Sec+ Remember This

Ace your homework & exams now with Quizwiz!

MD5 Message Digest 5

A common hashing algorithm that produces a 128-bit hash and verifies integrity.

HMAC Hash-based message authentication code

A fixed-length string of bits that also uses a shared secret key to add randomness. Verifies integrity and authenticity of a message.

TPM Trusted Platform Module

A hardware chip on the motherboard included on many laptops and provides full disk encryption. Includes a unique RSA asymmetric key.

MTBF Mean time between failures

A measure of a system's reliability. (repairable)

HSM Hardware Security Module

A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Used by many server-based apps to protect keys.

DHE Diffie-Hellman

A secure method of sharing symmetric encryption keys over a public network.

Blowfish

A strong symmetric 64-bit block cipher that is widely used today. Supports key sizes between 32 and 448 bits. Faster than AES-256

AES Advanced Encryption Standard

A strong symmetric block cipher that encrypts data in 128-bit blocks. Uses 128-bit, 192-bit, or 256-bit keys. Selected as current standard and is much less resource intensive than 3DES.

RC4

A strong symmetric stream cipher that can use between 40 and 2,048 bit keys.

DES Data Encryption Standard

A symmetric block cipher that encrypts data in 64-bit blocks. Uses a relatively small key of 56-bits and can be broken with brute force attacks.

3DES Triple Data Encryption Standard

A symmetric block cipher that encrypts in 64-bit blocks and was designed as a replacement to DES. Uses key sizes of 56 bits, 112 bits, or 168 bits.

Ransomware

A type of malware that takes control of a user's system or data. Criminals then attempt to extort payment from the victim by threatening to damage user's system or data.

Vishing

A type of phishing that uses the phone or VoIP. Can be fully automated.

Increase Availability

Add fault tolerance and redundancies (RAID, failover clusters, backups, and generators). HVAC also important.

SAML Security Assertion Markup Language

An XML-based standard used to exchange authentication and authorization info between different parties. Provides SSO for web-based apps.

OCSP Online Certificate Status Protocol

An alternative to CRL, which returns answers such as good, revoked, or unknown.

RSA Rivest, Shamir, and Adleman

An asymmetric encryption method using both a public key and a private key in a matched pair. It's widely used to protect data such as email and other data transmitted over the internet.

Certificates

An important part of asymmetric encryption. Includes public keys along with details on the owner and on the CA that issued it. Owners share their public key by sharing a copy of this.

RAID Redundant array of inexpensive disks

An inexpensive method used to add fault tolerance and increase availability.

SHA Secure Hash Algorithm

Another common algorithm that consists of SHA-0, 1, 2, and 3.

Single Point of Failure

Any component whose failure results in the failure of an entire system. Elements such as RAID, failover clustering, UPSs, and generators remove many single points of failure.

Trojan

Appears to be something useful but includes a malicious component, such as installing a backdoor on a user's system. Can be delivered via drive-by downloads and can also infect from rogueware, pirated software, games, or infected USB drives.

Rogue Access Points

Are malicious and often used to capture and exfiltrate data. Provides access to unauthorized users.

Test Restores

Are the best way to test the integrity of a company's backup data. Backup media should be protected with the same level of protection as the actual data.

XSS Cross-site scripting

Attack allows attackers to capture user info such as cookies. Input validation at the server help mitigate threats.

DDoS Distributed Denial of Service

Attack consists of multiple computers attacking a single target. They typically include sustained, abnormally high network traffic.

DoS Denial of Service

Attack is from a single source that attempts to disrupt the services provided by another system.

WPA cracking

Attackers capture traffic with wireless sniffer waiting for client to connect so they can capture the four-way authentication handshake info. Brute force is then used to discover passphrase.

Honeypots & Honeynets

Attempt to divert attackers from live networks and allow security personnel to observe and gather intel on attack methodologies.

Transitive Access Attack

Attempts to access a back-end server through another server. Example is SQL Injection Attack.

LDAP Injection Attack

Attempts to access or modify data hosted on directory service servers.

MTTR Mean time to recover

Average time it takes to restore a failed system.

Full Backup

Backs up all data specified, but takes a long time and can interfere with operations. It can also be quite expensive purchasing the required media.

Bcrypt

Based on Blowfish used on Unix and Linux to protect passwords by salting password with additional bits before encrypting with Blowfish. Key stretching technique to help prevent brute force and rainbow table attacks.

