Chapter 8 Network Risk Management

Ace your homework & exams now with Quizwiz!

DRDoS

a DoS attack bounced off of uninfected computers, called reflectors, before being directed at the target. This is achieved by spoofing the source IP address to make it look like all of the requests for the response are being sent by the target, then the reflectors send their responses to the target, thereby flooding it with traffic.

unintentional DoS attack

a DoS situation that is created unintentionally and without malicious intent, such as when a Web site is flooded with an unexpectedly high amount of shopping traffic during a flash sale

user awareness

a NGFW (Next Generation Firewall) feature that adapts a firewall's configuration to the class of a specific user or user group

Application Control

a NGFW (Next Generation Firewall) feature that gives a firewall some level of application awareness functionality, meaning the firewall can monitor and limit the traffic of specific applications, including the application's vendor and digital signature

zombie

a computer used without the owners knowledge or consent

RF emanation

a condition created by the leaking of radio or electrical signals from computer equipment

honeypot

a decoy system that is purposely vulnerable and filled with what appears to be sensitive content

lure

a decoy system that, when attacked, can provide unique information about hacking behavior

intrusion prevention system

a dedicated device or software running on a workstation, server, or switch, that stands between the attacker and the network or host, and can prevent traffic from reaching the protected network or host

consent to monitoring form

a document that ensures employees are made aware that their use of company equipment and accounts can be monitored and reviewed as needed for security purposes

application aware

a feature that enables a firewall to monitor and limit the traffic of specific applications, including the application's vendor and digital signature

Next Generation Firewall

a firewall innovation that includes advanced, built-in features, including Application Control, IDS and/or IPS functionality, user awareness, and context awareness

virtual wire mode

a firewall installation in which the firewall is transparent to the surrounding nodes, as if it were just part of the network transmission media (stealth mode)

stateful firewall

a firewall that is able to inspect each incoming packet to determine whether it belongs to a currently active connection, and therefore, is a legitimate packet

stateless firewall

a firewall that is able to inspect each incoming packet to determine whether it belongs to a currently active connection, and therefore, is a legitimate packet

host-based firewall

a firewall that protects an entire network

network-based firewall

a firewall that protects an entire network

botnet

a group of computers requisitioned in coordinated DDoS attacks without the owners' knowledge or consent

honeynet

a group of several honeypots

domain local group

a group of workstations that is centrally managed via Active Directory for the entire network

reverse proxy

a host that provides services to Internet clients from servers on its own network. Provides identity protection for the server rather than the client. Particularly useful when multiple Web servers are accessed through the same public IP address.

access control list

a list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria

slave zombie

a lower-layer host in a botnet

hardening technique

a measure taken to help reduce security risks on a network

buffer overflow

a memory problem in which a buffer's size is force beyond its allotted space, causing the operating system to save data in adjacent memory areas.

port mirroring

a monitoring technique in which on port on a switch is configured to send a copy of all its traffic to a second port

proxy server

a network host that runs a proxy service

quarantine network

a network segment that is situated separately from sensitive network resources and might limit the amount of time a device can remain connected to the network. Provides a relatively safe holding place for devices that do not meet compliance requirements or have been compromised

Nessus

a penetration testing tool from Tenable Security that performs sophisticated vulnerability scans to discover information about hosts, ports, services, and software

metasploit

a penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits

penetration testing

a process of scanning a network for vulnerabilities and investigating potential security flaws

Trojan horse

a program that disguises itself as something useful but actually harms your system. Does not replicate itself.

virus

a program that replicates itself with the intent to infect more computers, either through network connections when it piggybacks on other files or through the exchange of external storage devices

worm

a program that runs independently and travels between computers and across networks. Although these do not alter other programs as viruses do, they carry viruses.

Internet Relay Chat

a protocol that enables users running special IRC client software to communicate instantly with other participants in a chat room on the Internet

packet-filtering firewall

a router, or computer installed with software that enables it to act as a router, that examines the header of every packet of data that is receives to determine whether that type of packet is allowed to continue to its destination

network policy

a rule or set of rules that determines the level and type of access granted to a device when it joins a network

dynamic ARP inspection

a security feature on a switch that monitors ARP messages in order to detect faked ARP messages

DHCP snooping

a security feature on switches whereby DHCP messages on the network are checked and filtered

backdoor

a security flaw that allows unauthorized users to gain access to the system

Unified Threat Management

a security strategy that combines multiple layers of security appliances and technologies into a single safety net

proxy service

a software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.

agent

a software routine that collects data about a managed device's operation or compliance with security benchmarks, and provides this information to a network management application

TEMPEST

a specification created by the NSA to define protection standards against RF emanation

intrusion detection system

a stand-alone device or software running on a workstation/server/switch that is used to monitor network traffic and create alerts when suspicious activity happens. Installed to provide security INSIDE the network.

network access control

a technology solution that balances the needs for network access with the demands of network security by employing a set of rules, called network policies, to determine the level and type of access granted to a device when it joins the network. Authenticates and authorizes devices by verifying that the device complies with predefined security benchmarks, such as whether the device has certain system settings, or whether it has specific applications installed

posture assessment

a thorough examination of each aspect of a network to determine how it might be compromised

smurf attack

a threat to the networked hosts in which the host is flooded with broadcast ping messages. This attack is a type of DoS attack.

host-based intrusion prevention system

a type of IPS that protects an entire network and is situated at the edge of the network or in a network's DMZ

network-based intrusion prevention system

a type of IPS that protects an entire network and is situated at the edge of the network or in a network's DMZ

wildcard mask

a variation of a network address that specifies a network segment (group of IP addresses) by using 0s in bits that must match the network address and 1s in bits that can hold any value. Used in ACL statements to dictate which traffic can or cannot pass through.

