.

arp

resolves ip addresses to MAC addresses and stores the result in the cache

location based policies

restrict access based on the location of the user. This can be for specific IP address and MAC address.

DMZ

reverse proxy is placed in (blank) and the web servers can be in the internal network.

corrective controls

reverse the impact of an incident

ACLs

routers provide logical separation and segmentation using (Blank) to control traffic.

type 2 hypervisors

run as software within a host operating system

Type 1 hypervisors

run directly on the systems hardware, also know as bare-metal hypervisors.

Container Virtualization

runs within cells or containers and does not have its own kernel

antivirus software

scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware

SMTP (Simple Mail Transfer Protocol)

secure transfer of emails.

FTPS, SFTP, SSH, SSL,TSL

several encryption protocols for FTP. data encryption

ipconfig

shows basic info about the NIC, such as IP address, subnet mask, default gateway[y

ifconfig eth0

shows the configuration of the first Ethernet on a Linaux system.

IPS (Intrusion Prevention System)

similar to an active IDS except that it is placed inline with the traffic (also known as in-band) and can stop attacks before they reach the internal network.

something you have

smart card, PIV, CaC, or token

spyware

software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

CASB (Cloud Access Security Broker)

software tool or service that is deployed between a organizations network and cloud provider. It monitors all network traffic and can enforce security policies.

something you know

something like a username or password, pin, least secure

LDAP

specifies formats and methods to query directories. Provides a single point of management for objects like computers or users in an Active Directory Domain

credential management system

store and simplify the use of credentials for users. Such as remembering password for emails etc.

reversible encryption

stores the password in such a way that the original password can be discovered.

APT (Advanced Persistent Threat)

targeted attack against a network. A group has the ability to launch a sophisticated and targeted attack. They are sponsored by a nation-state and have large funds.

host

the phyical system hosting the VM

cloud computing

the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.

directional antenna

these antennas have narrow beams but longer ranges.

Radio Frequency Identification (RFID)

these attacks include eavesdropping, replay, and Dos.

IoT (Internet of Things)

things like devices you can wear or home automated devices.

authorization

this is given once authentication has been proven by the user.

accounting

track users activity and record their activity in logs. this provides

NAT

translates pulbic IP address to private,private back to public, and hides internal IP addresses from the public.

ad hoc wireless network

two or more devices connected together without an AP

implicit deny

unless something is implicitly allowed, then it is denied.

spam

unwanted e-mail (usually of a commercial nature sent out in bulk)

administrative

use administrative or management controls.

script kitties

use existing computer scripts or codes to launch attacks. Little experience and funding.

MAC filtering

used to restrict access to wireless networks

Remote Access Authentication

used when a user accesses a private network from a remote location, such as with a dial-up connection or a VPN connection

authentication

user proves their identity with something like a password.

geolocation

uses GPS to identify a devices location.

Diameter

uses TCP, encrypts the entire authentication process and supports many additional capabilities

personal mode

uses a pre-shard key (PSK). IT is easy to implant and used in many small wireless networks.

MAC model

uses sensitivity labels for users and data. commonly used on a need to know basis.

a signature based IDS or IPS

uses signatures to detect know attacks or vulnerabilities

software defined network SDN

uses virtualization tech to route traffic instead of hardware (routers, switches). It seperates data and control planes.

something you are

using biometerics such as fingerprint scanner, eye reader

somewhere you are

using geolocation, mac address, computer id

Insiders

usually employees of the company. have legitimate access to an organizations internal resources. Sometimes become malicious of greed or revenge.

EAP-FAST

was created to replace LEAP

false acceptance

when a bio-metric system incorrectly identifies an unauthorized user as a correct user.

false negative

when an attack is active, but not reported

Geo-tagging

Adding or allowing geographical identification data in a mobile app like pictures on a phone.

telnet, SSH, RDP

Admininstartors can use (blank 3) to connect to remote devices

community cloud

Allows cloud services to be shared by several organizations

USB OTG- USB on the go

Allows you to connect mobile devices

LDAP LDAPS

Also used in additon to kerberos in directory services solutions.

Disassociation attack

An attack that removes wireless clients from a wireless network, forcing it to re-authenticate.

phishing attack

An attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking e-mail.

bot herder

An attacker who controls a botnet.

captive portal AP

An infrastructure that is used on pubic access WLANs to provide a higher degree of security. You have to acknowledge a policy or pay to use the service.

embedded system

An operating system that combines processors and software in a device.

PAP (Password Authentication Protocol)

A remote-access authentication method that sends client IDs and passwords as cleartext also uses PINS

DEP (Data Execution Prevention)

A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region. Highest purpose is to stop malware.

EMP (electromagnetic pulse)

A burst of electromagnetic radiation from an explosion. An EMP pulse can damage electronic equipment.

TPM (Trusted Platform Module)

A chip on a motherboard that holds an encryption key required at startup to access encrypted data on the hard drive. includes full disk encryption, a secure boot process, and supports remote attestation.

master image

A copy of a properly configured and secured computer software system that can be replicated to other computers. Usually have baselines for a secure starting point.

sandboxing

A form of software virtualization that lets programs and processes run in their own isolated virtual environment. Used for security and testing purposes.

MDM (mobile device management)

A formalized structure that enables an organization to account for all the different types of devices used to process, store, transmit, and receive organizational data.

NAC (Network Access Control)

A group of technologies used to inspect network clients prior to granting network access.Can redirect unhealthy clients to a remediation network.

botnet

A logical computer network of zombies under the control of an attacker. They use malware to connect computers to (Blank)

application white listing

A method of restricting users to specific applications.

dissolvable NAC agent

A network access control (NAC) agent that disappears after reporting information to the NAC device. Usually employee on employee owned mobile devices.

Service Set Identifier (SSID)

A network name that wireless routers use to identify themselves.

wireless replay attack

A passive attack in which the attacker captures transmitted wire-less data, records it, modifies it, and then impersonates one of the parties by replaying the data.

whaling

A phishing attack that targets only high-end individuals.

least functionality

A principle in which a user is given the minimum set of permissions required to perform necessary tasks.

VPN (Virtual Private Network)

A private network that is configured within a public network such as the Internet

Bluesnarfing

A process in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection.

Trojan

A program disguised as a harmless application that actually produces harmful results.

Keylogger malware

A program that records every key struck on a keyboard and sends that information to an attacker.

RTOS (real time operating system)

A program with a specific purpose that must guarantee certain response times for particular computing tasks, or else the machine's applications is useless. (Found in many types of robotic equipment)

A records , AAAA records

DNS includes () zones for IPV4 and () zones for IPV6

53

DNS uses TCP port () for zone transfers

53

DNS uses UDP port () for DNS client queries

Kerberos

Directory services solutions implement () as a authentication protocol.

CYOD (Choose Your Own Device)

Enables employees to choose from a list of company approved choices.

Spanning Tree Protocol (STP)

Enables switches to detect and fix bridge loops by blocking redundant ports

encryption, access control, steganography

Ensuring confidentiality.


Ensembles d'études connexes

How do cells make and use energy?

View Set

Who were the radical Republicans

View Set

World History II "American and French Revolution Test"

View Set