WGU C178 Security+
Remote access server (RAS)
A computer that has one or more modems installed to enable remote connections to the network.
Server
A computer that provides resources to clients on the network.
Distributed Denial of Service (DDoS) attack
A derivative of a DoS attack in which multiple hosts in multiple locations focus on one target to reduce its availability to the public.
Transceiver
A device that allows the wireless network interface card (NIC) to connect to the network.
Biometric device
A device that can authenticate an individual based on a physical characteristic.
Sensor
A device that collects data from the data source and passes it on to the analyzer.
Power system
A device that provides electrical power
State table
A firewall security method that monitors the status of all the connections through the firewall.
NETBIOS name service
137
WINS
1512
L2F
1701
RADIUS
1812 & 1813
NFS
2049
RCP
22
SCP
22
SFTP
22
MGCP
2427 & 2727
Host-based firewall
A firewall which runs on a single host to prevent network activity for that host only.
Patch
A fix for a known software problem.
False positive
A flagged event that isn't really an event and has been falsely triggered.
Security log
A log file used in Windows NT to keep track of security events specified by the domain's audit policy. is used to store audit events that can be successful or failed
Adware
A malware application whose primary purpose is to deliver ads and generate revenue for the creator.
Key Exchange Algorithm (KEA)
A method of offering mutual authentication and establishing data encryption keys.
Local area network (LAN)
A network restricted to a single building, group of buildings, or even a single room. A LAN can have one or more servers.
Packet filtering
A network security mechanism that allows or restricts the flow of packets. It analyzes the incoming and outgoing packets and lets them pass or stops them at a network interface based on the source and destination addresses, ports, or protocols.
Cryptanalyst
A person who does cryptanalysis.
Security token
A piece of data that contains the rights and access privileges of the token bearer as part of the token.
Cookie
A plain-text file stored on your machine that contains information about you (and your preferences) and is used by a server.
Incident management
A process to identify, analyze, and correct threats to prevent future re-occurrence.
Internet Society (ISOC)
A professional membership group composed primarily of Internet experts. It oversees a number of committees and groups, including the Internet Engineering Task Force (IETF).
Virus
A program intended to damage a computer system. Many viruses spread using email. The infected system attaches a file to any email that you send to another user. The recipient opens this file, thinking it's something you legitimately sent them. When they open the file, the virus infects the target system.
Security zone
An area in a building where access is individually monitored and controlled.
World Wide Web Consortium (W3C)
An association concerned with interoperability, growth, and standardization of the World Wide Web (WWW). This group is the primary sponsor of XML and other web-enabled technologies.
Diffie-Hellman
An asymmetric standard for exchanging keys. It is used primarily to send secret keys across public networks. The process isn't used to encrypt or decrypt messages; it's used merely for the transmission of keys in a secure manner.
Access attack
An attack aimed at gaining access to resources.
Data policies
An important administrative control to have in place.
DoS attack
Denial of Service (DoS) attack.
Host-to-host
Describes communication that occurs between hosts.
Used for secure connections between two systems that use the Web
HTTP/S
Infrastructure
Hardware and software necessary to run your network.
Advanced Encryption Standard (AES)
Has replaced DES as the current standard, and uses the Rijndael algorithm for use by the U.S. government.
Application aware device
Has the ability to respond to traffic based on what is there.
HMAC
Hash-Based Message Authentication Code, uses a hashing algorithm along with a symmetric key.
WPS attacks
Have become commonplace, as the technology is susceptible to brute-force attacks used to guess the user's PIN.
HSM
Hierarchical storage management, A newer backup type which provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup.
Internal information
Information intended to remain within an organization. includes personnel records, financial working documents, ledgers, customer lists, and virtually any other information that is needed to run a business.
The newest version of the algorithm, which doesn't have strong collision resistance
MD5
password history
Most Microsoft OSs allow you to set this to a number between 0 (disabled) and 24. For the best security, set it to 24 so that 24 unique passwords must be used by any given user before they can begin to reuse them.
Switches
Multiport devices that improve network efficiency and have a small amount of information about systems in a network.
Perimeter security
Security set up outside a network or server to protect it.
An administrator can configure access control functions but is not able to administer audit functions. This is an example of what?
Separation of duties
User Datagram Protocol (UDP)
Provides an unreliable connectionless communication method between hosts.
Role-based training
The training that must be geared to specific roles.
Intrusion
The act of entering a system without authorization to do so.
Configuration management
The administration of setup and configuration changes.
Replication
The process of copying directory information to other servers to keep them all synchronized.
Entrapment
The process of encouraging an attacker to perform an act, even if they don't want to do it.
Business impact analysis (BIA)
The process of evaluating all critical systems in an organization to define impact and recovery plans.
Jamming
The process of intentionally generating noise or interference in an attempt to overwhelm and thereby prevent access to or use of a wireless signal.
Enticement
The process of luring someone into your plan or trap.
Fail-over/failover
The process of reconstructing a system or switching over to other systems when a failure is detected.
transceiver
a low-power transmitter/receiver
alert
a message from the analyzer indicating that an event of interest has occurred.
principal
a user, a program, or a system
Sniffer
monitors network traffic in a passive manner
Tripwire
monitors specific files to see if they have changed. If they have, the Tripwire system can either restore them or simply alert an administrator. There is both a commercial and an open source version of Tripwire.
defense in depth
multiple barrier system, Ideally, your systems should have a minimum of three physical barriers
hashing algorithm
must be one-way/nonreversible, have variable-length input and fixed-length output, and be collision resistant.
NAC
network access control
Network lock
synonymous with MAC filtering
Salt
the addition of bits at key locations, either before or after the hash
TGT
ticket granting ticket, This ticket is encrypted and has a time limit of up to 10 hours.
preventive control
to stop something from happening.
detective control
to uncover a violation.
in the clear
unencrypted
Which of the following is similar to Blowfish but works on 128-bit blocks?
Twofish
Unauthorized access to information using VoIP
Vishing
Which type of tool would BEST describe Nmap?
Vulnerability scanner
Nonrepudiation
Verifying (by whatever means) that data was seen by an intended party. It makes sure they received the data and can't repudiate (dispute) that it arrived.
NTLMv2
Version of NTLM.
Gray box
A middle ground between the first two types of testing (black box and white box) in which the tester has some limited knowledge of the target system.
Promiscuous mode
A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it.
Open Systems Interconnection (OSI) model
A model defined by the ISO to categorize the process of communication between computers in terms of seven layers: application, presentation, session, transport, network, data link, and physical.
Two-tier model
A model in which the client PC or system runs an application that communicates with a database running on a different server.
One-tier model
A model in which the database and applications exist on the same system.
Spike
A momentary or instantaneous increase in power over a power line.
Switched network
A network that has multiple routes to get from a source to a destination. Switching allows for higher speeds.
Passive response
A nonactive response, such as logging. Passive response is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.
Alert
A notification that an unusual condition exists and should be investigated.
Pad
A number of characters added to data before an operation, such as hashing takes place. Most often unique values, known as one-time pads, are added to make the resulting hash unique.
Sequence number
A number used to determine the order in which parts of a packet are to be reassembled after the packet has been split into sections.
Secure Hash Algorithm (SHA)
A one-way hash algorithm designed to ensure the integrity of a message. This algorithm produces a 160-bit hash value.
Network Control Protocol (NCP)
A part of Point-to-Point protocol (PPP) that encapsulates network traffic.
Client
A part of a client/server network where computing is done. In a typical setting, a client uses the server for remote storage, backups, or security (such as a firewall).
Public network
A part of a network outside a firewall that is exposed to public.
Private network
A part of a network that lies behind a firewall and isn't "seen" on the Internet. See firewall.
Third party
A party responsible for providing assurance to the relying party that a subscriber is genuine.
Route
A path to get to the destination from a source.
Service pack
A periodic update that corrects problems in one version of a product.
Operator
A person primarily responsible for the intrusion detection system (IDS).
Owner
A person responsible for current existence of a resource.
User
A person using a computer or network or a resource.
Cryptographer
A person who participates in the study of cryptographic algorithms.
Network interface card (NIC)
A physical device that connects computers and other network equipment to the transmission medium.
Cold site
A physical site that has all resources necessary to enable an organization to use it if the main site is inaccessible (destroyed).
Token
A piece of data holding information about a user. This information can contain group IDs, user IDs, privilege level, and so on.
Disaster recovery plan (DRP)
A plan outlining the procedure by which data is recovered after a disaster.
Incident response plan (IRP)
A policy that defines what steps are needed and who is responsible for deciding how to handle a situation.
Authority
A position, may be upper management, tech support, HR, or law enforcement
Wireless portal
A primary method of connecting a wireless device to a network.
Socket
A primary method used to communicate with services and applications such as the Web and Telnet. It is a programming construct that enables communication by mapping between ports and addresses.
DES
A primary standard used in government and industry until it was replaced by AES. It is based on a 56-bit key and has several modes that offer security and integrity.
Private cloud
A private cloud is owned, managed, and operated by an organization and often resides on equipment shared by traditional data center configurations that are local to the organization.
Birthday attack
A probability method of finding collision in hash functions. A collision occurs when two different values to be hashed give the same result, even though they differ from what was originally used.
DNS poisoning
A problem that existed in early implementations of DNS. also known as cache poisoning.
Social engineering
A process by which intruders gain access to your facilities, network, and even to employees by exploiting the generally trusting nature of people. Impersonation
Revocation
A process of canceling credentials that have been lost or stolen (or are no longer valid). With certificates, revocation is accomplished with a Certificate Revocation List (CRL).
Encryption
A process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can't decrypt it.
Decryption
A process of converting encrypted data back into its original form.
Interception
A process of covertly obtaining information not meant for you. Interception can be an active or passive process.
Information classification
A process of determining what information is accessible to what parties and for what purposes. Public use Internal use Restricted use
Forensics
A process of identifying what has occurred on a system by examining the data trail.
Keyed-Hash Message Authentication Code (HMAC)
"A mechanism for message authentication using cryptographic hash functions" per the draft of the Federal Information Processing Standard (FIPS) publication. Addressed in RFC 2104.
CHAP
(Challenge Handshake Authentication Protocol) was designed to stop man-in the-middle attacks. During the initial authentication, the connecting machine is asked to generate a random number (usually a hash) and send it to the server. Periodically the server will challenge the client machine, demanding to see that number again. If an attacker has taken over the session, they won't know that number and won't be able to authenticate.
PAP
(Password Authentication Protocol) is an older system that is no longer used. PAP sends the username and password to the authentication server in plain text.
SPAP
(Shiva Password Authentication Protocol) replaced PAP. The main difference is that SPAP encrypts the username and password.
RAID 3 or 4
(Striped Disks with Dedicated Parity): This RAID level combines three or more disks with the data distributed across the disks. This RAID level also uses one dedicated disk to store parity information. The storage capacity of the array is reduced by one disk (the one used for parity). If a disk fails, that is only a partial loss of data.
RAID 5
(Striped Disks with Distributed Parity): This RAID level combines three or more disks in a way that protects data against the loss of any one disk. It is similar to RAID 3, but the parity is distributed across the drive array.
RAID 6
(Striped Disks with Dual Parity): This RAID level combines four or more disks in a way that protects data against the loss of any two disks. It accomplishes this by adding an additional parity block to RAID 5. Each of the parity blocks is distributed across the drive array so parity is not dedicated to any specific drive.
RAID 0
(Striped Disks): This RAID level distributes data across multiple disks in a way that provides improved speed (read/write performance) at any given instant but does not offer any fault tolerance. A minimum of two disks are needed.
application extensions that should not be allowed to enter your network
.bat, .com, .exe, .hlp, .pif, .scr
System ports
0 to 1023
Well-known ports
0 to 1023
Business continuity planning (BCP)
A process of implementing policies, controls, and procedures to counteract effects of losses, outages, or failures of critical business processes. Two of the key components of BCP are business impact analysis (BIA) and risk assessment.
Disk mirroring
A process of keeping identical copies of data on two disks to prevent the loss of data if one disk fails.
EMI shielding
A process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities.
Key registration
A process of providing certificates to users, and a registration authority (RA) typically handles this function when the load must be lifted from a certificate authority (CA).
Certificate revocation
A process of revoking a certificate before it expires.
Hash/hashing
A process of transforming characters into other characters that represent (but are not) originals. Traditionally, results are smaller and more secure than the original.
Encoding
A process of translating data into signals that can be transmitted on a transmission medium.
Disk striping
A process of writing data to multiple disks simultaneously in small portions called stripes.
Scanning
A process that attackers use to gather information about how a network is configured.
Server authentication
A process that requires a workstation to authenticate against the server.
User access reviews
A process to determine whether a user's access level is still appropriate.
Worm
A program similar to a virus. Worms, however, propagate themselves over a network
Trojan horse
A program that enters a system or network under the guise of another program. The Trojan horse could create a backdoor or replace a valid program during installation
JavaScript
A programming language that allows access to resources of the system running the script. These scripts can interface with all aspects of an operating system just like programming languages, such as the C language.
Flood guard
A protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks.
Secure Electronic Transaction (SET)
A protocol developed by Visa and MasterCard for secure credit card transactions.
Simple Mail Transfer Protocol (SMTP)
A protocol for sending email between SMTP servers.
Federation
A collection of computer networks that agree on standards of operation, such as security standards.
Firewall
A combination of hardware and software that protects a network from attack by hackers who could gain access through public networks, including the Internet.
HVAC
A common acronym for Heating, Ventilation, and Air Conditioning.
Message authentication code (MAC)
A common method of verifying integrity. It is derived from the message and a shared secret key.
Workstation
A computer that isn't a server but is on a network. Generally, a workstation is used to do work, whereas a server is used to store data or perform a network function.
Redundant Array of Independent (or Inexpensive) Disks (RAID)
A configuration of multiple hard disks used to provide fault tolerance, should a disk fails, or gains in efficiency. Different levels of RAID exist.
Point-to-Point Protocol (PPP)
A data link protocol that works by encapsulating the network traffic in NCP. PPP allows many channels in a network connection (such as ISDN) to be connected or bonded together to form a single virtual connection. Authentication is handled by the Link Control Protocol (LCP). PPP doesn't provide for any encryption services for the channel. the unsecure nature of PPP makes it largely unsuitable for WAN connections, but other protocols have been created to build on PPP.
Uninterruptible power supply (UPS)
A device that can provide short-term power, usually by using batteries.
Router
A device that connects two or more networks and allows packets to be transmitted and received between them. It determines the best path for data packets from source to destination.
Mantrap
A device, such as a small room, that limits access to one or a few individuals. Mantraps typically use electronic locks and other methods to control access.
Certificate
A digital entity that establishes who you are and is often used with e-commerce. It contains your name and other identifying data.
Routing Information Protocol (RIP)
A distance-vector route discovery protocol used by Internetwork Packet Exchange (IPX) and Internet Protocol (IP). IPX uses hops and ticks to determine the cost for a particular route.
Common Criteria (CC)
A document of specifications detailing security evaluation methods for IT products and systems.
Request for Comments (RFC)
A document-creation process and a set of practices that originated in 1969 and is used for proposed changes to Internet standards.
Backup plan
A documented plan governing backup situations.
IEEE 802.11
A family of protocols that provides for wireless communications using radio-frequency transmissions.
Disk striping with parity
A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails, the data on it can be re-created by looking at the remaining data and computing parity to figure out the missing data.
Encrypting file system (EFS)
A feature in NTFS on Windows-based operating systems that allows for filesystem-level encryption to be applied.
Pharming
A form of redirection in which traffic intended for one host is sent to another. This can be accomplished on a small scale by changing entries in the hosts file and on a large scale by changing entries in a DNS server
Phishing
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via email.
Cross-site request forgery (XSRF)
A form of web-based attack in which unauthorized commands are sent from a user that a website trusts. Otherwise known as session riding.
Appliance
A freestanding device that operates in a largely self-contained manner.
Pretty Good Privacy (PGP)
A freeware email system, which is used for email security. uses both symmetrical and asymmetrical systems as a part of its process, During the encryption process, the document is encrypted with the public key and also a session key, which is a one-use random number, to create the ciphertext. The session key is encrypted into the public key and sent with the ciphertext. On the receiving end, the private key is used to ascertain the session key. The session key and the private key are then used to decrypt the ciphertext back into the original document.
Routing
A function of the Network layer that involves moving data throughout a network. See Router.
Site survey
A generic site survey involves listening on an existing wireless network using commercially available technologies.
