CH.19 Protecting the Network
Trojan horse
a program that appears desirable but actually contains something harmful and does catastrophic damage to the hosts machine
Unified Threat Management (UTM)
comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software
firewalls
devices or software that protect an internal network from unauthorized access by acting as a filter.
Social Engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
malicious users
hosts on a network that consciously attempt to access, steal, or damage resources.
fault tolerance
the ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service
changing default credentials
this is the first hardware hardening sequence when allocating a new device to be used on the network.
unencrypted channels
tunnels over the internet that could be easily sniffed and read by malicious users
access control list (ACL)
A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource.
zombie
A computer compromised with malware to support a botnet is called a _______________.
logic bomb
A computer program or part of a program that lies dormant until it is triggered by a specific logical event.
worm
A destructive computer program that bores its way through a computer's files or through a computer's network.
next-generation firewall (NGFW)
A firewall that combines firewall software with anti-malware software and other software that protects resources on a network at different layers and more.
man-in-the-middle attack
A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.
spoofing
A hacker who sends an e-mail but replaces his return e-mail address with a fake one is _______________ the e-mail address.
virus
A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data
Dynamic ARP Inspection (DAI)
A security feature on a switch that monitors ARP messages in order to detect faked ARP messages.
Honeypot
A security tool used to lure attackers away from the actual network components. Also called a decoy or sacrificial lamb.
Adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Domain Name System Security Extensions (DNSSEC)
A suite of extensions that adds security to the Domain Name System (DNS) protocol by enabling DNS responses to be validated. Specifically, ______ provides origin authority, data integrity, and authenticated denial of existence.
posture assessment
A thorough examination of each aspect of the network to determine how it might be compromised or how vulnerable it is to attacks.
Ransomware
A user's machine is locked to a screen telling her she must call a number to unlock her system. What kind of attack is this?
session hijacking
An attack in which an attacker attempts to impersonate the user by using his session token.
ARP cache poisoning
An attack in which attackers use fake ARP replies to alter ARP tables in a network.
brute force attack
An attack on passwords or encryption that tries every possible password or encryption key.
packet sniffing
An attack on wireless networks where an attacker captures data and registers data flows in order to analyze what data is contained in a packet.
phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
distributed denial of service (DDoS)
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
brute force
An attack where someone tries to hack a password using every possible password permutation is called what?
DNS cache poisoning
An exploit in which the DNS database is changed in such as way that a URL no longer connects to the correct Web site
Cleartext Credentials
Any login process conducted over a network where account names, passwords, or other authentication elements are sent from the client or server in an unencrypted fashion.
Protocol Abuse
Anytime you do things with a protocol that it wasn't meant to do and that abuse ends up creating a threat
Cloud-based
Bob is told by his administrator to go to www.runthisantimalware.com and click the "Run the program" button on that site to check for malware. What form of anti-malware delivery is this called?
deauthentication attack
Denial-of-service (DoS) strike that disconnects a wireless host from WAP, so that the victim is forced to reconnect and exchange the wireless key multiple times; an attacker can then perform an offline brute-force cracking of the password.`
banner grabbing
Gathering information from messages that a service transmits when another program connects to it.
Stateful Inspection
Keep track of each communication, maintain a table that contains data about each connection
insider threats
Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
crypto-ransomware
Malware that encrypts all the files on the device so that they cannot be opened unless paying a certain fine within a short period of time
Crypto-malware
Malware that encrypts all the files on the device so that they cannot be opened.
zero day attacks
New attacks using vulnerabilities that haven't yet been identified (and fixed)
RF emanation
The NSA's TEMPEST security standards are used to combat which risk?
VLAN hopping
The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another.
amplification
The goal of this aspect of a DoS attack is to make the attacked system process each request for as long as possible.
video surveillance
The use of video cameras to monitor activities of individuals, such as employees or individuals in public locations, for work-related or crime-prevention purposes.
netstat
Which Windows utility displays open ports on a host?
Cisco Dynamic ARP Inspection (DAI)
Which of the following is a tool to prevent ARP cache poisoning?
POP3
Which of the following protocols are notorious for cleartext passwords?
Telnet
Which of the following protocols are notorious for cleartext passwords?
bastion host
a machine that is fully exposed to the Internet. It sits outside any firewalls, or in a DMZ that is configured to provide no filtering of Internet traffic.
demilitarized zone (DMZ)
a separate network located outside the organization's internal information system that permits controlled access from the internet
Spoofing
a technique intruders use to make their network or internet transmission appear legitimate to a victim computer or network
network hardening
applying security hardware, software, and processes to your network to prevent bad things from happening.
Denial of Service (DoS)
attack floods a network or server with service requests to prevent legitimate users' access to the system
malformed packets
inject unwanted information into packets in an attempt to break another system
Tamper Detection
modern server or computer chassis will log the time and date when it senses it's structure opening without approval.
switch port protection
network hardening technique used to detect/block spoofed or malicious packet's being sent out to the network from unauthorized identities
Spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
malware
software that is intended to damage or disable computers and computer systems.
vulnerability
potential weakness in the infrastructure of a network
Rootkit
program that hides in a computer and allows someone from a remote location to take full control of the computer
macro
programming within an application that enables you to control aspects of the application.