LDAP Lightweight Directory Access Protocol

Based on earlier version of X.500. Used to identify objects in query strings with codes. Secure version encrypts with SSL or TLS.

Rule-BAC Rule-based Access Control

Based on set of approved instructions, such as ACL. Rules trigger in response to event.

Forensic Image

Bit-by-bit copy of data which is not modified during the capture to preserve the original and maintain usability as evidence. Hashing provides integrity for captured images.

Web Security Gateway & UTM

Both combine multiple security controls into single appliance. Inspect data streams and include URL filtering, malware inspection, and content inspection components.

Certificate Revocation

CAs revoke certificates when private key is compromised, if CA is compromised, or when an employee leaves.

Hot Spot Configuration

Can be completed with WEP and Open System Authentication or security disabled so that users do not need a pre-shared key.

WAP range

Can be limited by reducing WAPs power level.

Metrics

Can be used to prove the success of a training or security awareness program by comparing incidents before and after the training.

Anomaly-based IDSs

Can detect unknown anomalies. Start with baseline of normal behavior and sends alert when traffic significantly differs.

Network-based DLP

Can examine and analyze network traffic and detect if confidential or any PII data is included in email.

Port Scanner

Can help determine what services and protocols are running on a remote system by identifying open ports.

Vulnerability Scanner

Can identify vulnerabilities, misconfigured systems, and the lack of security controls such as up-to-date patches. Scans are passive and have little impact on a system during a test.

HIDS Host-based intrusion detection system

Can monitor all traffic on single host and may detect malicious activity missed by antivirus software.

Endpoint DLP

Can prevent users from copying or printing sensitive data

RAID-5

Can survive the failure of one disk.

RAID-6

Can survive the failure of two disks.

Replay Attacks

Capture data in a session with the intent of later impersonating one of the parties in the session. Timestamps and sequence numbers are effective countermeasures.

XSRF Cross-site request forgery scripting

Causes users to perform actions on web sites, such as making purchases, without their knowledge. Can be used to steal cookies and harvest passwords.

Wireless Audit

Checks wireless signal footprint, power level, antenna placement, and encryption of wireless traffic. Use war driving to detect rogue access points and identify unauthorized users.

Door Access Systems

Cipher locks (don't identify), proximity cards (with pin = identify and authenticate), biometrics (identify and authenticate).

Security Controls

Classified as technical, management, and operational

SaaS Software as a Service

Cloud-based technologies provides software or applications to users over a network such as the internet. (Web-based email)

Warm Site

Combo of hot and cold site.

Communication Plan

Commonly included in BCPs and DRPs. Identifies alternate methods of comm, such as war room or push-to-talk phones. Also identifies who must be contacted, such as response team members, employees, suppliers, customers, media, and regulatory agencies.

ECC Elliptical Curve Cryptography

Commonly used with small wireless devices since it doesn't take much processing power to achieve desired security.

Dual-Factor Authentication

Consists of two different factors: Users have something (smart card) and know something (pin)

SLE Single loss expectancy

Cost of a single loss.

SHA-1

Creates 160-bit hashes and verifies integrity.

IPsec Internet Protocol Security

Creates secure tunnels for VPNs. Built into IPv6 and can encrypt any type of IPv6 traffic. Uses Internet Key Exchange (IKE) over port 500. Identified with protocol ID 50 for ESP. Must use HMAC for authentication and integrity. Uses AES or 3DES for encryption with ESP(encrypt entire packet).

Account Disablement

Data and security keys associated with account remain available which are no longer accessible if the account is deleted.

Forensic Analysis

Data should be collected from the most volatile to the least volatile. Order: cache memory, regular RAM, swap or paging file, hard drive data, logs stored on remote systems, and archived media.

Incident Response Policy

Defines an incident and incident response procedures. Starts with preparation to prevent incidents.

Change Management

Defines the process and accounting structure for handling modifications and upgrades. Goals are to reduce risks related to unintended outages and provide documentation for all changes.

Antivirus Software

Detects and removes malware, such as viruses, Trojans, and worms. Signature-based detects known malware and heuristic-based detects previously unknown malware.

Vulnerability Assessment

Determines the security posture of a system or network by identifying vulnerabilities and weaknesses.

Port Security

Disable unused ports, limit MAC addresses per port. Prevents rogue devices from connecting.

SYN Flood Attack

Disrupts the TCP initiation process by withholding the third packet of the TCP three-way handshake. Flood guards protect against these types of attacks.

Mobile Site

Do not have dedicated locations but can provide temporary support during a disaster.