Internet
A global network made up of a large number of individual networks that are interconnected and uses TCP/IP. See Transmission Control Protocol/Internet Protocol (TCP/IP).
Gramm-Leach-Bliley Act
A government act containing rules on privacy of consumer finance information. also known as the Financial Modernization Act of 1999, requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy. The act prohibits banks from releasing information to nonaffiliated third parties without permission. The law went into effect in July 2001. Financial officers and the board of directors can be held criminally liable for violations.
Network
A group of devices connected by some means for sharing information or resources.
VPN concentrator
A hardware device used to create remote access VPNs.
Encapsulating Security Payload (ESP)
A header used to provide a mix of security services in IPv4 and IPv6. It can be used alone or in combination with the IP Authentication Header (AH). can operate in either the transport or tunnel mode.
Authentication Header (AH)
A header used to provide connectionless integrity and data origin authentication for IP datagrams and protection against replays. can operate in either the transport or tunnel mode.
Checksum
A hexadecimal value computed from transmitted data used in error-checking routines.
Virtualization
A key component of cloud computing that makes it possible by abstracting the hardware and making it available to virtual machines.
Ephemeral key
A key for a specific session.
Preshared key
A key shared by all of the clients and the access point.
Private key
A key that isn't disclosed to people who aren't authorized to use the encryption system.
Weak key
A key used with a particular cipher that makes it function in an undesirable manner.
Port
A kind of opening that allows network data to pass through.
Ping of death
A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host's buffer. It is usually causes the remote host to reboot or hang. sPing is an example of a ping of death
Evaluation Assurance Level (EAL)
A level of assurance, expressed as a numeric value, based on standards set by the Common Criteria Recognition Agreement (CCRA).
Open Shortest Path First (OSPF)
A link-state routing protocol used in IP networks.
Certificate Revocation List (CRL)
A list of digital certificates that a specific CA states should no longer be used.
Password history
A list of passwords that have already been used.
Wireless local area network (WLAN)
A local area network that employs wireless access points (WAPs) and clients using 802.11 standards.
Offsite storage
A location away from the computer center where paper copies and backup media are kept.
Onsite storage
A location on the site of the computer center that is used to store information locally.
Hot site
A location that can provide operations within hours of a failure. A hot site is also referred to as an active backup model.
Port Address Translation (PAT)
A means of translation between ports on a public and private network.
Remote authentication dial-in user service (RADIUS)
A mechanism that allows authentication of dial-in and other network connections. RADIUS is commonly used by Internet service providers (ISPs) and in the implementation of virtual private networks (VPNs).
Sandbox
A memory area set aside for running applications in their own memory space.
Internet Control Message Protocol (ICMP)
A message and management protocol for TCP/IP. The ping utility uses ICMP.
Misuse-detection IDS (MD-IDS)
A method of evaluating attacks based on attack signatures and audit trails.
Penetration testing
A method of evaluating security of a computer system or network by simulating an attack from a malicious source.
Tailgating
A method of gaining entry to electronically locked systems by following someone through the door they just unlocked.
Trusted Platform Module (TPM)
A method of utilizing encryption and storing passwords on a chip. The hardware holding the chip is then needed to unencrypt the data and make it readable.
Transmission Control Protocol/Internet Protocol (TCP/IP)
A protocol suite developed by the Department of Defense (DoD) in conjunction with the Internet. It was designed as an internetworking protocol suite that could route information around network failures.
Challenge Handshake Authentication Protocol (CHAP)
A protocol that challenges a system to verify identity. It is an improvement over Password Authentication Protocol (PAP) in which one-way hashing is incorporated into a three-way handshake.
Telnet
A protocol that functions at the Application layer of the OSI model, providing terminal emulation capabilities. See Open Systems Interconnection (OSI) model.
Secure Sockets Layer (SSL)
A protocol that is used to establish a secure communication connection between two TCP-based machines. uses the handshake method of establishing a session.
Hypertext Transfer Protocol (HTTP)
A protocol used for communication between a web server and a web browser.
Secure Hypertext Transfer Protocol (S-HTTP)
A protocol used for secure communications between a web server and a web browser. is HTTP with message security (added by using RSA or a digital certificate)
Dynamic Host Configuration Protocol (DHCP)
A protocol used on a TCP/IP network to automate the assignment of IP addresses to workstations.
Post Office Protocol Version 3 (POP3)
A protocol used to download email from an SMTP email server to a network client. See Simple Mail Transfer Protocol (SMTP).
Link Control Protocol (LCP)
A protocol used to establish, configure, and test the link between a client and PPP host. See Point-to-Point Protocol (PPP).
Address Resolution Protocol (ARP)
A protocol used to map known IP addresses to unknown physical addresses.
Transport Layer Security (TLS)
A protocol whose purpose is to verify that secure communications between a server and a client remain secure. Defined in RFC 2246.
Internet Message Access Protocol (IMAP)
A protocol with a store-and-forward capability. It can also allow messages to be stored on an email server instead of downloaded to the client.
dual-homed firewall
A proxy firewall typically using two network interface cards (NICs)
Proxy firewall
A proxy server that also acts as a firewall, blocking network access from external networks.
Data integrity
A quality that provides a level of confidence that data won't be jeopardized and will be kept secret. assurance that a message wasn't modified during transmission.
Web application firewall
A real-time appliance that applies a set of rules to block traffic to and from web servers and try to prevent attacks.
Health Insurance Portability and Accountability Act (HIPAA)
A regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information.
Single sign-on (SSO)
A relationship between the client and the network wherein the client is allowed to log on one time, and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there).
Mandatory Access Control (MAC)
A relatively inflexible method for how information access is permitted. In a MAC environment, all access capabilities are predefined.
Evil twin
A rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
Border router
A router used to translate from LAN framing to WAN framing.
FTPS
A secure method for transferring data using FTP. It uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to secure communications and operates on port 990.
Host software baselining
A security baseline which defines the security level that will be implemented and maintained.
Wireless Transport Layer Security (WTLS)
A security layer of the Wireless Applications Protocol (WAP). WTLS provides authentication, encryption, and data integrity for wireless devices.
Wired Equivalent Privacy (WEP)
A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network. WEP was vulnerable because of weaknesses in the way its encryption algorithms (RC4) are employed. Uses a 24-bit Initialization Vector.
SAN
A separate network set up to appear as a server to the main organizational network. SANs usually have redundant servers, and they are connected via high-speed fiber-optic connections or iSCSI running on copper.
Algorithm
A series of steps/formulas/processes followed to arrive at a result.
Web server
A server that holds and delivers web pages and other web content using HTTP. See Hypertext Transfer Protocol (HTTP)
Active Directory
A server that runs AD retains information about all access rights for all users and groups in the network. When a user logs on to the system, AD issues the user a globally unique identifier (GUID). Applications that support AD can use this GUID to provide access control. Access can be established through groups, and it can be enforced through group memberships. Mimics Kerberos Single Sign On.
Client/server network
A server-centric network in which all resources are stored on a file server and processing power is distributed among workstations and the file server.
RAID levels
A set of RAID configurations that consists of striping, mirroring, or parity.
Hypertext Markup Language (HTML)
A set of codes used to format text and graphics that will be displayed in a browser. Codes define how data will be displayed.
Federal Information Processing Standard (FIPS)
A set of guidelines for the U.S. federal government information systems.
Separation of duties
A set of policies designed to reduce the risk of fraud and prevent other losses in an organization.
IP Security (IPSec)
A set of protocols that enable encryption, authentication, and integrity over IP. It is commonly used with virtual private networks (VPNs) and operates at Layer 3.
Best practices
A set of rules governing basic operations based on methods that have consistently shown superior results over those achieved by other means.
Network Access Control (NAC)
A set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.
Public Key Cryptography Standards (PKCS)
A set of voluntary standards created by RSA security and industry security leaders.
Message digest
A signature area within a message.
Loop protection
A similar feature that works in layer 2 switching configurations and is intended to prevent broadcast loops. disable broadcast forwarding to protect against duplicate ARP requests
Hash value
A single number used to represent an original piece of data.
Warm site
A site that provides some capabilities in the event of a disaster. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that might already exist in the warm site.
Protocol analyzer
A software and hardware troubleshooting tool used to monitor data transmitted across a network.
Vulnerability scanner
A software application that checks your network for any known security holes; it's better to run one on your own network before someone outside the organization runs it against you.
Macro virus
A software exploitation virus that works by using the macro feature included in many applications.
Common Access Card (CAC)
A standard identification card used by the Department of Defense (DoD) and other employers. It is used for authentication as well as identification. A picture appears on the front of the card with an integrated chip beneath and a barcode. On the back of the card, there is a magnetic strip and another barcode.
Lightweight Directory Access Protocol (LDAP)
A standardized directory access protocol that allows queries to be made of directories.
Privacy
A state of security in which information isn't seen by unauthorized parties without the express permission of the party involved.
Hard drive
A storage device that is used for retrieving digital information.
RC4
A streaming cipher that works with key sizes between 40 and 2048 bits, and used in SSL and TLS; and popular with wireless and WEP/WPA encryption.
Encryption key
A string of alphanumeric characters used to decrypt encrypted data.
Closed-circuit television (CCTV)
A surveillance camera used for physical-access monitoring.
Cryptographic algorithm
A symmetric algorithm, also known as a cipher, used to encrypt and decrypt data.
Private Branch Exchange (PBX)
A system that allows users to connect voice, data, pagers, networks, and almost any other application into a single telecommunications system. It allows an organization to be its own phone company.
Three-tier model
A system that effectively isolates an end user from a database by introducing a middle-tier server.
two-factor authentication
A system that uses smart cards and passwords
Access control list (ACL)
A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.
Routing table
A table that contains information about locations of other routers on the network and their distance from the current router.
Computer Emergency Response Team (CERT)
A team of experts who respond to computer security incidents. One item that CERT addresses is the issue of exception handling.
Fuzzing
A technique of providing unexpected values as input to an application to make it crash.
Near field communication
A technology that requires a user to bring the client close to AP to verify that the device is present.
Integrated Services Digital Network (ISDN)
A telecommunications standard used to digitally send voice, data, and video signals over the same lines.
External threat
A threat that originates from outside the company.
Layer 2 forwarding (L2F)
A tunneling protocol developed by Cisco that is used with virtual private networks (VPNs). shouldn't be used over WANs. L2F provides authentication, but it doesn't provide encryption.
Layer 2 Tunneling Protocol (L2TP)
A tunneling protocol that adds functionality to the point-to-point protocol (PPP). This protocol was created by Microsoft and Cisco and is often used with virtual private networks (VPNs).
Secure Shell (SSH)
A tunneling protocol that uses encryption to establish a secure connection between two systems.
Public Key Infrastructure (PKI)
A two-key asymmetric encryption system wherein messages are encrypted with a public key and decrypted with a private key. four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates.
Identification and authentication (I&A)
A two-step process of identifying a person (usually when they log on) and authenticating them by challenging their claim to access a resource.
Connection-oriented
A type of communication between two hosts that have a previous session established for synchronizing sent data. The receiving PC acknowledges the data.
Connectionless
A type of communication between two hosts that have no previous session established for synchronizing sent data. The data isn't acknowledged at the receiving end.
Role-based access control (RBAC)
A type of control wherein the levels of security closely follow the structure of an organization.
Buffer overflow attack
A type of denial of service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it (as the name implies).
Proxy
A type of firewall that prevents direct communication between a client and a host by acting as an intermediary. See firewall.
Elliptic curve cryptography (ECC)
A type of public key cryptosystem that requires a shorter key length than many other cryptography systems (including the de facto industry standard, RSA). y2 = x3 + ax + b
Spim
A type of spam that targets users over instant messaging.
Blowfish
A type of symmetric block cipher created by Bruce Schneier. has a 64-bit block size and a variable key length from 32 bits up to 448 bits.[
Carlisle Adams Stafford Tavares (CAST)
A type of symmetric block cipher defined by RFC 2144.
Segment
A unit of data transmission found at the Transport layer of the Open Systems Interconnection (OSI) model and used by TCP.
Multipartite virus
A virus that attacks a system in more than one way.
Retrovirus
A virus that attacks or bypasses the antivirus software installed on a computer. You can consider a retrovirus to be an anti-antivirus. can directly attack your antivirus software and potentially destroy the virus definition database file.
Stealth virus
A virus that attempts to avoid detection by masking itself from applications.
Companion virus
A virus that creates a new program that runs in place of an expected program of the same name. attaches itself to legitimate programs and then creates a program with a different filename extension.
Armored virus
A virus that is protected in a way that makes disassembling it difficult. The difficulty makes it "armored" against antivirus programs that have trouble getting to, and understanding, its code.
Phage virus
A virus that modifies and alters other programs and databases. The only way to remove this virus is to reinstall the programs that are infected. If you miss even a single incident of this virus on the victim system, the process will start again and infect the system once more.
Uniform Resource Locator (URL)
A way of identifying a web page. It consists of the protocol used to access the page and the domain name or IP address of the host.
Out-of-band method
A way to transmit the encryption key by using a method other than the one used to transmit the data.
Vulnerability
A weakness that could be exploited by a threat.
Wireless access point
A wireless bridge used in a multipoint radio frequency (RF) network.
Rogue server
An active Dynamic Host Configuration Protocol (DHCP) server that has been added to a network and is now leasing addresses to users instead of them obtaining an address from your server.
Xmas attack
An advanced scan that tries to get around firewall detection and look for open ports. (think of the led's lit on each port). This is an advanced scan that tries to get around firewall detection and look for open ports. It accomplishes this by setting three flags (FIN, PSH, and URG)
National Institute of Standards and Technology (NIST)
An agency (formerly known as the National Bureau of Standards (NBS)) that has been involved in developing and supporting standards for the U.S. government for over 100 years. NIST has become involved in cryptography standards, systems, and technology in a variety of areas. It's primarily concerned with governmental systems, where it exercises a great deal of influence.
Whaling
An attack targeted at an individual with an intent of obtaining confidential company information. It involves the use of an email or webpage that appears legitimate and contains a high sense of urgency.
Smurf attack
An attack that consists of spoofing the target machine's IP address and broadcasting to that machine's routers so that the routers think the target is sending out the broadcast.
ICMP attack
An attack that occurs by triggering a response from the Internet Control Message Protocol (ICMP) when it responds to a seemingly legitimate maintenance request.
Man-in-the-middle attack
An attack that occurs when someone/something that is trusted intercepts packets and retransmits them to another party.
Client-side attack
An attack that targets vulnerabilities in client applications that interact with a malicious server.
TCP sequence attack
An attack wherein an attacker intercepts and then responds with a sequence number similar to the one used in the original session. The attack can either disrupt a session or hijack a valid session.
Polymorphic
An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The virus will attempt to hide from your antivirus software. Frequently, the virus will encrypt parts of itself to avoid detection. When the virus does this, it's referred to as mutation.
Kerberos
An authentication scheme that uses tickets (unique keys) embedded within messages. Named after the three-headed guard dog that stood at the gates of Hades in Greek mythology.
Local registration authority (LRA)
An authority used to identify or establish the identity of an individual for certificate issuance. The primary difference between an RA and an LRA is that the latter can be used to identify or establish the identity of an individual. The LRA involves the physical identification of the person requesting a certificate.
Bot
An automated software program (network robot) that collects information on the Web. In the malicious form, a bot is a compromised computer being controlled remotely.
Faraday cage
An electrically conductive wire mesh or other conductor woven into a "cage" that surrounds a room and prevents electromagnetic signals from entering or leaving the room through walls.
Activity
An element of a data source that is of interest to the operator.
Post Office Protocol (POP)
An email access program used to retrieve email from an email server.
Public key
An encryption key, used in asymmetric cryptography, combined with a private key to effectively facilitate communication.
Recovery agent
An entity that has the ability to recover a key, key components, or plaintext messages as needed.
False negatives
An error in which you are not alerted to a situation when you should be alerted due to which, you miss crucial things.
Work factor
An estimate of the amount of time and effort that would be needed to break a system.
Risk analysis
An evaluation of each risk that can be identified. Each risk should be outlined, described, and evaluated on the likelihood of it occurring.
AES256
An implementation of Advanced Encryption Standard (AES) that uses 256-bit encryption.
Institute of Electrical and Electronics Engineers, Inc. (IEEE)
An international organization that sets standards for various electrical and electronics issues.
Internet Engineering Task Force (IETF)
An international organization that works under the Internet Architecture Board to establish standards and protocols relating to the Internet.
