Network Chapter 8
proxy server
(1) A network host that runs a proxy service. (2) On a SIP network, a server that accepts requests for location information from user agents, then queries the nearest registrar server on behalf of those user agents.
reflective attack
A DoS attack bounced off of uninfected computers before being redirected at the target. (also called a DRDoS attack)
DRDoS attack
A DoS attack bounced off of uninfected computers before being redirected at the target. (also called a reflective attack)
friendly attack
A DoS situation that is created unintentionally and without malicious intent. (also called an unintentional DoS attack)
gpedit.msc
A Windows utility that is used to control what users can do and how the system can be used.
RF emanation
A condition created by the leaking of radio or electrical signals from computer equipment.
security policy (configuration)
A configuration programmed into an operating system or firewall that defines the conditions that must be met in order for a device to be given access to a network or computing resource.
honeypot
A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.
lure
A decoy system that, when attacked, can provide unique information about hacking behavior.
IDS
A dedicated service or software on a workstation, server, or switch, which might be managed from another computer on the network, and is used to monitor network traffic and create alerts when suspicious activity happens within the network.
IPS
A dedicated service or software running on a workstation, server, or switch, that stands between the attacker and the network or host, and can prevent traffic from reaching the protected network or host.
consent to monitoring
A document designed to make employees aware that their use of company equipment and accounts can be monitored and reviewed as needed for security purposes.
security policy (document)
A document or plan that identifies an organization's security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee.
application aware
A feature that enables a firewall to monitor and limit the traffic of specific applications, including the application's vendor and digital signature.
stateful firewall
A firewall capable of a stateful inspection, in which it examines an incoming packet to determine whether it belongs to a currently active connection and is, therefore, a legitimate packet.
network-based firewall
A firewall configured and positioned to protect an entire network.
NGFW
A firewall innovation that includes advanced, built-in features, including Application Control, IDS and/or IPS functionality, user awareness, and context awareness.
content-filtering firewall
A firewall that can block designated types of traffic from entering a protected network based on application data contained within packets.
stateless firewall
A firewall that manages each incoming packet as a stand-alone entity without regard to currently active connections.
host-based firewall
A firewall that only protects the computer on which it's installed.
botnet
A group of computers requisitioned in coordinated DDoS attacks without the owners' knowledge or consent.
domain local group
A group of workstations that is centrally managed via Active Directory for the entire network.
reverse proxy
A host that provides services to Internet clients from servers on its own network.
ACL
A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria.
access list
A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria.
slave zombie
A lower-layer host in a botnet.
logic bomb
A malicious program designed to start when certain conditions are met.
hardening technique
A measure taken to help mitigate security risks to a network.
buffer overflow
A memory problem in which a buffer's size is forced beyond its allotted space, causing the operating system to save data in adjacent memory areas.
integrity checking
A method of comparing the current characteristics of files and disks against an archived version of these characteristics to discover any changes.
port mirroring
A monitoring technique in which one port on a switch is configured to send a copy of all its traffic to a second port.
network segmentation
A network arrangement in which some portions of the network have been separated from the rest of the network in order to protect some resources while granting access to other resources.
honeynet
A network of honeypots.
quarantine network
A network segment that is situated separately from sensitive network resources and might limit the amount of time a device can remain connected to a network.
Nessus
A penetration-testing tool from Tenable Security that performs sophisticated vulnerability scans to discover information about hosts, ports, services, and software.
metasploit
A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits.
hacker
A person who masters the inner workings of computer hardware and software in an effort to better understand them.
AUP
A portion of the security policy that explains to users what they can and cannot do, and penalties for violations. It might also describe how these measures protect the network's security.
phishing
A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.
penetration testing
A process of scanning a network for vulnerabilities and investigating potential security flaws.
malware
A program or piece of code designed to intrude upon or harm a system or its resources.
bot
A program that runs automatically. They can spread viruses or other malicious code between users in a chat room by exploiting the IRC protocol.
IRC
A protocol that enables users running special IRC client software to communicate instantly with other participants in a chat room on the Internet.
packet-filtering firewall
A router that examines the header of every packet of data that it receives to determine whether that type of packet is authorized to continue to its destination.
network policy
A rule or set of rules that determines the level and type of access granted to a device when it joins a network.
DAI
A security feature on a switch that monitors ARP messages in order to detect faked ARP messages.
DHCP snooping
A security feature on switches whereby DHCP messages on the network are checked and filtered.
proxy service
A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the addresses of internal LAN devices.
agent
A software routine that collects data about a managed device's operation or compliance with security benchmarks, and provides this information to a network management application.
backdoor
A software security flaw that can allow unauthorized users to gain access to a system. Legacy systems are particularly notorious for leaving these kinds of gaps in a network's overall security net.
TEMPEST
A specification created by the NSA to define protection standards against RF emanation, which when implemented are called EmSec.
NAC
A technology solution that balances the need for network access with the demands of network security by employing a set of rules to determine the level and type of access granted to a device when it joins a network.
smurf attack
A threat to networked hosts in which the host is flooded with broadcast ping messages.