Stream Ciphers

Encrypt data a single bit, or single byte, at a time in a stream. More efficient than block ciphers.

Block Ciphers

Encrypt data in a specific-sized block such as 64-bit or 128-bit blocks. Not as efficient as stream ciphers.

Digital Signature

Encrypted hash of a message. Sender's private key encrypts and recipient uses sender's public key to decrypt. Provides authentication (ID sender), non-repudiation (prevents denial), and integrity (verifies message).

SSH

Encrypts FTP as SFTP and TCP wrappers using port 22. Used with SCP (Secure copy) to copy encrypted files over network.

SSL Secure Sockets Layer

Encrypts traffic such as SMTP and LDAP with use of certificates. Used by FTPS (File Transfer Protocol Secure) to encrypt FTP traffic.

TLS Transport Layer Security

Encrypts with use of certificates. Designed as replacement for SSL.

SSO Single Sign-on

Enhances security by requiring users to use and remember only one set of credentials for authentication. One set of credentials used throughout user's session.

Succession Planning

Ensures an organization can continue to thrive even if key leaders unexpectedly leave or are unavailable.

Design Review

Ensures systems and software are developed properly.

Logic Bomb

Executes in response to an event, such as when a specific application is executed or a specific time arrives.

Proxy

Forwards requests from client. Provides caching to improve performance and reduce bandwidth usage. Can filter URLs and log activity.

Full/Differential Backup

Full backup followed by differential back up covering several days. Reduce the amount of time needed to perform backups.

Full/Incremental Backup

Full backup followed by incremental back ups each day. Reduce the amount of time needed to perform backups.

Preventive Controls

Hardening systems, security guards, change management process, account disablement policy.

WEP

Has several weaknesses and shouldn't be used. Includes use of weak IVs (initialization vector) to create encryption keys as opposed to RC4 symmetric encryption protocol.

White Box Testers

Have full knowledge of the system prior to a pentest.

Gray Box Testers

Have some knowledge of the system prior to a pentest.

Rootkits

Have system-level or kernel-level access and can modify system files and system access. They can hide their running processes to avoid detection with hooking techniques and tools that can inspect RAM can discover these hidden hooked processes.

Black Box Testers

Have zero prior knowledge of the system prior to a pentest. Often use fuzzing.

Routine Audits

Help an organization ensure they are following their policies, such as principle of lest privilege and account management best practices.

Error & Exception Handling

Helps protect the integrity of the OS and controls errors shown to users. Apps should show generic error message but detailed log info.

Steganography

Hides messages or other data within a file. Hashing is used to detect if steganography has been used.

Password History

History of 24 remembers the last 24 passwords.

ARO Annual rate of occurrence

How many times the loss will occur in a year.

Sniffing

IDS & IPS capability

Application Whitelisting

Identifies authorized software for workstations, servers, and mobile devices. Prevents users from installing or running software that isn't approved.

Signature-based Detection

Identifies issues based on known attacks or vulnerabilities and known anomalies .

BIA Business Impact Analysis

Identifies systems and components that are essential to the organization's successes. It also identifies maximum downtime limits for these systems and components, various scenarios of impact, and potential losses.

RTO Recovery Time Objective

Identifies the maximum amount of time it should take to restore a system after an outage. It's derived from the maximum allowable outage time identified in the BIA.

SSID Service set identifier

Identifies the name of the wireless network and should be changed from the default name. Disabling the broadcast can hide network from casual users, but can be discover by an attacker with a wireless sniffer.

WPA

Immediate replacement for WEP and used TKIP and RC4 for older hardware compatibility.

Group Policy

Implemented on a domain controller within a domain and is used to create password policies, lock down GUI, configure host-based firewalls, etc.

DIAMETER

Improvement over RADIUS supporting additional capabilities including securing transmissions with EAP.

Backup Best Practices

Include storing a copy off-site for retention purposes, labeling media, performing test restores, and destroying media when it is no longer usable.

DNS Domain Name Server

Includes A records for IPv4 and AAAA records for IPv6 addresses. Uses TCP port 53 for zone transfer and UDP port 53 for client queries. Most run BIND software on Linux or Unix Servers.

Transport Encryption

Includes SSH, IPSec, HTTPS, SSL, and TLS to protect the confidentiality of data transmitted over a network.

DRP Disaster Recovery Plan

Includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan and the final phase includes a review to identify any lessons learned and possible plan update.