Network-based IPS (N-IPS)
An intrusion prevention system that is network based. To prevent the intrusion, it must first be detected (thus making it a superset of IDS), and then act accordingly.
Certificate authority (CA)
An issuer of digital certificates (which are then used for digital signatures or key pairs).
Port scanner
An item (physical or software) that scans a server for open ports that can be taken advantage of.
Service
An item that adds functionality to a network by providing resources or doing tasks for other computers. programs that run when the operating system boots, and they are often running in the background without users interacting directly with them.
Physical barrier
An object, such as a locked door, used to restrict physical access to network components.
Common Gateway Interface (CGI)
An older form of scripting used extensively in early web systems.
Hijacking (TCP/IP hijacking)
An older name for all man-in-the-middle attacks. See TCP/IP hijacking.
Serial Line Internet Protocol (SLIP)
An older protocol designed to connect Unix systems together in a dial-up environment, and supports only serial communications.
Continuous monitoring
An ongoing audit of what resources a user actually accesses.
Backdoor
An opening left in a program application (usually by a developer) that allows additional access to data. These are created for debugging purposes and aren't documented.
Trusted OS
An operating system that meets the government's requirements for security.
Internet Assigned Numbers Authority (IANA)
An organization responsible for governing IP addresses.
Registration authority (RA)
An organization that offloads some of the work from a certificate authority (CA).
Key distribution center (KDC)
An organization/facility that generates keys for users.
Threat
Any perceivable risk that may result in harm of systems and organizations.
Asset
Any resource of economic value that you want to secure and protect.
DNS server
Any server that performs address resolution from a DNS fully qualified domain name (FQDN) to an IP address.
Zombie
Any system taking directions from a master control computer. It is often utilized in distributed denial of service (DDoS) and botnet attacks.
Eavesdropping
Any type of passive attack that intercepts data in an unauthorized manner—usually in order to find passwords. Cable sniffing, wiretapping, and man-in-the-middle attacks are eavesdropping attacks.
Attack
Any unauthorized intrusion into the normal operations of a computer or computer network. It can be carried out to gain access to the system or any of its resources.
Least privilege
Any user will be granted only the privileges necessary to perform their job function.
Guards
Anyone who might be allowed unfettered access to grounds, network, or system.
Postmortem
Anything that occurs "after the fact," such as an audit or review.
Multihomed
Anytime you have a system that is configured with more than one IP address
Time of day restrictions
Applies time restriction for an account to access the system.
Asset tracking
As simple as a serial number etched in a device or as complex as a GPS locator.
Which of the following features is not available in L2TP?
Built-in encryption
BCP
Business continuity planning
BIA
Business impact analysis
malicious insider threat
Don't overlook the most common personal motivator of all: greed. It may surprise you, but people can be bribed to give away information, and one of the toughest challenges is someone on the inside who is displeased with the company and not afraid to profit from it.
Alarm
Draws attention to a breach, or suspected breach, when it occurs.
War driving
Driving around with a laptop looking for open wireless access points with which to communicate.
Limited distribution
Describes information that isn't intended for release to the public. This category of information isn't secret, but it's private.
Session hijacking
Describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.
Host-based IDS (HIDS)
Designed to run as software on a host computer system.
DNAT
Destination NAT. can be used to redirect traffic destined for a virtual host to the real host.
Used for the secure transmission of keys
Diffie-Hellman key exchange
DHE or EDH
Diffie-Hellman with an ephemeral key.
DSSS
Direct-sequence spread spectrum
Directory Sharing
Directory sharing should be limited to what is essential to perform system functions.
user accounts for exiting employees
Disabled, regardless of the circumstances
DRP
Disaster recovery plan
LDAP uses four different name types
Distinguished Name Relative Distinguished Name User Principal Name Canonical Name
DN
Distinguished name
DDoS attack
Distributed Denial of Service (DDoS) attack.
Subnetting
Divides a network into smaller components using the subnet mask value.
Network segmentation
Dividing your network into segments.
Trends
Do not refer to the latest fad in security; instead refer to trends in threats.
There are five levels of testing
Document Review Walkthrough Simulation Parallel Test Cutover Test
DNSSEC
Domain Name System Security Extensions. checks digital signatures and can protect information by digitally signing records.
Instant messaging (IM)
Immediate communication that can be sent back and forth between users who are currently logged on. From a security standpoint, there are risks associated with giving out information via IM.
Implicit deny
Implied at the end of each ACL, which means that if the proviso in question has not been explicitly granted, access is denied.
Organization security awareness training program
Importance of security Responsibilities of people in the organization Policies and procedures Usage policies Account and password-selection criteria Social engineering prevention
The phishing filter in Internet Explorer can be turned on or off, or the entire filter can be disabled. To turn on automatic website checking, follow these steps:
In Internet Explorer, click Tools > Internet Options and choose the Advanced tab. Scroll down beneath Settings to Security. Click Enable SmartScreen Filter. Click OK. A message appears telling you that website addresses will be sent to Microsoft and checked against a database of reported phishing websites. Click OK. Exit the Internet Options.
The following steps will allow you to verify whether or not a TPM chip is installed on your computer
In Windows 7, open Control Panel and choose Security. Under Security, choose BitLocker Drive Encryption. A dialog box will appear. The contents of the box do not matter. What does matter is a link in the lower-left corner that reads TPM Administration. If the link is there, TPM is installed and active. If you don't see the link but are certain that your computer contains such a chip, you may need to boot into your BIOS Setup menu and enable TPM before trying this again.
Clean desk policies
Information on a desk - in terms of printouts, pads of note paper, sticky notes, and the like- can be easily seen by prying eyes and taken by thieving hands.
Public information
Information that is publicly made available to all.
Private information
Information that isn't for public knowledge.
Restricted information
Information that isn't made available to all and to which access is granted based on some criteria. It includes proprietary processes, trade secrets, strategic information, and marketing plans. this type of information is also placed on a need-to-know basis—unless you need to know, you won't be informed.
ISN
Initial Sequence Number (part of TCP handshake)
Stateful packet filtering
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel.
Unauthorized monitoring of network traffic.
Interception
ISA
Interconnection Security Agreement. An agreement that documents technical requirements of connected systems two organizations have.
ITU-D
International Telecommunications Union-D, is concerned with expanding telecommunications throughout undeveloped countries.
ITU-R
International Telecommunications Union-R, is concerned with radio communication and spectrum management
ITU-T
International Telecommunications Union-T, is concerned with telecommunications standards
IIS
Internet Information Services. is an extensible web server created by Microsoft for use with Windows NT family.[2] IIS supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP.
iSCSI
Internet Small Computer Systems Interface. Allows data storage and transfers across the existing network. Routable over an IP network.
Nonintrusive tests
Involve passively testing security controls - performing vulnerability scans, probing for weaknesses, but not exploiting them.
Tabletop exercises
Involve sitting around a table and discussing (with the help of a facilitator) possible security risks in a low-stress format.
Intrusive tests
Involve testing security controls - trying to break into the network.
Privilege escalation
Involves a user gaining more privileges than they should have.
Impersonation
Involves any act of pretending to be someone you are not.
URL filter
Involves blocking websites based solely on the URL, restricting access to specified websites and certain web-based applications.
Risk avoidance
Involves identifying a risk and making the decision to no longer engage in the actions associated with that risk.
Integer overflow
Involves putting too much information into too small space that is set aside for numbers.
Risk transference
Involves sharing some of the risk burden with someone else, such as an insurance company.
War chalking
Involves those who discover a way into the network leaving signals on, or outside, the premise to notify others that a vulnerability exists there.
Risk deterrence
Involves understanding about the enemy and letting them know the harm that can come their way if they cause harm to you.
Server-side validation
Involves validating data after the server has received it.
digital signature
It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message.
Caesar cipher
It was purportedly used by Julius Caesar. The system involves simply shifting all letters a certain number of spaces in the alphabet. Supposedly, Julius Caesar used a shift of 3 to the right.
A self-contained program downloaded from a server to a client
Java Applet
A small, easy to use subset of the more complex Java code environment
JavaScript
To avoid mishandling of information (electronic or documents), what should you consider using?
Labeling
Honeynets
Larger initiatives in the area of honeypot technology.
LBAC
Lattice-Based Access Control. A form of Mandatory Access Control
LDAP
Lightweight Directory Access Protocol is a standardized directory access protocol that allows queries to be made of directories (specifically, pared-down X.500-based directories). LDAP is the main access protocol used by Active Directory. It operates, by default, at port 389. The LDAP syntax uses commas between names.
LEAP
Lightweight Extensible Authentication Protocol. Created by Cisco as an extension to EAP, but it's being phased out in favor of PEAP. LEAP requires mutual authentication to improve security but it's susceptible to dictionary attacks.
Which classification of information designates that information can be released on a restricted basis to outside organizations?
Limited distribution
Rule-based access control
Limits a user to make settings in preconfigured policies.
ps -ef | more
Linux include a graphical utility to allow you to see the running processes
man tool
Linux manual tool
man command followed by the name of the process
Linux process lookup
ps -u root
Linux root process lookup
at.deny
Linux, only the users named in that file cannot use the service (you are explicitly denying them) and all others can.
at.allow
Linux, only those users named can use the service and all others cannot.
Virtual LAN (VLAN)
Local area network (LAN) that allows users on different switch ports to participate in their own network separate from, but still connected to, other stations on the same or a connected switch.
LSO
Locally Shared Object is also commonly known as a Flash Cookie and is nothing more than data stored on a user's computer by Adobe Flash. Often this is used to store data from games that have been played through Flash or user preferences, and it can represent a security/privacy threat.
Flash Cookies
Locally shared objects stored on a user's computer by Adobe Flash.
passive responses
Logging, notification, shunning
Banner grabbing
Looking at the banner, or header, information messages sent with data to find out about the system(s).
Dumpster diving
Looking through trash for clues—often in the form of paper scraps—to find users' passwords and other pertinent information.
Code review
Looks at all custom written code for holes that may exist.
Behavior based detection IDS
Looks for variations in behavior such as unusually high traffic and policy violations, by which it is able to recognize potential threats and respond quickly to them.
Placing software between a server and a user without their information. Exploits the real time processing of transactions, conversations, or transfer of other data.
Man-in-the-Middle
Environmental controls
Manage temperature, humidity, and other environmental factors necessary to the health of your computer systems.
Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access?
Mantrap
Layer 2 Tunneling Protocol
Microsoft and Cisco agreed to combine their respective tunneling protocols into one, is a hybrid of PPTP and L2F. information isn't encrypted. L2TP works over IPX, SNA, and IP. Security can be provided by protocols such as IPSec. uses port 1701 and UDP for connections.
Motion detection
Monitors a location and signals an alarm if it picks up movement.
Captive portals
Most public networks, including Wi-Fi hotspots, use a captive portal, which requires users to agree to some condition before they use the network or Internet.
Attacks your system in multiple ways.
Multipartite
Hot and cold aisles
Multiple rows of servers located in racks in server rooms.
Multitenancy
Multitenancy refers to workloads from multiple clients, virtual machines, or services being shared by a hosting server and separated only by logical access policies.
NSA/CSS
National Security Agency/Central Security Service. is an independently functioning part of the NSA. It was created in the early 1970s to help standardize and support Department of Defense (DoD) activities. The NSA/CSS supports all branches of the military.
NFC
Near field communication
Point-to-point
Network communication in which two devices have exclusive access to a network medium.
NTFS
New Technology Filesystem. was introduced with Windows NT to address security problems. Before Windows NT was released, it had become apparent to Microsoft that a new filing system was required to handle growing disk sizes, security concerns, and the need for more file stability. One of the benefits of NTFS was a transaction-tracking system, which made it possible for Windows NT to back out of any disk operations that were in progress when Windows NT crashed or lost power. tracks security in access control lists
The default level of security established for access controls should be which of the following?
No access
NoSQL Database
Non-Relational/Distributed, Dynamic, Stores everything in a single nested document, often in XML format (document-based), Can handle large volumes of structured, semi-structured, and unstructured data, Horizontal scaling, MongoDB, CouchDB, and others, not Susceptible to SQL Injection Attacks but susceptible to similar injection-type attacks
credentialed scanning
Not disrupting operations or consuming too many resources. Definitive list of missing patches. Client-side software vulnerabilities are uncovered. Several other "vulnerabilities"
CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified?
OCSP
Orthogonal Frequency division multiplexing
OFDM accomplishes communication by breaking data into sub signals and transmitting them simultaneously. These transmissions occur on different frequencies or sub bands.
Password attacks
Occur when an account is attacked repeatedly. This is accomplished by using applications known as password crackers, which send possible passwords to the account in a systematic manner.
Perfect forward secrecy
Occurs when a process is unbreakable.
Refers to a location away from the computer center where paper copies and backup media are kept
Offsite Storage
Policy Statement
Once the policy's readers understand its importance, they should be informed about the substance of the policy. A policy statement should be as clear and unambiguous as possible. The policy may be presented in paragraph form, as bulleted lists, or as checklists.
Web security gateways
One of the newest buzzwords, which can be thought of as a proxy server with web protection software built in.
Sniffer
One of the primary tools used for network monitoring and intended primarily for troubleshooting purposes.
Password Authentication Protocol (PAP)
One of the simplest forms of authentication accomplished by sending a username and password to the server and having them verified. Passwords are sent as clear text and, therefore, can be easily seen if intercepted.
Transitive access
One party (A) trusts another party (B); if the second party (B) trusts another party (C), a relationship may exist whereby the third party (C) is trusted by the first party (A). In early operating systems, this process was often exploited.
Continuous security monitoring
Ongoing monitoring that involves regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations.
OCSP
Online Certificate Status Protocol. Mechanism used to verify immediately whether a certificate is valid. New system replacing the CRL process.
Refers to a location on the site of the computer center that is used to store information locally
Onsite Storage
To validate a trust relationship in Windows Server 2012
Open Active Directory Domains and Trusts. Right-click your domain name and choose Properties from the menu. Click the Trusts tab, and select the name of the domain, or forest, that you want to validate. Click Properties. The Properties dialog box for that trust appears. Approximately two-thirds of the way down the dialog box, the Transitivity Of Trust item appears. Click Validate. A confirmation message appears. Click OK. Exit Active Directory Domains and Trusts.
A form of advertising on the World Wide Web
Pop-up
Personal smartphones at work create a potential security risk due to which of the following?
Potential for malware introduction
IPS
Prevents an intrusion from occurring.
Cable locks
Prevents someone from picking up a laptop and walking away with a copy of your customer database.
RPO
Recovery Point Objective It is the maximum targeted period in which data might be lost from an IT service due to a major incident.
RTO
Recovery Time Objective
RTO
Recovery Time Objective is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity
Maximum amount of time that a process or service is allowed to be down and the consequences still considered acceptable
Recovery Time Objectives
Separation of duties policies
Reduce the risk of losses in an organization.
RAID
Redundant Array of Independent (or Inexpensive) Disks
Physical access control policies
Refer to the authorization of access to information facilities.
RDS
Reference Data Set
Device access control
Refers to controlling in an organization that has a mobile device.
Key stretching
Refers to processes used to take a key that might be a bit weak and make it stronger, usually by making it longer.
Redundancy
Refers to systems that either are duplicated or failover to other systems in the event of a malfunction.
maintenance contracts
SLA
equation for Annualized Loss Expectancy
SLE × ARO = ALE
A service that allows email servers to forward emails to other email servers
SMTP Relay
Clients initiate the session, the server responds, and then it negotiates an encryption scheme
SSL
SEP
Scalable Encryption Processing
Secret
Secret information, if disclosed, could cause serious and irreparable damage to defense efforts. Information that is classified as Secret requires special handling, training, and storage.
SET
Secure Electronic Transaction, provides encryption for credit card numbers that can be transmitted over the Internet. Visa and MasterCard developed it. is most suited for transmitting small amounts of data. works in conjunction with an electronic wallet that must be set up in advance of the transaction.
S/MIME
Secure Multipurpose Internet Mail Extensions, is a standard used for encrypting email. S/MIME contains signature data. It uses the PKCS #7 standard (Cryptographic Message Syntax Standard). S/MIME version 3, the current version, is supported by IETF. it uses asymmetric encryption algorithms for confidentiality and digital certificates for authentication.
SAML
Security Assertion Markup Language. An open standard based on XML used for authenticating and authorizing data.
Areas in which access is individually monitored and controlled
Security Zones
Operational security
Security as it relates to how an organization does things (operates).
Which of the following individuals incorporates risk assessment in training programs for the organization's personnel?
