CYBR 502 Midterm
Access Points
(APs) A radio transceiver that connects to a network via an ethernet cable and bridges a wireless LAN (WLAN) with a wired network.
Kismet
A free wardriving tool that can run on linux or macOS. In addition to being a wireless network detector, it is also a sniffer and an IDS. Can detect hidden SSIDs, MAC addresses of APs, type of encryption, wether or not WPS is enabled etc.
Security Operations Center
A permanent team whose members are responsible solely for security-response functions.
Virus
A program that attaches itself to a file or another program, often sent via e-mail. It can't stand on its own, so it can't replicate itself or operate without the presence of a host.
Rootkit
A program that gives attackers a means of regaining access to the attacked computer later. A rootlet is created after an attack and usually hides itself in the OS tools, so it's almost impossible to detect.
Worm
A program that replicates and propagates itself without having to attach itself to a host.
Triple DES (3DES)
A quick fix to the vulnerabilities of DES. Performs the original DES computation three times and keying option s can vary for each round. Stronger than DES, but slower.
DMZ
A small network containing resources that a company wants to make available to internet users; helps maintain security on the company's internal network. Sits between the internet and the internal network
Orthogonal Frequency Division Multiplexing (OFDM)
A spread spectrum method in which bandwidth is divided into a series of frequencies called tones, which allows a higher throughput than FHSS and DSSS.
Frequency Hopping Spread Spectrum (FHSS)
A spread spectrum method in which data hops to other frequencies to avoid interference that might occur over a frequency band. This hopping makes it difficult for attackers to jam the communication channel.
Direct Sequence Spread Spectrum (DSSS)
A spread spectrum method in which data packets are spread simultaneously over multiple frequencies instead of hopping to other frequencies.
Spyware
A spyware program sends information from the infected computer to the person who initiated the spyware program on your computer. This information could be confidential financial data, passwords, PINs, etc.
Supplicant
A supplicant is a wireless user attempting access to a WLAN.
Ransomware
A type of virus that locks a target system until a ransom is paid. Some capture user credentials and lock access to cloud storage.
Macro Virus
A virus coded as a macro in programs that support a macro programming language, such as Visual Basic for applications, Microsoft Word, or Excel. Can be configured to carry out a number of malicious actions, such as deleting important files, stealing passwords and web browser history, or allowing remote access to the device.
Wi-Fi Protected Setup (WPS)
A wireless authentication standard created to allow users to easily add devices to a wireless network securely. Eliminates the need for a user to enter a passphrase. Major security flaws.
AES
Advanced Encryption Standard. Symmetric encryption algorithm that uses Rijndael and supports 128, 192, and 256 bit keys.
Cisco Router Privileged Mode
An administrator can perform full router configuration tasks. Uses prompt (#). Use the 'enable' command to enter privileged mode.
Eavesdropping
An attacker can listen in on unencrypted network communications in order to intercept confidential information or gather credentials that can be used to extend the attack. Can be accomplished with sniffing tools.
Extensible Authentication Protocol (EAP)
An enhancement to PPP, was designed to allow a company to select its authentication method. For example, a company can use certificates or Kerberos authentication to authenticate a user connecting to an AP.
RSA
Asymmetric algorithm used for both encryption and digital signatures.
Side Channel Attack
Attackers analyze the the hardware used for cryptographic operations by collecting data such as operating temperatures, computation times, electromagnetic emissions, noise, vibrations, and even reflections off a cryptosystem user's eyes to gather information for use in an exploit.
Known Plaintext Attack (KPA)
Attackers have an encrypted file, and also know some amount of the plaintext of that encrypted file.
Chosen Plaintext Attack (CPA)
Attackers have both cipher text and plaintext, but they get to chose the plaintext. The attacker determines what will be encrypted, and then uses the result to determine the encryption key.
Buffer Overflow Attack
Attackers input large amounts of data including malicious code into poorly written code that doesn't check for a defined amount of memory space use.
Network Session Hijacking
Enables an attacker to join a TCP session ad make both parties think that he or she is the other party.
Modulation
Encoding of information in a carrier wave by varying the instantaneous frequency of the wave.
Access Lists
Filter traffic based on source IP, destination IP, and ports or services.
Packet Filtering
Filters packets based on information in the packet header, such as protocol type, IP address, TCP/UDP port.
WPA2
Official Wi-Fi standard and replacement for WPA after weaknesses were found in TKIP. WPA2 uses AES instead of TKIP.
Man-in-the-middle attack
One step beyond eavesdropping, attackers can inject themselves between two parties or systems communicating with each other and manipulate the messages being passed back and forth.
PGP
Pretty Good Privacy. Commonly used to secure e-mail communications between two private individuals but is also used in companies. It provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail. It uses both asymmetric and symmetric encryption.
RC4
RC4 is the most widely used stream cipher, also used in WEP encryption. Difficult to break but should be avoided for most applications.