CRL Certificate revocation list

Includes a publicly available list of revoked certs.

Mobile Device Security

Includes device encryption, screen locks, and remote wipe.

NAC Network Access Control

Includes methods to inspect clients for health (up to date antivirus software). Can restrict access of unhealthy clients to remediation network. Can be used for VPN clients and for internal clients.

SHA-3

Includes multiple versions with hashes of 224, 256, 384, and 512 bits.

Hot Site

Includes personnel, equipment, software, and comm capabilities of the primary site with all the data up to date. Provides shortest recovery time and is the most effective disaster recovery solution but also the most expensive.

SHA-2

Includes versions consisting of 224, 256, 384, and 256 hashes. Each number represents the number of bits in the hash. Verifies integrity.

Load Balancing

Increases the overall processing power of a service by sharing the load among multiple servers. Also ensure availability when a service has an increased number of requests.

NIDS Network-based intrusion detection system

Installed on network devices to monitor traffic and detect attacks. It cannot monitor encrypted traffic or monitor traffic on individual hosts.

Twofish

Is a symmetric 128-bit block cipher and supports 128, 192, or 256-bit keys.

Pentest

Is an active test that can assess deployed security controls and determine impact of threat. It starts with vulnerability scan then tries to exploit the vulnerabilities by attacking or simulating an attack. It is obtrusive and can potentially compromise a system.

MTTF Mean time to failure

Length of time you can expect a device to remain in operation before it fails. (nonrepairable)

Risk

Likelihood that threat will exploit a vulnerability.

Detective Controls

Log monitoring, trend analysis, security audits, CCTV systems

Phishing

Malicious spam used to trick into revealing personal info or clicking on a link.

Written Security Policies

Management controls that identify a security plan. Technical, operational, and additional management controls enforce securtiy policies.

Spyware

Monitors a user's computer.

CHAP Challenge Handshake Authentication Protocol

More secure than PAP in that it doesn't send info in clear text. Uses PPP.

Enterprise Mode

More secure than personal mode. Uses 802.1X server (RADIUS server) to add authentication

Discovery Mode

Must be disabled to provide protection for Bluetooth devices.

Kerberos

Network authentication protocol within MS Active Directory Domain. Issues time stamped tickets that expire after a certain time period. Uses UDP port 88.

False Negative

Network doesn't detect active attack.

Buffer Overflow

Occurs when app receives more data than it can handle, or receives unexpected data that exposes system memory.

Data Leakage

Occurs when users install P2P software and unintentionally share files. P2P software is often blocked on an organization's firewall.

Failover Clusters

One method of server redundancy that provides high availability for servers. Can remove a server as a single point of failure.

HOTP HMAC-based One-time password

Password that does not expire. Open source standard.

TOTP Time-based one-time password

Password that expires after 30 seconds. Open source standard.

WPA2

Permanent replacement for WEP and WPA supporting stronger AES encryption algorithm. Supports CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol).

Separation of Duties

Prevents any single person or entity from being able to complete all the functions of a critical or sensitive process by dividing the tasks between employees. Helps prevent fraud that can occur if a single person prints and signs checks.

EMI Shielding Electromagnetic interference shielding

Prevents outside interference sources from corrupting data and prevents data from emanating outside the cable.

Security Awareness

Primary goal is to reinforce user compliance with security policies and help reduce risks posed by users.

LEAP Lightweight EAP

Proprietary to Cisco and does not require a digital cert.

Account Lockout

Protects against brute force attacks.

Full Disk Encryption

Protects entire disks, including USB flash drives and drives on mobile devices.

Data Column Encryption

Protects individual fields within a database.

Host-based Firewall

Provide protection for individual hosts. Linux systems support xtables.

Baseline Reporting

Provides a report after comparing baselines with current systems. Can be used for security baselines, operating system baselines, application configuration baselines, and software baselines.

Backdoor

Provides another way of accessing a system created by many types of malware.

RADIUS Remote Authentication Dial-In User Service

Provides centralized authentication.

Encryption

Provides confidentiality and helps ensure that data is viewable only by authorized users.

ESP Encapsulating Security Payload

Provides confidentiality, integrity, and authentication for VPN traffic.

PaaS Platform as a Service

Provides customers with a fully managed platform, which the vendor keeps up to date with current patches.

IaaS Infrastructure as a Service

Provides customers with access to hardware in a self-managed platform where customers are responsible for keeping up to date.