Security awareness trainer
Infrastructure security
Security on hardware and software necessary to run your network.
Information security
Security practices applied to information.
Wi-Fi protected access (WPA)
Security protocol developed by the Wi-Fi Alliance to protect wireless networks and surpass what WEP offered. There are two versions, WPA and WPA2, with the latter being full implementation of security features.
Physical security
Security that guards physical aspects of a network.
Anomaly-detection IDS
See AD-IDS.
AP
See Access point.
ARP
See Address Resolution Protocol (ARP).
BGP
See Border Gateway Protocol (BGP).
CPS
See Certificate Practice Statement (CPS).
CRL
See Certificate Revocation List (CRL).
CA
See Certificate authority (CA).
CC
See Common Criteria (CC).
CERT
See Computer Emergency Response Team (CERT).
DLP
See Data Loss Prevention (DLP).
DMZ
See Demilitarized zone (DMZ).
DHCP
See Dynamic Host Configuration Protocol (DHCP).
EAL
See Evaluation Assurance Level (EAL).
EAP
See Extensible Authentication Protocol (EAP).
FTP
See File Transfer Protocol (FTP).
HTTP
See Hypertext Transfer Protocol (HTTP).
HTTPS
See Hypertext Transfer Protocol over SSL.
IEEE
See Institute of Electrical and Electronics Engineers, Inc. (IEEE).
IANA
See Internet Assigned Numbers Authority (IANA).
ICMP
See Internet Control Message Protocol (ICMP).
IETF
See Internet Engineering Task Force (IETF).
IMAP
See Internet Message Access Protocol (IMAP).
IDS
See Intrusion Detection System (IDS).
NSA
See National Security Agency (NSA).
POTS
See Plain old telephone service.
PPP
See Point-to-Point Protocol (PPP).
PPTP
See Point-to-Point Tunneling Protocol (PPTP).
PAT
See Port Address Translation (PAT).
PGP
See Pretty Good Privacy (PGP).
Public key system
See Public Key Infrastructure (PKI).
RADIUS
See Remote authentication dial-in user service (RADIUS).
RC5
See Rivest Cipher 5 (RC5).
RBAC
See Role-based access control (RBAC).
RIP
See Routing Information Protocol (RIP).
SHA
See Secure Hash Algorithm (SHA).
S-HTTP
See Secure Hypertext Transfer Protocol (S-HTTP).
SSH
See Secure Shell (SSH).
SSL
See Secure Sockets Layer (SSL).
SLIP
See Serial Line Internet Protocol (SLIP).
SMTP
See Simple Mail Transfer Protocol (SMTP).
SNMP
See Simple Network Management Protocol (SNMP).
Temporal Key Integrity Protocol (TKIP)
See TKIP.
TCP
See Transmission Control Protocol (TCP).
TCP/IP
See Transmission Control Protocol/Internet Protocol (TCP/IP).
TLS
See Transport Layer Security (TLS).
TFTP
See Trivial File Transfer Protocol (TFTP).
UDP
See User Datagram Protocol (UDP).
WPA
See Wi-FI protected access (WPA).
WEP
See Wired Equivalent Privacy (WEP).
CAC
See common access card (CAC).
Cipher
See cryptographic algorithm.
Integrity
See data integrity.
DAC
See discretionary access control (DAC).
ECC
See elliptic curve cryptography (ECC).
Secret key
See private key.
TPM
See trusted platform module (TPM).
Phishing attacks
Sending an email with a misleading link to collect information.
Bluejacking
Sending of unsolicited messages (think spam) over a Bluetooth connection.
Transmission
Sending packets from a PC to a server. It can occur over a network cable, wireless connection, or other medium.
Password Authentication Protocol (PAP)
Sends the username and password to the authentication server in plain text.
SLA
Service-Level Agreement. defines the level of service to be provided.
Load balancing
Shifting a load from one device to another.
Windows Components
Should be removed from systems not needing the component
Watching a user enter sensitive data
Shoulder Surfing
All X.509 certificates have the following
Signature, which is the primary purpose for the certificate Version Serial number Signature algorithm ID Issuer name Validity period Subject name Subject public-key information Issuer unique identifier (relevant for versions 2 and 3 only) Subject unique identifier (relevant for versions 2 and 3 only) Extensions (in version 3 only)
SLE
Single Loss Expectancy
Which device monitors network traffic in a passive manner?
Sniffer
Rummaging through files for information
Snooping
Unauthorized rummaging through files.
Snooping
Virtual private network (VPN)
System that uses the public Internet as a backbone for a private interconnection (network) between locations.
Access control
Systems must operate in controlled environments in order to be secure. These environments must be, as much as possible, safe from intrusion.
Thin client
Systems that don't provide any disk storage or removable media on their workstations.
POP3
TCP 110
NNTP
TCP 119
NTP
TCP 123
NETBIOS datagram service
TCP 138
NETBIOS session service
TCP 139
IMAP
TCP 143
H.323
TCP 1720
PPTP
TCP 1723
BGP
TCP 179
FTP - data
TCP 20
FTP - control
TCP 21
SSH
TCP 22
Telnet
TCP 23
SMTP
TCP 25
LDAP
TCP 389
HTTPS
TCP 443
SSL/TLS
TCP 443
SMB
TCP 445
HTTP
TCP 80
File Transfer Protocol (FTP)
TCP/IP and software that permits transferring files between computer systems and utilizes clear-text passwords.
Merges the Secure Sockets Layer with other protocols to provide encryption
TLS
Which of the following protocols allows applications to communicate across a network in a way designed to prevent eavesdropping and message forgery.
TLS
Ransomware
Takes control of a system and demand that a third party be paid.
causes of compromised security
Technology weaknesses Configuration weaknesses Policy weaknesses Human error or malice
Standards
Tell people what is expected
802.11n
The 802.11n standard is one of the most popular today. It can operate in both the 5 GHz and the 2.4 GHz (for compatibility) ranges. Under the right conditions, it can reach speeds of 600 Mbps, but actual speeds are much slower. The advantage of this standard is that it offers higher speed and a frequency that does not have as much interference.
802.1X
The IEEE standard that defines port-based security for wireless network access control. It offers a means of authentication and defines the Extensible Authentication Protocol (EAP) over IEEE 802, and it is often known as EAP over LAN (EAPOL).
X.500
The International Telecommunications Union (ITU) standard for directory services in the late 1980s. The standard was the basis for later models of the directory structure, such as Lightweight Directory Access Protocol (LDAP).
Availability
The ability of a resource to be accessed, often expressed as a time period. Many networks limit users' ability to access network resources to working hours, as a security precaution.
Disaster recovery
The ability to recover data after a disaster.
Fault tolerance
The ability to withstand a fault (failure) without losing data.
Dictionary attack
The act of attempting to crack passwords by testing them against a list of dictionary words.
Notification
The act of being alerted to an event.
Anomaly detection
The act of looking for variations from normal operations (anomalies) and reacting to them.
Escalation
The act of moving something up in priority. Often, when an incident is escalated, it's brought to the attention of the next-highest supervisor. See privilege escalation.
Detection
The act of noticing an irregularity as it occurs.
Fire suppression
The act of stopping a fire and preventing it from spreading.
MAC address
The address that is either assigned to a network card or burned into the network interface card (NIC). PCs use MAC addresses to keep track of one another and keep each other separate.
BIOS
The basic input/output system for an IBM-based PC. It is a firmware that allows a computer to boot.
Radio frequency interference (RFI)
The byproduct of electrical processes, similar to electromagnetic interference. The major difference is that RFI is usually projected across a radio spectrum.
According to NIST, Platform as a Service (PaaS) is defined as
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possible configuration settings for the application-hosting environment.
Simple Network Management Protocol (SNMP)
The management protocol created for sending information about the health of the network-to-network management consoles.
Access control
The means of giving or restricting user access to network resources. Access control is usually accomplished through the use of an access control list (ACL).
Mean time between failure (MTBF)
The measure of the anticipated incidence of failure of a system or component.
Spear phishing
The message is made to look as if it came from someone you know and trust as opposed to an informal third party.
MD5
The newest version of the algorithm which produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security.
When going with a public cloud delivery model, who is accountable for security and privacy of the outsourced service?
The organization
Your organization's training and educational programs need to be tailored for at least three different audiences:
The organization as a whole (the so-called rank and file employees) Management Technical staff
Radio frequency (RF)
The part of the radio spectrum that a device uses.
Access point (AP)
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).
Accountability Statement
The policy should address who (usually expressed as a position, not the actual name of an individual) is responsible for ensuring that the policy is enforced. The accountability statement provides additional information to the reader about who to contact if a problem is discovered. It should also indicate the consequences of not complying with the policy.
Hardening
The process of making an entity, usually an operating system, more secure by closing known holes and addressing known security issues.
Sandboxing
The process of setting aside memory area for running applications in their own memory space.
Footprinting
The process of systematically identifying the network and its security posture. This is typically a passive process.
Default gateway
The router to which all packets are sent when the workstation doesn't know where the destination station is or when it can't find the destination station on the local segment.
Steganography
The science of hiding information within other information, such as an image. The most common way this is done today is called the least significant bit (lsb) method. If you changed the very last bit (the least significant bit in each byte), then that would not make a noticeable change in the image.
Biometrics
The science of identifying a person by using one or more of their features. The feature can be a thumbprint, a retinal scan, or any other biological trait.
Data Link layer
The second layer of the Open Systems Interconnection (OSI) model that transfers data between adjacent nodes on a network.
Application layer
The seventh layer of the Open Systems Interconnection (OSI) model, which deals with how applications access the network and describes application functionality, such as file transfer, messaging, and so on.
International Organization for Standardization (ISO)
The standards organization that developed the Open Systems Interconnection (OSI) model. This model provides a guideline for how communications occur between computers.
Code escrow
The storage and conditions for release of source code provided by a vendor, partner, or other party.
Watering hole attack
The strategy an attacker takes to identify a site that is visited by those they are targeting, poisoning that site, and then waiting for the results.
Change management
The structured approach followed to modify individuals or teams for securing a company's assets.
Cryptanalysis
The study and practice of finding weaknesses in ciphers. The study of how to break cryptographic algorithms.
Multifactor
The term employed anytime more than one factor must be considered.
White box
The tester has significant knowledge of your system that simulates an attack from an insider - a rogue employee.
Administrator
The user who is accountable and responsible for the network.
Latency
The wait time between the call for an action or activity and the actual execution of that action.
black list
They are lists of things that are prohibited.
RAID 1+0 (or 10)
This RAID level is a mirrored data set (RAID 1), which is then striped (RAID 0), which is the reason for the "1+0" name. Think of it as a "stripe of mirrors." A RAID 1+0 array requires a minimum of four drives: two mirrored drives to hold half of the striped data, plus another two mirrored drives for the other half of the data.
RAID 0+1
This RAID level is the opposite or RAID 1+0. Here, the stripes are mirrored (think of it as a "mirror of the stripes"). A RAID 0+1 array requires a minimum of four drives: two mirrored drives to replicate the data on the RAID 0 array.
Sensitive but Unclassified
This classification is used for low-level security. It indicates that disclosure of this information might cause harm but wouldn't injure national defense efforts.
Confidential
This classification is used to identify low-level secrets; it's generally the lowest level of classification used by the military. It's used extensively to prevent access to sensitive information.
Unclassified
This classification is used to indicate that the information poses no risk of potential loss due to disclosure. Anybody can gain access to this category of information.
Big Data
This data normally cannot fit on a single server, and it is instead stored on a storage area network (SAN)
out-of-band authentication
This is a process whereby the system you are authenticating gets information from public records and asks you questions to help authenticate you.
Related Key Attack
This is like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys.
The Patriot Act
This law gives the U.S. government extreme latitude in pursuing criminals who commit terrorist acts.
Application Log
This log contains various events logged by applications or programs.
/var/log/apport.log
This log records application crashes.
Continuous monitoring
This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations.
Information Flow Model
This model is concerned with the properties of information flow, not only its direction of flow.
Non-interference Model
This model is intended to ensure that higher-level security functions don't interfere with lower-level functions. It prevents a lower-level user from being able to deduce what changes are made to the system.
relational database
This model organizes data into one or more tables (or "relations") of columns and rows, with a unique key identifying each row. Rows are also called records or tuples. Virtually all relational database systems use SQL (Structured Query Language) as the language for querying and maintaining the database.
Remote Registry service
This service is used to allow technical support personnel to access that system's Registry remotely. The service can be quite useful in some situations, but it can also function as a means for an attacker to get into your system. If you don't need it, turn it off.
Account Lockout Threshold
This setting determines how many incorrect attempts a user can give before the account is locked. In Windows, this value can range from 0 to 999 failed attempts. If it is set at 0, the account will never be locked out.
ROT13
This simple algorithm rotates every letter 13 places in the alphabet. One of the easiest ways to solve rot13 text messages is to take a sheet of paper and write the letters from A to M in one column and from N to Z in a second. To decipher, replace the letter in the encrypted message with the one that appears beside it in the other column.
Performance Monitor
This utility can be used to examine activity on any counter. One of the best tools to use when looking for possible illicit activity on a workstation
Reset Account Lockout Counter After
This value specifies the number of minutes to wait between counting failed login attempts that are part of the same batch of attempts.
Critical business functions (CBFs)
Those processes or systems that must be made operational immediately when an outage occurs.
Lockout
To be able to access the system, after a certain number of attempts, the user should not be allowed to attempt any additional logons.
Hardware-Based Encryption Devices
Trusted Platform Module (TPM), HSM (Hardware Security Module)
Back Orifice and NetBus
Two popular tools that exist to create backdoor attacks on Windows based systems
Mobile devices
Use either RF signaling or cellular technologies for communication.
Media Access Control (MAC)
Used to identify hardware network devices such as a network interface card (NIC).
Bcrypt
Used with passwords, and uses a derivation of the Blowfish algorithm, converted to a hashing algorithm, to hash a password and add salt to it.
SFTP (Secure File Transfer Protocol)
Uses Secure Shell (SSH) via port 22 to transfer files.
HMAC-Based One-Time Password (HOTP)
Uses a Hash Message Authentication Code (HMAC) algorithm to create unique passwords.
HOTP
Uses a Hash Message Authentication Code (HMAC) algorithm.
TOTP
Uses a time-based factor to create unique passwords.
Time-Based One-Time Password (TOTP)
Uses a time-based factor to create unique passwords.
Credentialed
Uses actual network credentials to connect to systems and scan for vulnerabilities.
Heuristic
Uses algorithms to analyze the traffic passing through the network.
Header manipulation
Uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access.
Multifactor authentication
Uses two or more processes for logon like smart cards and biometrics.
Two-factor authentication
Using two access methods as a part of the authentication process.
Brute-Force Attacks
can be accomplished by applying every possible combination of characters that could be the key.
web security gateway
can be thought of as a proxy server (performing proxy and caching functions) with web protection software built in. Depending on the vendor, the "web protection" can range from a standard virus scanner on incoming packets to monitoring outgoing user traffic for red flags as well.
Trusted Platform Module (TPM)
can be used to assist with hash key generation. TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. It can also be used to generate values used with whole disk encryption such as BitLocker.
whatis utility (Linux)
can show if there is more than one set of documentation on the system for the utility
hybrid trust model
can use the capabilities of any or all of the structures, bridge, mesh, hieerarchical
Replay attacks
capturing portions of a session to play back later to convince a host that it is still talking to the original connection.
CSR
certificate-signing request, A request formatted for the CA. This request will have the public key you wish to use and your fully distinguished name (often a domain name). The CA will then use this to process your request for a digital certificate.
single sided
certificates used to authenticate only the client
dual sided
certificates used to authenticate the client and server
header manipulation
change values in HTTP headers and falsify access
configure a pop-up blocker in Internet Explorer
choose Tools > Internet Options > Privacy > Settings.
CCTV
closed-circuit television
TEMPEST shielding protection
concerned with reducing electronic noise from devices that would divulge intelligence about systems and information. TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.
CMDB
configuration management database
InPrivate Filtering
configure the browser not to share information that can be captured and manipulated.
Risk transferrence
contrary to what the name may imply, does not mean that you shift the risk completely to another entity. What you do instead is share some of the burden of the risk with someone else, such as an insurance company. A typical policy would pay you a cash amount if all the steps were in place to reduce risk and your system was still harmed.
Technical control
controls implemented through technology. They may be deterrent, preventive, detective, or compensating (but not administrative), and include such things as firewalls, IDS, IPS, and such. often implemented because Not trusting that the administrative controls will do the job without fail
Type K fire extinguisher
cooking oil fires can also be found in stores. In actuality, this is a subset of class B extinguishers.
