Cybersecurity Unit 2

Ace your homework & exams now with Quizwiz!

ACK

Hands grasped + shaken; ready to communicate

HTTP Port Number

80

SYN-ACK

Other person sees your hand + acknowledges it by extending their hand

FTP Port Number

20/21

SMTP Port Number

25

HTTPS Port Number

443

pcap file

A Wireshark data capture file that contains packet information of network traffic

Hexadecimal

A base-16 number system. The extra digits are represented by the letters a through f, so all digits in hex are 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f.

netstat

A command-line tool that shows network stats (ports and IP addresses) on your computer that can communicate w/ other hosts on the network

SMTP (Simple Mail Transfer Protocol)

A communication protocol for sending mail; has a history of weaknesses

Web Server

A computer that delivers files + web pages across a network to requesting clients

Host

A computer that is connected to a network (aka a machine or system)

SQL (Structured Query Language)

A language used to manage data in a database

Abstraction

A lot of the details of a system or process is hidden, allowing the user to focus on the details that are important to the task at hand

Router

A network device that gathers/filters data b/w networks (wired or wireless). Acts as a gateway b/w two networks

NIC (Network Interface Card)

A network interface card is a physical component on a computer or device that provides connectivity to a network

TLS (Transport Layer Security)

A security protocol that encrypts data at the packet-level

DNS (Domain Name System)

A service that converts domain names to IP addresses + the reverse

Exploits

A software or command that tasks advantage of weaknesses in a system

TCP Handshake

A three-way communication method using SYN (synchronize), SYN-ACK (synchronize=acknowledge), and ACK (acknowledge) to establish a connection between hosts.

Cross-Site Scripting (XSS)

A type of exploit in which the attacker inserts malicious client-side code into web pages to steal data, take control of a computer, run malicious code, or achieve a phishing scam.

SQL Injection

A type of exploit where attackers use SQL code to steal or modify data in a database

MAC (Media Access Control) Address

A unique numeric code that is assigned to networking hardware components thats built into computers + mobile devices

Broadcast

A way for a computer to communicate with all hosts on a network using one message

Port

A way for computers to identify specific programs + manage their activity Port appears after a colon at the end of an address in an IP address (:21)

IIS Manager (Internet Information Services)

Allows admins to define the behavior + structure of sites run by IIS (an admin tool)

Packet Filtering

Allows or denies packets based on source and destinations addresses, ports, or protocols

IP Address

An identifying number for hosts and servers on the internet. Either in IPv4 or IPv6 form

Grey Hat Hacker

An in-b/w hacker who uses unethical means to find vulnerabilities but they share findings + issues they encounter

Packet Bytes Pane

Bottom pane of Wireshark that shows all the info in a packet

HTML Tag

Code that defines every structure on an HTML page (start with < and end with >)

DDoS Attack

Distributed Denial of Service Attack Targets websites + web servers to try and bring them to a halt 1 host: DoS Attack Multiple hosts: DDoS Attack

White Hat Hacker

Ethical hacker who has permission to perform certain tests + discloses their activities, they report vulnerabilities + help improve the security's system. Their behavior is to help society

SYN

Extending your hand

Hardening

Increase a computer's security + reduce vulnerabilities

Domain Name

Last two elements of a URL. Helps organizations build URL's (ex. google.com helps build drive.google.com)

FTP (File Transfer Protocol)

Lets computers copy files to + from devices on a network (malicious users can use this to deliver malware)

CIA Triad

Most common security model; Confidentiality (protecting data from unauthorized access), Integrity (ensuring data is never tampered with), Accessibility (making sure data is readily available)

Ping

Network tool used to check host status

Pen (Penetration) Test

Performing a computer attack to evaluate the security of a system

Data Cleansing

Protecting against XSS or SQL exploits by adding measures that recognize any scripting tags entered by the user; the server treats them as plain text or removes them

Packet Sniffing

Watching and analyzing network traffic at the packet level (like Wireshark)

XSS Stored Attack

Similar to an XSS reflected attack with one major difference: This exploit permanently stores the malware script in the database

Packet

Small units of data transmitted on a network; can compose larger data like packets

Rootkit

Software running with elevated privileges to control a computer or gain access to restricted data

Ransomware

Software that locks your computer requiring you to pay to remove it; can spread

Keylogger

Software that records keystrokes

Botnet

Software that replicates and infects many computers which will turn it into a "zombie" which is remotely controlled

Loose Lipped Errors

Systems provide error messages and sometimes why the execution failed; this is a rich source of info for hackers

OUI (Organizationally Unique Identifier)

The first half of the MAC address, designating the manufacturer of the network device.

Command Execution (Injection) Attack

The goal is execution of arbitrary commands on the host operating system via a vulnerable application

IoT (Internet of Things)

The network of devices that are connected to the internet, enabling the sending and receiving data among them

Timestamp

The time the packet arrived

IEEE (Institute of Electrical and Electronic Engineers)

They are best known for developing standards in the computer and electronics industries

HTTP (HyperText Transfer Protocol)

This protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.

Black Hat Hacker

Unethical criminal hacker; their behavior is meant to cause harm, draw attention to something, or for personal gain

TCP (Transmission Control Protocol)

Used to establish and maintain connections over a computer network

Linux

Used to host routers + web servers

Man in the Middle (MITM)

When a user intercepts communication b/w the victim's computer and the internet

Forceful Directory Browsing

When hackers can use their knowledge of a web server's directory structure to craft URL addresses and navigate to locations that are unreferenced and unlinked in a web site


Related study sets

Chapter 30 Management of Patients with Hematologic Neoplasms

View Set

Commonly Confused Words- NoRedInk

View Set