UPS Uninterruptible power supply

Provides fault tolerance for power and can protect against power fluctuations. Provides short-term power. Generators provide long-term power.

Virtualization

Provides increased availability with lower operating costs and high level of flexibility when testing security controls, updates, and patches since they can be easily reverted with snapshots.

Host software baseline

Provides list of approved software and a list of software installed on systems. Can be used to identify unauthorized software.

POP3 Post Office Protocol v3

Receives email on port 110.

Email Encryption

Recipient's public key encrypts and recipient's private key decrypts.

Recovery Agents

Recover user messages and data when users lose access to their private keys. In some cases, they can recover the private key from a key escrow.

Pharming Attack

Redirects a web site's traffic to another site and can do so by modifying the hosts file on the user's system.

Wildcard Certs

Reduce the management burden associated with certificates.

Humidity Controls

Reduce the potential for damage from electrostatic discharge and damage from condensation.

RPO Recovery Point Objective

Refers to the amount of data you can afford to lose.

PEAP & EAP-TTLS Protected EAP and EAP Tunneled TLS

Require a cert on the 802.1x server

Job Rotation Policies

Require employees to change roles on a regular basis to help ensure they cannot continue with fraudulent activities.

EAP-TLS Extensible Authentication Protocol-TLS

Requires certs on both the 802.1x server and each of the clients

Mandatory Vacation Policy

Requires employees to take time away from their job. Also helps to deter fraud and discover malicious activities while the employee is away.

Clean Desk Policy

Requires users to organize their areas to reduce the risk of possible data theft. Reminds users to secure sensitive data and may include a statement about not writing down passwords.

ARP Address Resolution Protocol

Resolves MAC addresses to IPv4

MAC filtering

Restricts access to wireless networks to specific clients. Attacker can use sniffer to discover allowed MAC addresses and spoof MAC address.

Code Review

Reviews software line-by-line to identify potential vulnerabilities such as race conditions or susceptibility to buffer overflow attacks.

Evil Twin

Rogue access point using same SSID as legitimate access point.

ALE Annual loss expectancy

SLE x ARO

SMTP Simple Mail Transfer Protocol

Sends email on TCP port 25

Fuzzing

Sends random strings of data to apps looking for vulnerabilities. Admin uses this technique to test apps, while attackers use it to detect attack methods.

Typo Squatting

Similar domain names used for malicious purposes.

NDP Neighbor Discovery Protocol

Similar to ARP with IPv6

IPS Intrusion Prevention System

Similar to IDS except it is placed in-line with traffic. Can actively monitor data streams, detect malicious content and stop attacks in progress. Can be used internally to protect private networks.

Standardized Image

Snapshot of a single system used to streamline deployments allowing for a secure starting point and reduced cost. Used as baseline to identify anomalies.

Authentication

Something you know(password or pin = weakest factor). Can also be something you are such as biometrics (strongest) and something you have (smart card, token). User proves claimed identity (password or pin) and credentials are verified.

DAC Discretionary Access Control

Specifies that every object has an owner, and owner has full, explicit control of object. MS NTFS uses this.

Incremental Backup

Starts with full backup, then only backs up data that has changed or is different since the last full backup or last incremental backup.

Differential Backup

Starts with full backup, then only backs up data that has changed or is different since the last full backup.

Whaling

Targets high-level executives.

Spear Phishing

Targets specific groups of users. Digital signatures provide assurances as to who sent the email and if its valid.

CSR Certificate signing request

The first step to create a RSA-based private key, which is used to create a public key. The public key is included in this and after the CA validates your identity, embeds the public key in the certificate.

Hardening

The practice of making an OS or application more secure from its default installation.

Key Escrow

The process of placing a copy of a private key in a safe environment useful for recovery.

COOP Continuity of operations planning

These sites provide an alternate location for operations after a critical outage. Most common sites are hot, cold, warm, and mobile.

PKI Public Key Infrastructure

This requires a trust model between CAs. Most trust models are hierarchical and centralized with a central root CA.

NAT Network Address Translation

Translates public IP addresses to private and private back to public. Dynamic version uses multiple public IP addresses and PAT uses single public IP address.

Smurf Attacks

Typically use directed broadcasts to launch through amplifying networks. Disabling directed broadcasts on routers can mitigate this threat.

Bluesnarfing

Unauthorized access to or theft of info from Bluetooth device.

Bluejacking

Unauthorized sending of text messages to nearby Bluetooth device.

Zero-day Exploits

Undocumented and unknown to the public.