WPA
couples the RC4 encryption algorithm with TKIP
Layer 2 Forwarding
created by Cisco as a method of creating tunnels primarily for dial-up connections. It's similar in capability to PPP and shouldn't be used over WANs. L2F provides authentication, but it doesn't provide encryption. L2F uses port 1701 and TCP for connections.
circuit-level proxy
creates a circuit between the client and the server and doesn't deal with the contents of the packets that are being processed.
XSRF
cross-site request forgery
XSS
cross-site scripting
Privacy policies
define what controls are required to implement and maintain the sanctity of data privacy in the work environment.
job rotation policy
defines intervals at which employees must rotate through positions.
work factor
describes an estimate of the amount of time and effort that would be needed to break a system.
omnidirectional antenna
designed to provide a 360-degree pattern and an even signal in all directions
account policy
determines the security parameters regarding who can and cannot access the system.
DAS
direct attached storage
An attack when a hacker injects statements that enable access to directories outside of those normally permitted by the application is
directory traversal
cloaking
disable, or turn off, the SSID broadcast
interoperability agreements
documents that define how the two organizations' systems will interoperate and what the minimum requirements and expectations are.
Elasticity
dynamically provisioning (or de-provisioning) resources as needed
Van Eck phreaking
eavesdrop on CRT and LCD displays by detecting their electromagnetic emissions.
Type C fire extinguisher
electrical, uses nonconductive chemicals
EMI
electromagnetic interference
Incident response
encompasses forensics and refers to the process of identifying, investigating, repairing, documenting, and adjusting procedures to prevent another incident.
Forward secrecy
ensures that if one key is compromised, subsequent keys will not also be compromised.
Backup Server Method
establishes a server with large amounts of disk space whose sole purpose is to back up data. With the right software, a dedicated server can examine and copy all the files that have been altered every day. Backup servers don't need overly large processors; however, they must have large disk and other long-term storage media capabilities.
risk assessment
evaluating the risk or likelihood of a loss
design review
examines the ports and protocols used, the rules, segmentation, and access control.
mesh trust model
expands the concepts of the bridge model by supporting multiple paths and multiple root CAs. major disadvantage of a mesh is that each root CA must be trustworthy in order to maintain security.
WPA2
favors Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES.
/var/log/messages
find login-related entries
Type B fire extinguisher
flammable liquids, uses fire retardant chemicals
Type D fire extinguisher
flammable metals, varies
deception active response
fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.
directional antenna
forces the signal in one direction, and since it is focusing the signal, it can cover a greater distance with a stronger signal.
Trust models used in PKI implementations
four main types that are used are bridge, hierarchical, hybrid, and mesh.
Generic Account Prohibition
get rid of guest accounts
deterrent
guards with cameras
application-aware device
has the ability to respond to traffic based on what is there
disaster-recovery plan
helps an organization respond effectively when a disaster occurs. involves the access and storage of information.
C$, admin$
hidden administrative shares
uses ports 860 and 3260, by default
iSCSI
backup plan
identifies which information is to be stored, how it will be stored, and for what duration it will be stored
implicit deny
if the proviso in question has not been explicitly granted, then access is denied.
Shunning
ignoring an attack
Key exchange
in-band key exchange and out-of-band key exchange
IV
initialization vector
IM
instant messaging
End-Entity Certificate
is issued by a certificate authority (CA) to an end entity. An end entity is a system that doesn't issue certificates but merely uses them.
CA Certificate
is issued by one CA to another CA. The second CA can, in turn, issue certificates to an end entity.
NoSQL
is not a relational database and does not use SQL, often used where scaling is important.
event
is often an IDS-triggered signal. Operations personnel will determine if an event becomes an incident.
client-side attack
is one that targets vulnerabilities in client applications that interact with a malicious server.
sensor
is the IDS component that collects data from the data source and passes it to the analyzer for analysis.
Disaster recovery
is the ability to recover system operations after a disaster.
analyzer
is the component or process that analyzes the data collected by the sensor. It looks for suspicious activity among all the data collected.
manager
is the component or process the operator uses to manage the IDS
operator
is the person primarily responsible for the IDS
administrator
is the person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS. The administrator should make decisions regarding alarm levels, historical logging, and session-monitoring capabilities. They're also responsible for determining the appropriate responses to attacks and ensuring that those responses are carried out.
electronic watermarking
is the process of hiding digital information in an image
Data Source
is the raw information that the IDS uses to detect suspicious activity.
Public-Key Infrastructure X.509
is the working group formed by the IETF to develop standards and models for the PKI environment. The X.509 standard defines the certificate formats and fields for public keys. It also defines the procedures that should be used to distribute public keys. The X.509 version 2 certificate is still used as the primary method of issuing Certificate Revocation List (CRL) certificates. The current version of X.509 certificates is version 3, and it comes in two basic types: End-Entity Certificate: The most common is the end-entity certificate, which is issued by a certificate authority (CA) to an end entity. An end entity is a system that doesn't issue certificates but merely uses them. CA Certificate: The CA certificate is issued by one CA to another CA. The second CA can, in turn, issue certificates to an end entity.
Hyper-V, from Microsoft
is usually free (depending on the implementation) but definitely not open source (proprietary).
verbal NDA
is valid for only one year
IPSec
isn't a tunneling protocol, but it's used in conjunction with tunneling protocols. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security. IPSec can work in either Tunneling mode or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload.
Internet Protocol Security (IPSec)
isn't a tunneling protocol, but it's used in conjunction with tunneling protocols. IPSec provides secure authentication and encryption of data and headers; which makes it a good choice for security. IPSec can work in either Tunneling mode or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload.
Three-Tier Model
isolates the end user from the database by introducing a middle-tier server. This server accepts requests from clients, evaluates them, and then sends them on to the database server for processing. The database server sends the data back to the middle-tier server, which then sends the data to the client system.
Differential Backup
it backs up any files that have been altered since the last full backup; it makes duplicate copies of files that haven't changed since the last differential backup.
JFS
journaled file system, includes a log file of all changes and transactions that have occurred within a set period of time
Physical tokens
key FOBs like SecurID, from RSA
KDC
key distribution center, used in Kerberos, authenticates the principal (which can be a user, a program, or a system) and provides it with a ticket. After this ticket is issued, it can be used to authenticate against other principals.
Key escrow is a method of:
key recovery
federated identity
linking a user's identity with their privileges in a manner that can be used across business boundaries
whereis utility (Linux)
lists all the information it can find about locations associated with a file.
Anomaly-Detection IDS
looks for anomalies, meaning it looks for things outside of the ordinary.
Behavior-Based-Detection IDS
looks for deviations in behavior
Stateless firewalls
make decisions based on the data that comes in—the packet, for example—and not based on any complex decisions.
certificate authorities (CAs)
manage public keys and issue certificates verifying the validity of a sender's message.
MD-IDS
misuse-detection IDS
Data loss prevention (DLP) systems
monitor the contents of workstations, servers and networks to ensure protection of sensitive data against loss, misuse, and unauthorized access.
Clustering
multiple systems connected together cooperatively and networked in such a way that if any of the systems fail, the other systems take up the slack and continue to operate
Technical staff security awareness training program
needs special knowledge about the methods, implementations, and capabilities of the systems used to manage security.
NAS
network area storage
NOS
network operating system
NIDS
network-based IDS
Network bridging
occurs when a device has more than one network adapter card installed and the opportunity presents itself for a user on one of the networks to which the device is attached to jump to the other. To prevent network bridging, you can configure your network such that when bridging is detected, you shut off/disable that jack. You can also create profiles that allow for only one interface.
UPN
user principal name. is referred to as a friendly name. It consists of the user account and the user's domain name and is used to identify the user (think of an e-mail address).
Heuristic IDS
uses algorithms to analyze the traffic passing through the network. As a general rule, heuristic systems require more tweaking and fine-tuning than the other types of detection systems to prevent false positives in your network.
apropos utility (Linux)
uses the whatis database to find values and returns the short summary information.
architectural approach
using a control framework to focus on the foundational infrastructure.
/var/log/lastlog
view a list of all users and when they last logged in
/var/log/faillog
view a list of users' failed authentication attempts
active/active model
warm site
reciprocal site
warm site
Enigma machine
was essentially a typewriter that implemented a multi-alphabet substitution cipher.
WAF
web application firewall
WAF
web application firewall. is a real-time appliance that applies a set of rules to block traffic to and from web servers and to try to prevent attacks. Operating at the highest level of the OSI model
Key clustering
when multiple processors or load balancers are used for cryptographic services. the same ciphertext generated from the same plaintext using two different keys
cloud bursting
when your servers become too busy, you offload traffic to resources from a cloud provider.
Transitioning
with a business partner occurs either during the on-boarding or off-boarding of a business partner. Both the initialization and the termination of a close business relationship have serious security issues.
Type A fire extinguisher
wood and paper, uses water or chemical for extinguishing
Shadow copies
working copies
multitenant
workloads from different clients can be on the same system, and a flaw in implementation could compromise security.
Port security
works at level 2 of the OSI model and allows an administrator to configure switch ports so that only certain MAC addresses can use the port. MAC Limiting and Filtering 802.1X: port authentication Unused Ports: should be disabled.
content inspection
works by looking at the data coming in
Full Archival Method
works on the assumption that any information created on any system is stored forever.
evercookie
writes data to multiple locations to make it next to impossible ever to remove it completely
Parallel Test
you start up all backup systems but leave the main systems functioning.
Triple-DES (3DES)
A symmetric block cipher algorithm used for encryption.
Wireless technologies
Technologies employing wireless communications.
TwoFish
A symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits.
Telephony
A technology related with the electronic transmission of data between distant parties.
In-band key exchange
Key is exchanged within the same communication channel that is going to be encrypted.
Data Loss Prevention (DLP)
Monitors contents of systems to ensure that key content is not deleted or removed.
Roles and responsibilities
Outlines who is responsible for implementing, monitoring, and maintaining the standard
Preserves privacy using both symmetrical and asymmetrical encryption.
PGP
transport mode encryption
encrypts only the payload
National Security Agency (NSA)
Chartered in 1952; responsible for creating codes, breaking codes, and coding systems for the U.S. government.
Full backup
A backup that copies all data to the archive medium.
Honeypot (also known as Honey pot)
A bogus system set up to attract and slow down a hacker. A honeypot can also be used to learn of the hacking techniques and methods that hackers employ.
Exposure factor (EF)
A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack, the exposure factor is 100 percent.
Denial of Service (DoS) attack
A type of attack that prevents any users—even legitimate ones—from using a system.
Incremental backup
A type of backup in which only new files or files that have changed since the last full backup or the last incremental backup are included. Incremental backups clear the archive bit on files upon their completion.
Differential backup
A type of backup that includes only new files or files that have changed since the last full backup. Differential backups differ from incremental backups in that they don't clear the archive bit upon their completion.
Proxy server
A type of server that makes a single Internet connection and services requests on behalf of many users.
You need to encrypt your hard drive. Which of the following is the BEST choice?
AES
equation for SLE
AV x EF = SLE
Risk mitigation
Accomplished any time you take steps to reduce risk.
Brute force
Accomplished by applying every possible combination of characters that could be the key.
Group based privileges
Acquired as a result of belonging to a group.
Firewall rules
Act like ACLs and used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule's criteria: Block the connection. Allow the connection. Allow the connection only if it is secured.
Acceptable use policy (AUP)
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access. describe how the employees in an organization can use company systems and resources, both software and hardware. This policy should also outline the consequences for misuse.
Alerts
Alerts are issues to which you need to pay attention but are not about to bring the system down at any moment.
Snapshots
Allow to take an image of a system at a particular point of time. Snapshots contain a copy of the virtual machine settings (hardware configuration), information on all virtual disks attached, and the memory state of the machine at the time of the snapshot. Snapshots can also be used for virtual machine cloning
Power level controls
Allow you to reduce the amount of output provided.
Geo-tagging
Allows GPS coordinates to accompany a file such as an image.
TACACS+
Allows credentials to be accepted from multiple methods, including Kerberos.
DNS
Allows hosts to resolve hostnames to an Internet Protocol (IP) address.
Credential management
Allows usernames and passwords to be stored in one location and then used to access websites and other computers.
Vulnerability scanning
Allows you to identify specific vulnerabilities in your network, and most penetration testers will start with this procedure so that they can identify likely targets to attack.
Datagram
An OSI layer 3, User Datagram Protocol (UDP) packet descriptor.
ABA
American Bankers Association
Border Gateway Protocol (BGP)
An ISP protocol that allows routers to share information about routes with each other.
Application programming interface (API)
An abstract interface to services and protocols provided by an operating system.
Key generation
An act of creating keys for use by users.
Penetration
An act of gaining access.
Typo squatting/URL hijacking
An act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
Tunneling
An act of sending data across a public network by encapsulating it into other packets.
Auditing
An act of tracking resource usage by users.
Cross-site scripting
An attacker uses a client-side scripting language to trick a user who visits the site into having code execute locally.
Spoofing attack
An attempt by someone or something to masquerade as someone else. This type of attack is usually considered an access attack.
Extensible Authentication Protocol (EAP)
An authentication protocol used in wireless networks and point-to-point connections.
Full distribution
An information classification stating that the data so classified is available to anyone.
Security audit
An integral part of continuous security monitoring. It can be a check of any aspect of your security.
Sniffing
Analyzing data to look for passwords and anything else of value. It is also known as wiretapping, eavesdropping, and a number of other terms (packet sniffing, network sniffing, and so on).
ALE
Annualized Loss Expectancy
ARO
Annualized rate of occurrence
AD-IDS
Anomaly-detection intrusion detection system. An AD-IDS works by looking for deviations from a pattern of normal network traffic.
Ghost Rat
Another successful Trojan of recent years. the "Rat" stands for Remote Administration Tool which exploited the remote administration feature in Windows-based operating systems and allowed attackers to record audio and video remotely.
Replay attack
Any attack where data is transmitted repeatedly (often fraudulently or maliciously). In one such possibility, a user can replay a web session and visit sites intended only for the original user.
Malicious code
Any code that is meant to do harm.
meme
Any concept that spreads quickly through the Internet
Event
Any noticeable action or occurrence.
AV
Asset Value
Confidentiality
Assurance that data remains private and no one sees it except for those expected to see it.
Password guessing
Attempting to enter a password by guessing its value.
Which of the following are provided by digital signatures?
Authentication and identification
Anonymous authentication
Authentication that doesn't require a user to provide a username, password, or any other identification before accessing resources.
Principles Behind Social Engineering
Authority, Intimidation, Consensus/Social Proof, Scarcity, Urgency, Familiarity/Liking, Trust, reciprocation
ASR
Automated System Recovery, a utility for creating a copy of the configuration settings necessary to reach the present state after a disaster.
MTTF
Average time to failure for a nonrepairable system.
What document describes how a CA issues certificates and for what they are used?
Certificate policies
Storage segmentation
By segmenting a mobile device's storage, you can keep work data separate from personal or operating system data.
Attacker convinces an insider that he is communicating with someone trusted
Caller ID Spoofing
Clustering
Connect multiple computers to work/act together as a single server. type of system utilizes parallel processing (improving performance and availability) and adds redundancy
Smart card
Contains a small amount of memory used to store permissions and access information and used for access control and security purposes.
Physical access control
Control access measures used to restrict physical access to the server(s).
Technical
Controls implemented through technology.
Decypher
Convert from encrypted to decrypted
Backup
Duplicate copies of key information, ideally stored in a location other than the one where the information is stored currently.
Challenge Handshake Authentication Protocol (CHAP)
During initial authentication, the connecting machine is asked to generate a random number (usually hash) and send it to the server. CHAP is designed to stop man-in-the-middle attacks.
Overhearing conversations on network traffic
Eavesdropping
Unauthorized listening in on network traffic.
Eavesdropping
Used for transmitting digital signatures and key exchanges
El Gamal
Used in several integer factorization algorithms
Elliptic Curve Cryptography
ECC-DH
Elliptic Curve Diffie-Hellman
ECDHE
Elliptic Curve Diffie-Hellman with an ephemeral key.
ECC-DSA
Elliptic Curve Digital Signature Algorithm
BYOD
Employees bringing their personal devices into the corporate network environment.
Transport encryption
Encryption can be done in either tunneling or transport mode. In transport encryption, only the payload is encrypted.
Asymmetric encryption
Encryption in which two keys must be used to encrypt and decrypt data.