HIDS
A type of intrusion detection system that runs on a single computer, such as a client or server, to alert about attacks against that one host.
NIDS
A type of intrusion detection that protects an entire network and is situated at the edge of the network or in a network's protective perimeter, known as the DMZ.
HIPS
A type of intrusion prevention system that runs on a single computer, such as a client or server, to intercept and help
NIPS
A type of intrusion prevention that protects an entire network and is situated at the edge of the network or in a network's protective perimeter, known as the DMZ.
heuristic scanning
A type of virus scanning that attempts to identify malware by discovering malware-like behavior.
polymorphic virus
A type of virus that changes its characteristics every time it is transferred to a new system, making it harder to identify.
stealth virus
A type of virus that hides itself to prevent detection.
file-infector virus
A virus that attaches itself to executable files. When the infected executable file runs, the virus copies itself to memory. Later, the virus attaches itself to other executable files.
encrypted virus
A virus that is encrypted to prevent detection.
boot sector virus
A virus that positions its code on the boot sector of a computer's hard disk so that, when the computer boots up, the virus runs in place of the computer's normal system files. They are commonly spread from external storage devices to hard disks.
network virus
A virus that propagates itself via network protocols, commands, messaging programs, and data links.
macro virus
A virus that takes the form of a macro, which may execute when the program is in use.
persistent agent
Agent software that is permanently installed on a device and that can provide robust security measures such as remote wipe, virus scanning, and mass messaging.
dissolvable agent
Agent software that remains on a device long enough to verify compliance and complete authentication, and then uninstalls.
nonpersistent agent
Agent software that remains on a device long enough to verify compliance and complete authentication, and then uninstalls.
implicit deny
An ACL rule which ensures that any traffic the ACL does not explicitly permit is denied by default.
context aware
An NGFW (Next Generation Firewall) feature that enables a firewall to adapt to various applications, users and devices.
Application Control
An NGFW (Next Generation Firewall) feature that gives a firewall some level of application awareness functionality.
security audit
An assessment of an organization's security vulnerabilities performed by an accredited network security firm.
posture assessment
An assessment of an organization's security vulnerabilities.
ping of death
An attack in which a buffer overflow condition is created by sending an ICMP packet that exceeds the maximum 65,535 bytes, often resulting in a system crash.
session hijacking attack
An attack in which a session key is intercepted and stolen so that an attacker can take control of a session.
DoS attack
An attack in which a system become unable to function because it has been inundated with requests for services and can't respond to any of them. As a result, all data transmissions are disrupted.
FTP bounce
An attack in which an FTP client specifies a different host's IP address and port number for the requested data's destination.
flashing
An attack in which an Internet user sends commands to another Internet user's machine that causes the screen to fill with garbage characters.
IP spoofing
An attack in which an outsider obtains internal IP addresses and then uses those addresses to pretend that he has authority to access a private network from the Internet.
ARP cache poisoning
An attack in which attackers use fake ARP replies to alter ARP tables in a network.
banner-grabbing attack
An attack in which hackers transmit bogus requests (or sometimes, successful requests) for connection to servers or applications in order to harvest useful information to guide their attack efforts.
DDoS attack
An attack in which multiple hosts simultaneously flood a target host with traffic, rendering the target unable to function.
amplification attack
An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, and SNMP lend themselves to being used in these kinds of attacks.
physical attack
An attack on a device that attempts to alter the device's management interface to the point where the device is irreparable. (also known as a PDoS attack)
PDoS attack
An attack on a device that attempts to alter the device's management interface to the point where the device is irreparable. (also known as a physical attack)
jamming
An attack on a wireless network in which an attacker creates a high volume of illegitimate wireless traffic and overwhelms the wireless network.
MitM attack
An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit.
reflector
An uninfected computer used in a DDoS attack where the computer is tricked into responding to a bogus request for a response, prompting the computer to send a response to the attacker's target.
master zombie
An upper-layer host in a botnet.
inbound traffic
Data received by a device on its way to a network.
exploit
In the context of network security, the act of taking advantage of a vulnerability.
SIEM
Software that can be configured to evaluate data logs from IDS, IPS, firewalls, and proxy servers in order to detect significant events that require the attention of IT staff according to predefined rules.
port scanner
Software that searches a server, switch, router, or other device for open ports, which can be vulnerable to attack.
hacking
The act of finding a creative way around a problem, increasing functionality of a device or program, or otherwise manipulating resources beyond their original intent.
spoofing
The act of impersonating fields of data in a transmission, such as when a source IP address is impersonated in a DRDoS attack.
social engineering
The act of manipulating social relationships to circumvent network security measures and gain access to the system.
signature scanning
The comparison of a file's content with known malware signatures tin a signature database to determine whether the file is dangerous.
EmSec
The implementation of TEMPEST.
outbound traffic
Traffic attempting to exit a LAN.
data breach
Unauthorized access or use of sensitive data.