Spam

Unwanted email.

Technical Controls

Use technology to reduce vulnerabilities. Includes encryption, antivirus software, IDSs, firewalls, and principle of least privilege. Also motion detectors and fire suppression.

PBKDF2

Used by WPA2, Apple iOS, and Cisco to increase security of passwords. Adds a salt of at least 64-bits. Key stretching technique to help prevent brute force and rainbow table attacks.

Omnidirectional Antenna

Used by most WAPs to transmit and receive signals in all directions at the same time.

L2TP Layer 2 Tunneling Protocol

Used for VPNs and commonly combined with IPSec. Uses UDP port 1701.

Isolation Mode

Used in an access point to prevent clients from connecting to each other. Sometimes used in public networks to protect wireless clients.

Yagi Antenna

Used to connect two WAPs together since it can focus into a single direction while also increasing gain and reducing the radiation pattern.

Public Key

Used to decrypt info encrypted with a matching private key.

Private Key

Used to decrypt info encrypted with a matching public key.

SNMP Simple Network Management Protocol

Used to manage and monitor network devices via UDP ports 161 and 162.

SQL Injection Attack

Used to pass queries to back-end databases through web servers. Input validation and stored procedures reduce threat. It's an example of a transitive access attack that can bypass many other security controls.

Identification

User claims identity such as username or email address

Switch Loop Protection

Uses STP or RSTP to protect against

PPTP Point-to-Point Tunneling Protocol

Uses TCP port 1723

Client-side Attack

Uses an app on the client computer, such as a web browser.

ECDHE Elliptical Curve Diffie-Hellman Ephemeral

Uses ephemeral keys generated using ECC.

Armored Virus

Uses one or more technologies to make it difficult to reverse engineer. Common techniques include using complex code, using encryption, or hiding the location.

PAP Password Authentication Protocol

Uses password or pin to send info across network in clear text making it susceptible to sniffing attacks. Uses PPP.

IMAP4 Internet Message Access Protocol version 4

Uses port 143

Role-BAC Role-based Access Control

Uses roles based on jobs and functions.

Symmetric Encryption

Uses same key to encrypt and decrypt data. Used by RADIUS.

MAC Mandatory Access Control

Uses sensitivity labels for users and data such as classification levels and clearances.

Quantitative Risk Assessment

Uses specific monetary amounts to identify cost and asset values. Uses judgment to categorize risks based on probability and impact. ALE = SLE x ARO

Asymmetric Encryption

Uses two keys in a matched pair to encrypt and decrypt data. Require a certificate and a PKI.

HMAC-MD5

Verifies integrity and authenticity. Creates 128-bit hashes. Used by IPSec and TLS.

HMAC-SHA1

Verifies integrity and authenticity. Creates 160-bit hashes. Used by IPSec and TLS.

Hashing

Verifies integrity for data such as email, downloaded files, and files stored on a disk. It is a number created with an algorithm. It's a one way function that cannot be reversed to re-create the original file.

Input Validation

Verifies validity of inputted data before using it. Server-side validation is more secure than client side. Lack of this is the most common security issue on web-based apps.

Digital Signatures

Verify integrity of emails and files. Require certs that provide authentication and non-repudiation

Personal Mode

WPA-PSK & WPA2-PSK. A mode that uses a pre-shared key and does not provide individual authentication.

Web site Encryption

Web site's public key encrypts (symmetric key), web site's private key decrypts (asymmetric), and the symmetric key encrypts the data in the web session.

False Positive

When an alert or alarm is actually harmless. Ex: scan detects a vulnerability, but vulnerability doesn't exist.

Cold Site

Will have power and connectivity needed for COOP activation, but little else. Least expensive and the hardest to test.

Implicit Deny

deny any any. Forces firewall to block any traffic not previously allowed in ACL. Used on routers and firewalls as last rule on ACL.

Protocol Analyzer

(aka sniffer) Used by admin to capture, display, and analyze packets sent over a network. Useful as troubleshooting tool for comm problems between systems and to detect attacks that manipulate or fragment packets. To capture traffic, NIC must be in promiscuous mode.


Related study sets

Ch21a-Explain the accounting for operating leases

View Set

(PrepU) Chapter 16: Postoperative Nursing Management

View Set

PREPROCEDURE & POSTPROCEDURE STEPS

View Set

Circles in the Coordinate Plane Quiz 2023-2024

View Set

ServSafe Chapter 6: The Flow of Food: Purchasing and Receiving

View Set