Secure LDAP
Encrypts all LDAP communications with SSL/TLS.
EF
Exposure factor
FHSS
Frequency-hopping spread spectrum
hard drive encryption
Full disk encryption
GPG
GNU Privacy Guard, An alternative to PGP and is also a part of the GNU project by the Free Software Foundation.
A part of the GNU project and considered a hybrid program.
GPG
Bluesnarfing
Gaining of unauthorized access through a Bluetooth connection.
Least Privilege
Give users only the permissions they need to do their work and no more.
least privilege policy
Give users only the permissions they need to do their work and no more.
In which cloud service model can a consumer "provision" and "deploy and run"?
IaaS
Log analysis
Identifies security problems.
Application white-listing
Identifies what applications are approved and accepted on your network.
Due care policies
Identify the level of care for maintaining confidentiality of private information.
desensitizing
If RF levels become too high, it can cause the receivers in wireless units to become deaf.
rogueware
If scareware convinces them to pay money for protection from a fake threat
orphanware
In recent years, a number of software companies have been forced to close their doors because of trying economic times. In many cases, the software they sold has become orphanware—existing without support of any type.
Environments
Include considerations about water and flood damage as well as fire suppression.
Discretionary access control
Incorporates flexibility and allows users to share information dynamically with other users.
Fencing
Increases physical security and safety.
Active response
Involves taking an action based on an attack or threat.
ISOC
Internet Society
at.allow is an access control that allows only specific users to use the service. What is at.deny?
It does not allow users named in the file to access the system.
Biba Model
It is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.
ElGamal
It is an asymmetric algorithm. It uses what is called an ephemeral key. An ephemeral key is simply a key that exists only for that session. Essentially, the algorithm creates a key to use for that single communication session and it is not used again.
hash function
It must be one-way. This means that it is not reversible. Once you hash something, you cannot unhash it. Variable-length input produces fixed-length output. This means that whether you hash two characters or two million, the hash size is the same. The algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
Bell-LaPadula Model
It prevents unauthorized access to classified information. It prevents information from being written to a lower level of security.
Which of the following statements is true of IDEA (International Data Encryption Algorithm)?
It uses a 128-bit key to operate on 64-bit plaintext blocks in eight iterations.
A compromised password hashing function used to store user passwords
LANMAN
Which organization can be used to identify an individual for certificate issue in a PKI environment?
LRA
var/log/faillog
Linux log file contains failed user logins.
Physically contain an unauthorized, potentially hostile intruder until authorities arrive
Mantraps
Recovery time objective
Maximum amount of time that a process or service is allowed to be down and consequences still be considered acceptable.
MTBF
Mean Time between Failures
Measure of the anticipated incidence of failure for a system or component
Mean Time between Failures
MTTR
Mean Time to Restore
Measurement of how long it takes to repair a system or component once a failure occurs
Mean Time to Restore
MTTR
Mean time to repair
Authentication
Means of verifying that someone is who they say they are.
Mean time to repair (MTTR)
Measurement of how long it takes to repair a system or component once a failure occurs.
High availability
Measures used to keep services and systems operational during an outage.
MOU
Memorandum of Understanding. A brief summary of which party is responsible for what portion of the work.
The successor to the authentication protocol in Microsoft LAN Manager
NTLM
NIST
National Institute of Standards and Technology
NIST
National Institute of Standards and Technology. very involved in cryptography standards, systems, and technology
PTZ
Pan, Tilt, and Zoom on cameras
PBKDF2
Part of PKCS #5 v.2.01 that applies some function to the password or passphrase along with Salt to produce a derived keys.
Allows information and property to be kept under physical lock and key
Partitioning
Repeatedly attacking an account. A technique used by attackers to crack passwords.
Password-Guessing
PIV
Personal Identity Verification
Based upon the design principles used in MD4
RIPEMD
Used for both encryption and digital signatures
RSA
Which of the following encryption techniques do digital signatures use?
RSA
Which of the following is the MOST widely used asymmetric algorithm today?
RSA
RSA
RSA algorithm is an early public-key encryption system that uses large integers as the basis for the process.
SCT
Security control testing
Attempts to avoid detection by masking themselves.
Stealth
Passively testing security controls
Test the security controls without doing any actual harm.
Big Data analysis
Testing of data that is too large to be dealt with by traditional database management means.
802.11i
The 802.11i standard provides for security enhancements to the wireless standard with particular focus on authentication. The standard is often referenced as WPA2, the name given it by the Wi-Fi Alliance.
Top Secret
The Top Secret classification is the highest classification level. There are rumored to be higher levels of classification, but the names of those classifications are themselves classified Top Secret. Releasing information that is classified as Top Secret poses a grave threat to national security, and therefore it must not be compromised.
bare metal
The Type I hypervisor model
hosted
The Type II hypervisor model
Journaling
The ability of a filesystem to use a log file of all changes and transactions that have occurred within a set period of time (for e.g., the last few hours).
Escape routes
The aforementioned escape plan and drills should direct employees to safety via an escape route.
Block cipher
The algorithm works on chunks of data - encrypting one and then moving to the next.
Uptime
The amount of time a particular computer or network component has been functional.
Risk acceptance
The choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition.
Fixed systems
The most common fixed systems combine fire detectors with fire-suppression systems, where the detectors usually trigger either because of a rapid temperature change or because of excessive smoke.
Electromagnetic interference (EMI)
The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable.
Symmetrical keys
The keys used when the same key encrypts and decrypts data.
Chain of custody
The log of the history of evidence that has been collected.
host
The machine on which virtualization software is running
Security Log
The most important things that you will find in the security log are successful and unsuccessful logon attempts. This log also records events related to resource use, such as creating, opening, or deleting files or other objects.
Internet layer
The network layer responsible for routing, IP addressing, and packaging.
Volume
The portion of a hard disk that functions as if it were a separate hard disk.
Database
The primary tool for data management.
Annualized rate of occurrence (ARO)
The probability of an event occurring within a year.
OS hardening
The process of applying all security patches and fixes to an operating system to make it as secure as possible.
Internet Protocol (IP)
The protocol in the TCP/IP suite responsible for network addressing. See Transmission Control Protocol/Internet Protocol (TCP/IP).
Data source
The raw information that the IDS uses to detect suspicious activity.
Proximity reader
The readers work with 13.56 MHz smart cards and 125 kHz proximity cards
PASS method
The recommended procedure for using a fire extinguisher, pull, aim, squeeze, and sweep.
Mandatory vacations
Time required by users to take away from work to refresh. Managerial uses for detecting fraud.
Drills
To make certain not only that employees know the escape plan(s) but that it also works, drills should be conducted on a regular basis.
Signal
Transmission from one PC to another. A signal could be a notification to start a session or end a session.
Key transmission
Transmitting private keys is a major concern. Private keys are transported using out-of-band methods to ensure security.
Involves scrambling the letters in a certain manner
Transposition Ciphers
ARP poisoning
Tries to convince a network that the attacker's MAC address is the one associated with an IP address so that traffic sent to that IP address is wrongly sent to the attacker's machine.
TCSEC
Trusted Computer Systems Evaluation Criteria, replaced by EAL
Hoax
Typically an email message warning of something that isn't true, such as the outbreak of a new virus. The hoax can send users into a panic and cause more harm than the virus. Falsely sounding an alarm is a type of hoax.
SNMP agent
UDP 161
SNMP management station
UDP 162
SNMP trap
UDP 162
L2TP
UDP 1701
IKE/ISAKMP
UDP 500
RIPv1 & RIPv2
UDP 520
RIP next generation
UDP 521
BOOTP server
UDP 67
DHCP
UDP 67
BOOTP client
UDP 68
TFTP
UDP 69
Detective
Uncovers a violation.
URL
Uniform Resource Locator (URL).
Spam
Unwanted, unsolicited email sent in bulk.
NetBIOS
Used for name resolution and registration in Windows-based environments.
Barricades
Used in conjunction with guards, fencing, and other physical security measures to stop someone from entering a facility.
Provides computer systems and compatible media capabilities
Warm Site
Deterrent
Warns a would-be attacker that they should not attack.
Shoulder surfing
Watching someone when they enter their username/password/sensitive data.
Threat vectors
Ways in which an attacker poses a threat.
Extranet
Web (or similar) services set up in a private network to be accessed internally and by selecting external entities, such as vendors and suppliers.
Intranet
Web (or similar) services set up in a private network to be accessed internally only.
Risk calculation
Weighs a potential threat against the likelihood or probability of it occurring.
Zero-day exploit
When a hole is found in a web browser or other software and attackers begin exploiting it the very day, it is known as a zero-day exploit.
domain name kiting
When a new domain name is issued, there is a five-day grace period before you must technically pay for it. Those engaged in kiting can delete the account within the five days and re-register it—allowing them to have accounts that they never have to pay for.
Order of volatility
When dealing with multiple issues, address them in order of volatility (OOV).
XaaS
When multiple models are mixed together, this is referred to as Anything as a Service (XaaS).
pod slurping
When portable devices are plugged directly into a machine, they bypass the network security measures (such as firewalls) and allow data to be copied
Account Lockout Duration
When the system locks the account, this is the duration before it is unlocked. With Windows, this value can range from 0 minutes to 99,999 minutes. Setting it to 0 does not disable the feature but rather requires an administrator to explicitly unlock the account before it can be used again.
multifactor system
When two or more access methods are included as part of the authentication process
RAID duplexing
When you add a second controller to a RAID system
Vishing
When you combine phishing with Voice over IP (VoIP)
mutual authentication
Whenever two or more parties authenticate each other. will be implemented when the data to be sent during the session is of a critical nature, such as financial or medical records.
WPS
Wi-Fi Protected Setup. is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join. highly insecure.
data policy
Wiping: How is data removed from media? Disposing: How are media (hard drives, removable drives, and so on) discarded when they are no longer needed? Retention: How long must data be kept? This needs to take into account government regulations on data storage for your business as well as company policies. Storage: Where is data kept, and what security precautions are associated with its access?
WAP
Wireless Application Protocol
WDP
Wireless Datagram Protocol. provides the common interface between devices.
WML
Wireless Markup Language
WSP
Wireless Session Protocol. manages the session information and connection between the devices.
WTP
Wireless Transaction Protocol. provides services similar to TCP and UDP for WAP.
WTLS
Wireless Transport Layer Security. is the security layer of the Wireless Application Protocol. WTLS provides authentication, encryption, and data integrity for wireless devices. is based on the widely used TLS v1.0 security layer used on the Internet. Communication between a WAP client and WAP server is protected by WTLS. Once on the Internet, a connection is typically protected by the Secure Socket Layer (SSL), an Internet standard for encrypting data between points on the network.
Stream cipher
With a stream cipher, the data is encrypted one bit, or byte, at a time.
Escape plans
With all the fencing, locks, and blinding lighting installed in the office, it is highly recommended that escape plans be in place and understood by all.
NTLM
With the release of Windows NT, Microsoft replaced the LANMAN protocol with NTLM (NT LAN Manager) which uses MD4/MD5 hashing algorithms.
One-time pad
Words added to values during authentication. The message to be encrypted is added to this random text before hashing.
Cipher suites
Work with SSL/TLS to combine authentication, encryption, and message authentication.
Refers to the partial or full backups that are kept at the computer center for immediate recovery purposes
Working Copies
Port Security
Works at level 2 of the OSI model and allows an administrator to configure switch ports so that only certain MAC addresses can use the port.
Content inspection
Works by looking at the data that is coming in instead of relying on a website to be previously identified as questionable as URL filtering does.
Client-side validation
Works by taking the input that a user enters into a text field, and on the client side, checking for invalid characters or input.
Fibre channel
Works only on a fiber-based network and uses SCSI to create a SAN across any existing network.
W3C
World Wide Web Consortium
Which set of specifications is designed to allow XML-based programs access to PKI services?
XKMS
XKMS
XML Key Management Specification, is designed to allow XML-based programs access to PKI services.
cipher suite
a combination of methods, such as an authentication, encryption, and message authentication code (MAC) algorithms used together. Many cryptographic protocols such as TLS use a cipher suite.
server hop
a crash in another customer's implementation could expose a path by which a user might hop to your data.
HSM (Hardware Security Module)
a cryptoprocessor that can be used to enhance security. HSMs are traditionally PCI adapters.
proxy
a device that acts on behalf of other(s)
electronic wallet
a device that identifies you electronically in the same way as the cards you carry in your wallet.
scheme
a disaster-recovery plan, involves the access and storage of information..
Cold Site
a facility that isn't immediately ready to use
tree
a hierarchical trust model
active backup model
a hot site
OU
organizational unit
IPv4
Supports 32-bit addresses.
Point-to-Point Tunneling Protocol (PPTP)
Supports encapsulation in a single point-to-point environment and PPTP encapsulates and encrypts PPP packets. Negotiation is not encrypted which makes PPTP less favorable to other protocols.
Event logs
System logs that record various events and comprise a broad category including logs that are not relevant to security issues.
ESX, from VMware
is free but not open source (proprietary)
service ticket
used in Kerberos, usually only good for up to 5 minutes.
border routers
used to translate from LAN framing to WAN framing
Registered ports
1024 to 49151
User ports
1024 to 49151
What are the minimum numbers of disks required for configuring RAID-5?
3
RDP
3389
TACACS
49
Dynamic ports
49152 to 65535
Ephemeral ports
49152 to 65535
Private ports
49152 to 65535
RTP
5004
RTCP
5005
SIP non-encrypted
5060
SIP encrypted with TLS
5061
DNS
53
another, more common, name for EAPOL
802.1X
iSCSI
860 & 3260
KERBEROS
88
FTPS data channel
989
FTPS control channel
990
SYN flood
A DoS attack in which a hacker sends a barrage of spoofed SYN packets to a target's system to utilize sufficient resources so that the system doesn't respond to legitimate traffic.
Windows socket
A Microsoft API used to interact with TCP/IP.
Ping
A TCP/IP utility used to test whether another host is reachable. An Internet Control Message Protocol (ICMP) request is sent to the host, which responds with a reply if it's reachable. The request times out if the host isn't reachable.
Annualized loss expectancy (ALE)
A calculation used to identify risks and calculate the expected monetary loss each year.
Personally identifiable information
A catchall for any data that can be used to uniquely identify an individual.
Proximity readers
A catchall term for any ID or card reader capable of reading proximity cards.
Data repository
A centralized storage location for data, such as a database.
Checkpoint
A certain action or moment in time to perform a check. It allows a restart to begin at the last point the data was saved as opposed to from the beginning.
Rivest Cipher 5 (RC5)
A cipher algorithm created by Ronald Rivest (for RSA), which is known for its speed. It works through blocks of variable sizes using three phases: key expansion, encryption, and decryption.
Terminal Access Controller Access-Control System (TACACS)
A client/server-oriented environment that operates in a manner similar to RADIUS.
Software exploitation
An attack launched against applications and higher-level services.
AD
Active Directory is the backbone for all security, access, and network implementations for Microsoft products
Spam filter
Added to catch unwanted email and filter it out before it gets delivered internally.
Key escrow
Addresses the possibility that a third party may need to access keys. the keys needed to encrypt/decrypt data are held in an escrow account
Hypertext Transfer Protocol over SSL
Also known as HTTPS and HTTP Secure. A combination of HTTP with Secure Sockets Layer (SSL) to make a secure connection. It uses port 443 by default.
Incident response team (IRT)
Also known as a Computer Security Incident Response Team (CSIRT). The group of individuals responsible for responding when a security breach has occurred.
Session key
An agreed-upon (during connection) key used between a client and a server during a session.
Collusion
An agreement between individuals to commit fraud or deceit.
reciprocal agreement
An agreement between two companies to provide services in the event of an emergency, a best-effort basis
Service-level agreement (SLA)
An agreement between you or your company and a service provider.
Message Digest Algorithm (MDA)
An algorithm that creates a hash value. The hash value is also used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.
International Data Encryption Algorithm (IDEA)
An algorithm that uses a 128-bit key. It is similar in speed and capability to Digital Encryption Standard (DES), but it's more secure. It is used in Pretty Good Privacy (PGP).
Asymmetric algorithm
An algorithm that utilizes two keys. These asymmetric keys are referred to as the public key and the private key.
UTM security appliance
An all-in-one appliance, also known as Unified Threat Management (UTM) that provides a good foundation for security.
SCP
An alternate utility for copying files.
Network-based IDS (N-IDS)
An approach to an intrusion detection system (IDS); it attaches the system to a point in the network where it can monitor and report on all network traffic.