file-infector virus

a virus that attaches itself to executable files. When the infected executable file runs, the virus copies itself to memory. Later, the virus attaches itself to other executable files.

boot sector virus

a virus that positions its code on the boot sector of a computer's hard disk so that, when the computer boots up, the virus runs in place of the computer's normal system files. These are commonly spread from external storage devices to hard disks.

network virus

a virus that propagates itself via network protocols, commands, messaging programs, and data links. Although all viruses could theoretically travel across network connections, these are specially designed to attack network vulnerabilities.

macro virus

a virus that takes the form of a macro (such as the kind used in a word-processing or spreadsheet program), which may execute when the program is in use.

vulnerability

a weakness of a system, process, or architecture that could lead to compromised information or unauthorized access

nonpersistent agent

also called a dissolvable agent. An agent that remains on a device long enough to verify compliance and complete authentication, then uninstalls.

implicit deny

an ACL rule which ensures that any traffic the ACL does not explicitly permit is denied by default

context aware

an NGFW (Next Generation Firewall) feature that enables a firewall to adapt to various applications, users, and devices

security audit

an assessment of an organization's security vulnerabilities performed by an accredited network security firm

ping of death

an attack in which a buffer overflow condition is created by sending an ICMP packet that exceeds the maximum 65,535 bytes, often resulting in a system crash.

session hijacking attack

an attack in which a session key is intercepted and stolen so that an attacker can take control of a session. One type of this attack is called a man-in-the-middle attack.

FTP bounce

an attack in which an FTP client specifies a different host's IP address and port number for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code. To stop these attacks, most modern FTP servers will not issue data to hosts other than the client that originally placed the request.

flashing

an attack in which an Internet user sends commands to another Internet user's machine that cause the screen to fill with garbage characters. Causes the user's session to terminate

IP spoofing

an attack in which an outsider obtains internal IP addresses and then uses those addresses to pretend that they have authority to access a private network from the Internet

DDoS

an attack in which multiple hosts simultaneously flood a target host with traffic, rendering the target unable to function

amplification attack

an attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, and SNMP lend themselves to being used in this kind of attack.

PDoS attack

an attack on a device that attempts to alter the device's management interface to the point where the device is irreparable. Usually targets routers or switches

MitM attack

an attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit

jamming

an attacker creating a high volume of illegitimate wireless traffic and overwhelming a network

reflector

an uninfected computer used in a DDoS attack where the computer is tricked into responding to a bogus request for response, prompting a computer to send a response to the attacker's target

master zombie

an upper-layer host in a botnet

physical attack

another name for a PDoS attack

friendly attack

another name for an unintentional DoS

malware

any program or piece of code designed to intrude upon or harm a system or its resources. This includes viruses, Trojan horses, worms, and bots.

phishing

attempting to glean access or authentication information by posing as someone who needs the information

inbound traffic

data received by a device on its way into a network

acceptable use policy

explains to users what they can and cannot do, also well as penalties for violations, and how these measures protect the network's security

content-filtering firewalls

firewalls that can block designated types of traffic based on application data contained within packets. Example: blocking a site with adult content from being accessed on a school network

Group Policy

gpedit.msc. This utility is a Windows console that is used to control what users can do and how the system can be used. Makes entries in the Registry; applies scripts to Windows start-up, shutdown, and logon processes; and affects security settings.

security policy

identifies security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. It also specifies how to deal with security breaches. Does not state exactly which hardware, software, architecture, or protocols will be used to ensure security. Does not state how hardware or software will be installed and configured.

social engineering

manipulating social relationships to gain access

persistent agent

more robust kind of agent. May provide additional security measures, such as remote wipe, virus scans, and mass messaging.

DoS attack

occurs when a system becomes unable to function because it has been inundated with requests for services and can't respond to any of them. As a result, all data transmissions are disrupted.

network-based intrusion detection system

protects a network and is usually situated at the edge of the network or in a network's protective perimeter, the DMZ. Can detect many types of suspicious traffic patterns, including ones that indicate DDoS attacks or smurf attacks

host-based intrusion detection system

runs on a single computer to alert about attacks on that one host

network segmentation

separating portions of a network in order to protect some resources while granting access to other resources

bot

short for robot, a program that runs automatically. Can spread viruses or other malicious code between users in a chat room by exploiting the IRC protocol

SIEM

software that can be configured to evaluate data logs from IDS, IPS, firewalls, and proxy servers in order to detect significant events that require the attention of IT staff according to predefined rules

port scanner

software that searches a node for open ports

zero-day exploit

takes advantage of a software vulnerability that hasn't yet become public, and is known only to the hacker that discovered it

hacking

the act of finding a creative way around a problem, increasing functionality of a device or program, or otherwise manipulating resources beyond their original intent

spoofing

the act of impersonating fields of data in a transmission, such as when a source IP address is impersonated in a DRDoS attack.

exploit

the act of taking advantage of a vulnerability

emission security

the implementation of TEMPEST. Also called EmSec.

hacker

traditionally, a person who masters the inner workings of computer hardware and software in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent

outbound traffic

traffic attempting to exit a network

data breach

unauthorized access or use of sensitive data

banner-grabbing attack

when a hacker transmits bogus requests for connections to servers or applications in order to harvest useful information to guide their attack efforts

ARP cache poisoning

when attackers use faked ARP replies to alter ARP tables in a network


Related study sets

Unit 2.2 Quiz: Estates And Ownership

View Set

Peregrine accounting and finance

View Set

chapter 13- personal selling and sales promotion

View Set

Quiz 1 (chapters 1, 4, 11, 17, 18, 23, 29, & 30)

View Set