Stateful Packet Inspection
Records session-specific information about a network connection, including the ports a client uses in a file called a state table. Ensures that a packet's source, destination, and port are expected before forwarding the packet. Can recognize anomalies such as DoS attacks, and prevent port scans.
EAP-TLS
Requires assigning the client and server a digital certificate signed by a CA that both parties trust.
Adware
Similar to spyware, but is used to determine a user's purchasing habits so that Web browsers can display advertisements tailored to this user. Slows down the host.
Spread Spectrum
Spread spectrum modulation means data is spread across a large-frequency bandwidth instead of traveling across just one frequency band. This is the most widely used WLAN technology.
802.1X Standard
The 802.1X standard defines the process of authenticating and authorizing users on a network. This standard is especially useful for WLAN security where physical security is more difficult to control.
Authentication
The AP functions as the entity allowing or denying the supplicant's access
Chosen Ciphertext Attack (CCA)
The attacker has the ability to choose cipher texts 'C' and view their corresponding decryptions - plaintext 'P'. Essentially the same as chosen plaintext, but applied to a decryption function, instead of the encryption function.
Wireless Network Interface Cards
WNIC, transmits and receives wireless signals and protocols. WNICs convert the radio waves it receives into digital signals that the computer understands. For a computer to be able to send information over any medium, it must follow the rules for the medium it's traversing, so the correct software and drivers for the NIC must be installed.
Wi-Fi Protected Access (WPA)
WPA was the replacement for WEP and improves encryption by using Temporal Key Integrity Protocol (TKIP). TKIP provided the following enhancements: message integrity check, extended initialization vector to prevent replay attacks, per-packet key mixing to prevent weak key attacks, rekeying mechanism provides fresh keys that help prevent attacks that relied on reusing old keys.
Wired Equivalent Privacy (WEP)
Was developed to encrypt data traversing a wireless network. Many security holes.
show ip route
displays the router's routing table
Malware
malicious software, such as a virus, worm, or Trojan program, introduced into a network to help an attacker accomplish their goals.
Wifi Pineapple
Can perform scans for wireless access points, set up fake APs to social-engineer users. Has a feature that allows an attacker to emulate any network that a client requests (listens and responds to network probes sent by devices looking to connect to previously connected networks). Can also deauthenticate users from a network.
DES
Data encryption standard. Made in the 70's for government/business use, but was no longer safe by the late 80's early 90's.
Trojan
Disguise themselves as useful programs and can install a backdoor or rootlet on a computer.
RF Channels
Each frequency band contains channels, which break up the band into smaller frequency ranges. For example, channel 1 of a frequency band ranging from 2.4 GHz to 2.4835 GHz might use the 2.401 GHz frequency, and channel 2 of this band might use 2.406 GHz.
Keylogger
Hardware or software devices that can be used to capture keystrokes on a computer.
Microsoft PEAP
In Microsoft's implementation of PEAP, a secure channel is created by using TLS as protection against eavesdropping.
Global Configuration Mode
In this mode you can configure router settings that affect overall router operation, such as changing the router's displayed banner when a user connects from a remote host (ex.: might indicate router shouldn't be accessed by unauthorized personnel). Enter using 'config t'
Cisco Router User Mode
In user mode, an administrator can perform basic troubleshooting tests and list information stored on the router. Uses prompt (>)
Infrared
Infrared light can't be seen by the human eye. IR technology is restricted to a single room or line of sight because IR light can't penetrate walls, ceilings, or floors.
Application Layer Inspection
Inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does. Makes sure that the network traffic's application protocol is the type allowed by a rule. For example, many Trojans get past firewalls by launching a reverse shell that originates from the compromised system and connects to a system the attacker controls using a commonly used port. This can be prevented using application layer inspection.
Point-to-Point Protocol (PPP)
Many ISPs use PPP to connect dial-up or DSL users. PPP handles authentication by requiring a user to enter a valid username and password. PPP verifies that users attempting to use the link are indeed who they say they are.
Narrowband
Narrowband technology uses microwave radio band frequencies to transmit data. The most common uses of this technology are cordless phones and garage door openers.
NAT
Network Address Translation. Internal private addresses are mapped to public external IP addresses, hiding the internal infrastructure from unauthorized personnel.
Service Set Identifier (SSID)
The name used to identify a WLAN.
Authentication Server
This server, which might be a Remote Access Dial-In User Service (RADIUS) server, is used as a centralized component that authenticates the user and performs accounting functions.
Aircrack-ng
Tool most hackers use to access WEP-enabled WLANs. Includes GUI front-end called Fern WIFI Cracker.
Interface Configuration Mode
Used to configure an interface on the router, such as a serial or fast ethernet port. To use this mode, first enter the global config mode, then enter the command for interface config mode and the interface name (ex.: interface fastethernet 0/0).
Protected EAP (PEAP)
Uses TLS to authenticate the server to the client but not the client to the server. With PEAP, only the server is required to have a digital certificate.