Demilitarized zone (DMZ)
An area for placing web and other servers outside the firewall, therefore, isolating them from internal network access.
Zone
An area in a building where access is individually monitored and controlled.
Digital signature
An asymmetrically encrypted signature whose sole purpose is to authenticate the sender.
IP spoofing
An attack during which a hacker tries to gain access to a network by pretending their interface has the same network address as the internal network.
XML injection
An attack in which a user enters values that query XML with values that take advantage of exploits.
TCP/IP hijacking
An attack in which an attacker gains access to a host in the network, disconnect it from the network and then inserts another machine with the same IP address. An older term generically used for all man-in-the-middle attacks.
Directory traversal
An attack in which an attacker is able to gain access to restricted directories (such as the root directory) through HTTP.
Command injection
An attack in which an attacker is able to gain access to restricted directories (such as the root directory) through HTTP. also called Directory Traversal.
SQL injection
An attack in which an attacker manipulates database code to take advantage of a weakness in it. Escape characters not filtered correctly Type handling not properly done Conditional errors Time delays The way to defend against this attack is always to filter input. That means that the website code should check to see if certain characters are in the text fields and, if so, to reject that input.
Repudiation attack
An attack in which an intruder modifies information in a system.
IV attack
An attack in which attackers crack the WEP secret key by examining the repeating result of the initialization vector (IV).
The Type I hypervisor model
is independent of the operating system and boots before the OS.
baseline
represents a secure state
Accountability
Being responsible for an item. An administrator is often accountable for a network and resources on it.
Who typically sign an NDA (nondisclosure agreement)?
Beta testers
Uses one or more unique biological traits to identify a person
Biometrics
BPO
Blanket Purchase Order. This is usually applicable to government agencies. It is an agreement between a government agency and a private company for ongoing purchases of goods or services.
Pop-up blockers
Block unwanted programs running on a system.
Which of the following is the first step to be implemented to reduce security risks?
Classifying system
Load balancers
Can be implemented as a software or hardware solution, and associated with a device - a router, a firewall, NAT appliance, and so on.
CMP
Certificate Management Protocol, is a messaging protocol used between PKI entities.
Baseline reporting
Checks to make sure that things are operating status quo.
Firmware version control
Closely related to updating the firmware.
Provides office space, but the customer provides and installs the equipment needed for operations
Cold Site
Vishing
Combination of phishing with Voice over IP (VoIP).
Compensating
Come into play only when other controls have failed.
Administrative control
Comes down through policies, procedures, and guidelines.
LS (locally shared object)
Commonly known as a Flash Cookie; it's a data stored on a user's computer by Adobe Flash.
Community cloud
Community clouds are provisioned for use by a group of related organizations with shared concerns, hosted locally (private) by one or more members but otherwise operating as remote (public) clouds for other members of the community.
CFAA
Computer Fraud and Abuse Act, was made into law in 1986. The original law was introduced to address issues of fraud and abuse that weren't well covered under existing statutes. The law was updated in 1994, in 1996, and again in 2001. This act gives federal authorities, primarily the FBI, the ability to prosecute hackers, spammers, and others as terrorists.
CSIRT
Computer Security Incident Response Team, a formalized or an ad hoc team you can call upon to respond to an incident after it arises
CIA Triad: Confidentiality, Integrity, Availability
Confidentiality means preventing unauthorized users from accessing data. Integrity means ensuring that data has not been altered, nonrepudiation. Simply making sure that the data and systems are available for authorized users is what availability is all about.
Trivial File Transfer Protocol (TFTP)
Configured to transfer files between hosts without any user interaction.
Encypher
Convert from unencrypted to encrypted
A text file that a browser maintains on a user's hard disk
Cookie
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. Uses 128-bit AES encryption with a 48-bit initialization vector.
Arbitrary code execution/remote code execution
Creates a means by which a program that they write can remotely accept commands and execute them.
NAT
Creates a unique opportunity to assist in the security of a network. it allows an organization to present a single address to the Internet for all computer connections (can use multiple public IP addresses). acts as a proxy between the local area network and the Internet.
Quantum cryptography
Cryptography based on changing the polarity of a photon. Quantum cryptography makes the process of interception difficult because any attempt to intercept the message changes the value of the message.
CESA
Cyberspace Electronic Security Act , was passed in 1999 and gives law enforcement the right to gain access to encryption keys and cryptography methods. Some portions have been revoked.
Privacy policy
Defines what controls are required to implement and maintain the sanctity of data privacy in the work environment.
used to secure L2TP connections
IPsec
Direct-sequence spread spectrum
DSSS accomplishes communication by adding data that is to be transmitted to a higher-speed transmission. The higher-speed transmission contains redundant information to ensure data accuracy. Each packet can then be reconstructed in the event of a disruption.
DLP
Data Loss Prevention
Clark-Wilson Mode
Data can't be accessed directly, but through applications with predefined capabilities. This process prevents unauthorized modification, errors, and fraud. This model focuses on business applications and consistency.
Risk assessment
Deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or a loss of information itself.
Privacy policies
Define controls required to maintain the data privacy.
Acceptable use policies
Define how employees can use company resources.
Document disposal and destruction policies
Define how the information that is no longer needed is handled.
Usage policies
Defined policies governing computer usage.
IEEE 802.11 Wireless LAN
Defines standards for implementing wireless technologies such as infrared and spread-spectrum radio.
Recovery point objective
Defines the point at which the system needs to be restored.
Shiva Password Authentication Protocol (SPAP)
Encrypts the username and password.
SCADA
Equipment used to manage automated factory equipment, dams, power generators, and similar equipment.
EALs
Evaluation Assurance Levels: EAL 1 is primarily used when the user wants assurance that the system will operate correctly but threats to security aren't viewed as serious. EAL 2 requires product developers to use good design practices. Security isn't considered a high priority in EAL 2 certification. EAL 3 requires conscientious development efforts to provide moderate levels of security. EAL 4 requires positive security engineering based on good commercial development practices. It is anticipated that EAL 4 will be the common benchmark for commercial systems. EAL 5 is intended to ensure that security engineering has been implemented in a product from the early design phases. It's intended for high levels of security assurance. The EAL documentation indicates that special design considerations will most likely be required to achieve this level of certification. EAL 6 provides high levels of assurance of specialized security engineering. This certification indicates high levels of protection against significant risks. Systems with EAL 6 certification will be highly secure from penetration attackers. EAL 7 is intended for extremely high levels of security. The certification requires extensive testing, measurement, and complete independent testing of every component.
Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?
Event
Black box
Examines the functionality of an application without peering into its internal structures or workings.
Reference documents
Explains how the standard relates to the organization's different policies
Scope and purpose
Explains the intention of an organization
LDAP injection
Exploits weaknesses in LDAP implementations which occurs when the user's input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries. The best way to prevent LDAP injection attacks is to filter the user input and to use a validation scheme to make certain that queries do not contain exploits.
XTACACS
Extended TACACS replaced the original and combined authentication and authorization with logging to enable auditing.
EAP-TTLS
Extensible Authentication Protocol—Tunneled Transport Layer Security
Frequency-hopping spread spectrum
FHSS accomplishes communication by hopping the transmission over a range of predefined frequencies. The changing or hopping is synchronized between both ends and appears to be a single transmission channel to both ends.
FERPA
Family Educational Rights and Privacy Act , dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or, in the case of a minor, the parents of the student.
FIPS
Federal Information Processing Standards
FIPS
Federal Information Processing Standards, are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. FIPS-compliant (AES, 3DES, DES, and SHA1)
FCoE
Fibre channel over ethernet. A protocol commonly used with the fibre channel. is not routable at the IP layer, and thus it cannot work across large networks.
FAT
File Allocation Table. was designed for relatively small disk drives. It was upgraded first to FAT-16 and finally to FAT-32. FAT-32 allows large disk systems to be used on Windows systems. FAT allows only two types of protection: share-level and user-level access privileges. If a user has Write or Change Access permission to a drive or directory, they have access to any file in that directory. This is very unsecure in an Internet environment.
FMS
File management system
Audit files
Files that hold information about audit events.
Operational security
Focuses on how an organization achieves its goals.
Rainbow table attack
Focuses on identifying a stored value. By using values in an existing table of hashed phrases or words (think of taking a word and hashing it every way you can imagine) and comparing them to values found, a rainbow table attack can reduce the amount of time needed to crack a password significantly. Salt (random bits added to the password) can greatly reduce the ease by which rainbow tables can be used.
Guidelines
Guidelines help an organization implement or maintain standards by providing information on how to accomplish the policies and maintain the standards. Provide specific advice on how to accomplish a given task or activity.
HIPAA
Health Insurance Portability and Accountability Act
HSM
Hierarchical storage management. provides continuous online backup by using optical or tape jukeboxes.
Cloud computing
Hosting services and data on the Internet instead of hosting it locally.
Location that can provide operations within hours of a failure
Hot Site
Incident response policy
How an organization responds to an incident. policies must also clearly outline who needs to be informed in the company, what they need to be told, and how to respond to the situation. Incidents should include not only intrusions but also attempts.
Wiping
How data is removed from media.
postmortem
How did the policies work or not work in this situation? What did we learn about the situation that was new? What should we do differently next time?
Disposing
How media (hard drives, removable drives, and so on) are discarded when they are no longer needed.
Response
How you react to an event.
The combination of two or more methods of non-mathematical cryptography
Hybrid Systems
Hybrid cloud
Hybrid clouds are provisioned using two or more components of private, community, or public clouds. They require more maintenance than the other models but offer greater flexibility for the organization in return.
HTTPS
Hypertext Transport Protocol over SSL
IPSec
IP Security, is a security protocol that provides authentication and encryption across the Internet. IPSec is becoming a standard for encrypting virtual private network (VPN) channels and is built into IPv6. works at layer 3 of the OSI model.
active IDS
IPS
how to configure the SSL port in Windows Server 2012
Open Internet Information Services Manager by choosing Start > Administrative Tools > Internet Information Services (IIS) Manager. Expand the left pane entries until your website becomes an option. Right-click the website and choose Properties from the context menu. Select the Web Site tab. Check whether the port number for SSL is filled in. If it isn't, enter a number here. Click OK and exit Internet Information Services Manager. Notice that the SSL port field is blank by default, and any port number can be entered here—this differs from the way some previous versions of IIS worked. The default SSL port is 443; if you enter a number other than that in this field, then clients must know and request that port in advance in order to connect.
how to configure IPSec monitoring on a Windows 7 or Windows 8 workstation
Open Performance Monitor by pressing the Windows button on the keyboard and typing R. Type perfmon.msc in the Run box (if the UAC asks you to confirm to continue, click to continue). Click Performance Monitor. Right-click the graph and choose Add Counters from the pop-up menu to open the dialog box For an object, select IPsec IKEv1 IPv4 and expand the options Click the Show Description check box, and read the comments. The descriptions appear in the bottom of the dialog box Click Add, and add the following counters: Failed Main Mode Negotiations and Failed Quick Mode Negotiations. Click OK.
OWASP
Open Web Application Security Project
/var/log/wtmp
Open a shell prompt and use the last command to view a list of users who have authenticated to the system
TCP SYN flood DoS attack
Open as many TCP sessions as possible
International Telecommunications Union (ITU)
Organization responsible for communications standards, spectrum management, and the development of communications infrastructures in underdeveloped nations.
Risk awareness
Organizations communicate with each other to share information regarding risks.
OFDM
Orthogonal Frequency division multiplexing
Performance criteria
Outlines how to accomplish the task
Succession planning
Outlines those internal to the organization who have the ability to step into positions when they open.
Maintenance and administrative requirements
Outlines what is required to manage and administer the systems
Which of the following encryption methods uses public key encryption to encrypt and digitally sign e-mail messages?
PGP
RSA Cryptography Standard
PKCS #1
Elliptic Curve Cryptography Standard
PKCS #13
Password-Based Cryptography Standard
PKCS #5
Private-Key Information Syntax Standard
PKCS #8
Provides cryptographic systems to both private businesses and governments.
PKCS (Public-Key Cryptography Standards)
Locks
Passwords that are need to be easy enough to work that those who are authorized can effectively navigate them but strong enough to keep those who are not authorized out.
The first line of defense in your security model, typically outside a building or campus
Perimeter Security
PII
Personally identifiable information. This data can be anything from the person's name to a fingerprint (think biometrics), credit card number, or patient record.
Modifies and alters other programs and databases.
Phage
Redirection of traffic originally intended for another host. It is a scamming practice in which malicious code is installed on server or a personal computer, misdirecting users to fraudulent web sites without their knowledge.
Pharming
SSH connections are established in two phases
Phase 1: The first phase is a secure channel to negotiate the channel connection. Phase 2: The second phase is a secure channel used to establish the connection.
Tailgating with the permission of the person being followed is known as:
Piggybacking
Certificate policies
Policies governing use of certificates.
Changes its form to avoid detection.
Polymorphic
Application control
Primarily concerned with controlling what applications are installed on the mobile device.
Signature based detection IDS
Primarily focused on evaluating attacks based on attack signatures and audit trails.
Certificate Practice Statement (CPS)
Principles and procedures employed in issuing and managing of certificates.
Which of the following is recovered by the recovery agent?
Private key
User assigned privileges
Privileges assigned by a user.
Logic bomb
Programs or code snippets that execute when a certain predefined event occurs.
Locking cabinets
Protect backup media, documentation, and other physical artifacts that could do harm if they fell into wrong hands.
PEAP
Protected Extensible Authentication Protocol. Establishes an encrypted channel between the server and the client.
WPA2
Provides security that's equivalent to that on a wired network, and implements mandatory elements of the 802.11i standard.
PKC
Public Key Cryptography. Two-key systems
Although a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of which of the following?
Public and private
_______ information is made available to either large public or specific individuals, whereas _______ information is intended for only those internal to the organization.
Public; private
Consensus/Social proof
Putting the person being tricked at ease by putting focus on them, listening intently to what they are saying, validating their thoughts, and charming them.
RIPEMD
RACE Integrity Primitives Evaluation Message Digest. Algorithm based on MD4.
A coding system that changes one character or symbol into another
Substitution Ciphers
SQL Database
Relational, Individual records are stored as rows in tables (table-based), Widely supported and easy to configure for structured data, Vertical scaling, Oracle, Microsoft, MySQL, and others, Susceptible to SQL Injection Attacks
RDN
Relative Distinguished Name
RIDs
Relative Identifiers
RPC
Remote Procedure Call. is a programming interface that allows a remote computer to run programs on a local machine. It has created serious vulnerabilities in systems that have RPC enabled.
Capturing information over a network and fraudulently repeating data transmission or stream of messages.
Replay
Software as a Service (SaaS)
Represents cloud resources provided as prebuilt applications accessible over the Internet. Consuming organizations have limited or no control over feature additions or application changes.
Platform as a Service (PaaS)
Represents cloud resources provided at the development level for custom application development and hosting. Consuming organizations have no concern over infrastructural decisions but may be limited by the available languages supported by their PaaS provider.
Infrastructure as a Service (IaaS)
Represents cloud resources provided at the lowest level-storage, databases, network interconnections, and similar functions. This is the most flexible level of cloud service but requires the most management and planning of the consuming organization.
Public cloud
Represents the most thoroughly virtualized cloud infrastructural design, removing data center resources partially or completely from the organization's data center. Public clouds may be configured for access by an organization or partitioned group (community) or for the general public.
Transmission Control Protocol (TCP)
Responsible for providing a reliable, one-to-one, connection-oriented session. It establishes a connection and ensures that the other end receives any packets sent.
security audit
Review of security logs Review of policies and compliance with policies A check of security device configuration Review of incident response reports
Job rotation
Rotation of jobs on a frequent enough basis that you are not putting yourself - and your data - at the mercy of any one administrator.
Policies
Rules or standards governing usage. These are typically high level in nature.
Security policies
Rules set in place by a company to ensure the security of a network. These may include how often a password must be changed or how many characters a password should be. define how identification and authorization occur and determine access control, audits, and network connectivity
IPv6
Supports 128-bit addresses.
Rootkit
Software program that has the ability to obtain root-level access and hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display-the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like.
Spyware
Software programs that work—often actively—on behalf of a third party. spyware is spread to machines by users who inadvertently ask for it. it almost always exists to provide commercial gain. One of the reasons spyware is so prevalent is that there are many legal uses for it, such as monitoring children's or employees' online habits.
Botnets
Software running on infected computers called zombies.
Antivirus software
Software that identifies the presence of a virus and is capable of removing or quarantining the virus.
Intrusion detection system (IDS)
Software that runs either on individual workstations or network devices to monitor and track network activity. An IDS can be network or host based.
scareware
Software that tries to convince unsuspecting users that a threat exists
Out-of-band key exchange
Some other channel that is going to be secured, is used to exchange the key.
Malicious insider threat
Someone inside the company who is displeased with the company give away information for profit.
5 factors of Authentication
Something you know, such as a password or PIN Something you have, such as a smart card, token, or identification device Something you are, such as your fingerprints or retinal pattern (often called biometrics) Something you do, such as an action you must take to complete authentication Somewhere you are (this is based on geolocation)
Masquerading as someone else.
Spoofing
Plain old telephone service (POTS)
Standard telephone service, as opposed to other connection technologies like Digital Subscriber Line (DSL).
Protocols
Standards or rules.
Automated System Recovery in Windows Server 2012
Start the backup utility by choosing Start > All Programs > Accessories > System Tools > Backup. Choose the Automatic System Recovery Wizard. Walk through the wizard and answer the questions appropriately. When you finish, you'll create the backup set first and a disk (either optical disk or USB drive) second. The disk contains files necessary to restore system settings after a disaster.
The process of hiding a message in a medium
Steganography
Preventive
Stops something from happening.
SAN
Storage Area Network
TKIP
Strengthens WEP encryption by placing a 128-bit wrapper around it with a key based on things such as the MAC address of the destination device and the serial number of the packet.
SIM
Subscriber Identification Module (sim card), contains PII
According to NIST, Infrastructure as a Service (IaaS), is defined as
The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possible limited control of select networking components (e.g., host firewalls).
According to NIST, Software as a Service (SaaS) is defined as
The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Smart cards
The card itself usually contains a small amount of memory that can be used to store permissions and access information. Not a good idea to put identifying information on the card, and to use with other forms of authentication. There are two main types of smart cards: Common Access Cards and Personal Identification Verification Cards.
According to NIST, a hybrid cloud is defined as follows
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
According to NIST, a private cloud is defined as follows
The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises
According to NIST, a community cloud is defined as follows
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
According to NIST, a public cloud is defined as follows
The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider
Analyzer
The component or process that analyzes the data collected by the sensor.
Lattice
The concept that access differs at different levels. Often used in discussion with the Biba and Bell-LaPadula models as well as with cryptography to differentiate between security levels based on user/group labels.
Working copy
The copy of the data currently in use on a network. It's a partial or full backup that are kept at the computer center for immediate recovery purposes. sometimes referred to as shadow copies. are partial or full backups that are kept at the computer center for immediate recovery purposes.
Single loss expectancy (SLE)
The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.
Snort
The de facto standard for intrusion detection in Linux
strength
The effectiveness of a cryptographic system in preventing unauthorized decryption
Strength
The effectiveness of a cryptographic system in preventing unauthorized decryption.
perimeter
The external entrance to the building
Cryptography
The field of mathematics focused on encrypting and decrypting data. the science of altering information so that it cannot be decoded without a key. It is the practice of protecting information through encryption and transformation. The study of cryptographic algorithms is called cryptography.
Boot sector
The first sector of a hard disk, where the program that boots the operating system resides. It's a popular target for viruses.
Transport layer
The fourth layer of the OSI model that provides the Application layer with session and datagram communications services.
Network Interface layer
The lowest level of the TCP/IP suite that is responsible for placing and removing packets on a physical network.
VNC
Virtual Network Computing
white list
a list of items that are allowed.
Vigenère cipher
a multi-alphabet substitution from historical times. It used a keyword to look up the ciphertext in a table. The user would take the first letter in the text they wanted to encrypt, go to the Vigenère table, and match that with the letter from the keyword in order to find the ciphertext letter. This would be repeated until the entire message was encrypted. Each letter in the keyword generated a different substitution alphabet.
bridge trust model
a peer-to-peer relationship exists among the root CAs. The root CAs can communicate with one another, allowing cross certification.
microwave
a portion of the radio frequency (RF) spectrum
virtual private network
a private network connection that occurs through a public network.
flood guard
a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks.
sandbox
a restricted area of memory
backout
a reversion from a change that had negative consequences
hierarchical trust model
a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren't.
Tabletop Exercise
a simulation of a disaster.
Wireless Markup Language
a smaller version of HTML
system image
a snapshot of what exists
GOST
a symmetric cipher developed in the old Soviet Union that has been modified to work as a hash function. GOST processes a variable-length message into a fixed-length output of 256 bits.
nonproduction environment
a test environment
Authenticode
a type of certificate technology that allows ActiveX components to be validated by a server.
substitution cipher
a type of coding or ciphering system that changes one character or symbol into another.
transitive trusts
a type of relationship that can exist between domains
AUP
acceptable use policy
Tunneling protocols
add the ability to create tunnels between networks that can be more secure, support additional protocols, and provide virtual paths between systems.
Security updates
address security vulnerabilities.
preshared key
all of the clients and the access point share the same key
Rainbow Tables
all of the possible hashes are computed in advance.
Geo-Tagging
allows GPS coordinates (latitude, longitude, etc.) to accompany a file such as an image.
Cyber Security Enhancement Act of 2002
allows federal agencies relatively easy access to ISPs and other data-transmission facilities to monitor communications of individuals suspected of committing computer crimes using the Internet. The act is also known as Section 225 of the Homeland Security Act of 2002.
BitLocker to Go
allows you to apply the same technology to removable media.
VLAN
allows you to create groups of users and systems and segment them on the network. the key benefit is that VLANs can increase security by allowing users with similar data sensitivity levels to be segmented together.
Signature-Based-Detection IDS
also commonly known as misuse-detection IDS (MD-IDS), is primarily focused on evaluating attacks based on attack signatures and audit trails.
key recovery agent
an entity that has the ability to recover a key, key components, or plaintext messages as needed.
noise
an expression of interference that triggers a false positive signal during an intrusion detection process performed by IDS
Hot fix/hotfix
an immediate and urgent patch. Another word for a patch. When Microsoft rolls a bunch of hotfixes together, they are known as a service pack. the process of applying a repair to an operating system while the system stays in operation
cache poisoning
another name for DNS poisoning
gauntlets
another term for a barricade
work product
another term for private information
wetware
another term for social engineering.
least privilege
any given user (or system) is given the minimum privileges necessary to accomplish his or her job.
FM200
approved Gas-based fire suppression system. The principle of a gas system is that it displaces the oxygen in the room, thereby removing this necessary component of a fire.
Separation of duties policies
are designed to reduce the risk of fraud and to prevent other losses in an organization.
Alarms
are indications of an ongoing current problem
Security tokens
are similar to certificates in that they are used to identify and authenticate the user. They contain the rights and access privileges of the token bearer as part of the token.
There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service, and this is known as:
at.allow
ASR
attack surface reduction, is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.
software exploitation
attacks launched against applications and higher-level services. They include gaining access to data using weaknesses in the data access objects of a database or a flaw in a service or application.
Failover
automatically switching from a malfunctioning system to another system
Compensating control
backup controls that come into play only when other controls have failed.
BIA
business impact analysis, evaluating the processes
RAID 1
introduces fault tolerance as it mirrors the contents of the disks. A minimum of two disks are needed
Indicators of Compromise
intrusion signatures
URL filtering
involves blocking websites (or sections of websites) based solely on the URL
escalation
involves consulting policies, consulting appropriate management, and determining how best to conduct an investigation into the incident.
Risk avoidance
involves identifying a risk and making the decision not to engage any longer in the actions associated with that risk
Frequency Analysis
involves looking at blocks of an encrypted message to determine if any common patterns exist to try to break the code.
transposition cipher
involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled. The Rail Fence Cipher is a classic example of a transposition cipher.
Risk deterrence
involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you. This can be as simple as posting prosecution policies on your login pages and convincing them that you have steps in place to identify intrusions and to act on them.
Full Backup
is a complete, comprehensive backup of all files on a disk or server. The full backup is current only at the time it's performed. Once a full backup is made, you have a complete archive of the system at that point in time. A system shouldn't be in use while it undergoes a full backup because some files may not get backed up. every single file on the system is copied over, and the archive bit on each file is turned off.
honeypot
is a computer that has been designated as a target for computer attacks
HSM (Hardware Security Module)
is a cryptoprocessor that can be used to enhance security. is a type of secure-crypto processor used for managing digital keys. HSM is commonly used with PKI systems to augment security with certification authorities (CAs). As opposed to being mounted on the motherboard like TPMs, HSMs are traditionally packaged as PCI adapters.
BitLocker
is a full disk encryption feature that can encrypt an entire volume with 128-bit encryption.
VPN concentrator
is a hardware device used to create remote access VPNs. The concentrator creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional security.
Incremental Backup
is a partial backup that stores only the information that has been changed since the last full or the last incremental backup. An incremental backup backs up only files that have the archive bit turned on. That is how it can identify which files have changed or been created. At the conclusion of the backup, the archive bit is turned off for all the files that were included in the backup.
cryptographic system
is a system, method, or process that is used to provide encryption and decryption.
Secure Shell
is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems.
Risk mitigation
is accomplished any time you take steps to reduce the risk. This category includes installing antivirus software, educating users about possible threats, monitoring the network traffic, adding a firewall, and so on. In Microsoft's Security Intelligence Report, Volume 13, the following suggestions for mitigating risk through user awareness training are listed:
activity
is an element of a data source that is of interest to the operator.
event
is an occurrence in a data source that indicates that a suspicious activity has occurred
Serial Line Internet Protocol (SLIP)
is an older protocol that was used in early remote access environments and serves as the starting point for most remote discussions. SLIP was originally designed to connect Unix systems in a dial-up environment, and it only supported serial communications.
Wireless Application Protocol (WAP)
is an open international standard for applications that use wireless communication.
patch
is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. In a network environment, patches should first be applied to a single machine and tested.
leaf CA
is any CA that is at the end of a CA network or chain.
deterrent control
is anything intended to warn a would-be attacker that they should not attack.
Grandfather, Father, Son Method
is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly. Each monthly backup replaces the monthly backup from the previous year. Weekly or daily incremental backups are performed and stored until the next full backup occurs. The annual backup is referred to as the grandfather, the monthly backup is the father, and the weekly backup is the son.
Xen
is considered to be both free and open source
The Type II hypervisor model
is dependent on the operating system and cannot boot until the OS is up and running. It needs the OS to stay up so that it can boot.
gain value
is expressed in dBi numbers. A wireless antenna advertised with a 20 dBi would be 20 times stronger than the base of 0 dBi. As a general rule, every 3 dB added to an antenna effectively doubles the power output.
KVM (not keyboard)
is free and open source
Security control testing
often includes interviews, examinations, and testing of systems to look for weaknesses. It should also include contract reviews of SLAs, a look at the history of prior breaches that a provider has had, a focus on shared resources as well as dedicated servers
Risk acceptance
often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it.
Service pack
one or more repairs to system problems bundled into a single process or function.
transitive access
one party (A) trusts another party (B). If the second party (B) trusts another party (C), then a relationship can exist where the first party (A) also may trust the third party (C).
single factor authentication
only one type of authentication is checked
802.11
operates on 2.4 GHz. This standard allows for bandwidths of 1 Mbps or 2 Mbps.
Succession planning
outlines those internal to the organization who have the ability to step into positions when they open up. By identifying key roles that cannot be left unfilled and associating internal employees who can step into those roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.
Scope statement
outlines what the policy intends to accomplish and which documents, laws, and practices the policy addresses. The scope statement provides background to help readers understand what the policy is about and how it applies to them.
contingency plan
part of a disaster-recovery plan. A contingency plan wouldn't normally be part of an incident response policy.
Content Advisor
performs content inspection In Internet Explorer
administrative control
policies, procedures, and guidelines.
802.1X
port-based security for wireless network access control. it offers a means of authentication and defines the Extensible Authentication Protocol (EAP) over IEEE 802 and is often known as EAP over LAN (EAPOL). The biggest benefit of using 802.1X is that the access points and the switches do not need to do the authentication but instead rely on the authentication server to do the actual work.
exception handling
programs encounter errors. How those errors are handled is critical to security.
warm site
provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. a warm site is also called a reciprocal site
Exception Statement
provides specific guidance about the procedure or process that must be followed in order to deviate from the policy. This may include an escalation contact in the event that the person who is dealing with a situation needs to know whom to contact next.
Policy Overview Statement
provides the goal of the policy, why it's important, and how to comply with it. Ideally, a single paragraph is all you need to provide readers with a sense of the policy
performance baseline
provides the input needed to design, implement, and support a secure network.
QKE
quantum key exchange
Application-level proxy
read the individual commands of the protocols that are being served. This type of server is advanced and must know the rules and capabilities of the protocol used.
Logging
recording that an event has occurred and under what circumstances
Stateful inspection
records are kept using a state table that tracks every communications channel; it remembers where the packet came from and where the next one should come from.
non-repudiation
refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.
Granularity
refers to the ability to manage individual resources in the CA network.
Baselining
refers to the process of establishing a standard for security
Symmetric algorithms
require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key—sometimes referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system. symmetric cryptographic algorithms are always faster than asymmetric, and they can be just as secure with a smaller key size. DES, 3DES, AES, AES256, CAST, RC, Blowfish, Twofish, IDEA and One-Time Pads are all symmetric forms of encryption.
mandatory vacation policy
requires all users to take time away from work to refresh. Mandatory vacations also provide an opportunity to discover fraud
Computer Security Act of 1987
requires federal agencies to identify and protect computer systems that contain sensitive information.
Security factors while determining the risks prone to a network
risk, threat, vunerability
SmartScreen
runs in the background and sends the address of the website being visited to the SmartScreen server, where it is compared against a list kept of phishing and malware sites. If a match is found, a blocking web page appears (in red) and encourages you to not continue on.
symmetric cryptography
see Symmetric algorithms
Management security awareness training program
should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies.
fsutil fsinfo ntfsinfo C:
shows NTFS version
Cutover Test
shuts down the main systems and has everything fail over to backup systems.
SFA
single factor authentication
Network monitors
sniffers
training metrics
some quantifiable method for determining the efficacy of training.
SPIT
spam over Internet telephony
SPI
stateful packet inspection
SAN
storage area network
Keyspace
strength of cryptosystem
Point-to-Point Tunneling Protocol
supports encapsulation in a single point-to-point environment. encapsulates and encrypts PPP packets. The negotiation between the two ends of a PPTP connection is done in the clear. After the negotiation is performed, the channel is encrypted.
LANMAN
used LM Hash and two DES keys. It was replaced by the NT LAN Manager (NTLM) with the release of Windows NT.
Point-to-Point Tunneling Protocol (PPTP)
supports encapsulation in a single point-to-point environment. encapsulates and encrypts Point-to-Point Protocol (PPP) packets. The negotiation between the two ends of a PPTP connection is done in the clear. PPTP uses port 1723 and TCP for connections.
layered security
synonymous with defense in depth.
dialin privileges
the ability to remotely access a system
Typo squatting
the act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error. also known as URL hijacking.
block cipher
the algorithm works on chunks of data
Volatility
the amount of time you have to collect certain data before that window of opportunity is gone.
attack surface
the area of that application that is available to users-those who are authenticated and, more importantly, those who are not.
Chosen Plaintext
the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key. This can be difficult, but it is not impossible. Advanced methods such as differential cryptanalysis are chosen plaintext attacks.
Two-Tier Model
the client workstation or system runs an application that communicates with the database that is running on a different server.
stream cipher
the data is encrypted one bit, or byte, at a time.
tunneling mode encryption
the data or payload and message headers are encrypted
One-Tier Model
the database and the application exist on a single system.
protected distribution system (PDS)
the network is secure enough to allow for the transmission of classified information in unencrypted format—in other words, where physical network security has been substituted for encryption security.
Incident
the occurrence of any event that endangers a system or network.
Patching
the process of applying manual changes to a program. A patch is a workaround of a bug or problem in code applied manually.
Hardening
the process of improving the security of an operating system or application.
EMI Shielding
the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities.
cross certification
the process of requiring interoperability
Kerckhoffs's principle
the security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself. This literally means that the algorithm can be public for all to examine, and the process will still be secure as long as you keep the specific key secret.
guest
the virtual machines
Microsoft SmartScreen Filter
tools are available that can help limit the success of social engineering attacks.
TOS
trusted operating system is any operating system that meets the government's requirements for security.
Asymmetric algorithms
use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key.
