Domain 3 - Review Questions
Terms in this set (44)
the simplest method of an intrusion detection system but it is the least flexible method of protection against network born malware.
dynamic key variance & encrypting wireless traffic
802.1x can use this to improve the privacy for a wireless LAN.
this capability detects attack patterns using frequency and threshold analysis
Network Intrusion Detection System
This can watch an entire network looking for previously discovered attack signatures and can spot configuration errors.
Unauthorized installation of wireless access points for the purpose of conducting MITM attacks or bypassing company security.
Unauthorized access to a mobile device via bluetooth
Sending unsolicited messages via bluetooth enabled devices.
A particularly effective information theft attack in crowded places, at ATM's, even at a distance.
Exploiting a software bug design flaw, or configuration in order to gain higher level permissions on a secure system.
a collection of compromised computers that often enable large scale crimes such as DDoS, phishing and spam.
an attack that manipulates people (not systems) into giving up sensitive information or unauthorized access.
Secure Sockets Layer
a cryptographic protocol that provides secure internetwork communication but leaves the system open to man in the middle attacks.
a cryptographic hash function that produces a 160 bit message digest and is provably broken by collision attacks and fails to resist cryptographic attacks and collisions.
Cross Site Scripting
an application attack that stems from poor programming practices and the lack of input validation.
these can often result in the injection of scripts that can bypass security or steal info.
these often serve as openings in a web application, service or operating system, and provide unauthorized entry or undocumented access.
this can intercept and monitor network traffic and decode protocols and payloads for analysis.
this is designed to asses systems and services for inherent vulnerabilities that include configuration errors or programming flaws.
this is designed to probe hosts for open service ports to enumerate listening services and verify security policies.
these things can be used to subvert control over connecting clients on a local network.
these can become a security issue when they store account or credit information because the store the file in plain text.
this is triggered by a system event or process.
Rogue DHCP Server
this type of server can assign connecting clients IP addresses that route through a middle man, which can put those systems under an attacker's control.
this can be launched by doing something as simple as opening an attachment to an email.
typically operates at the kernel where low level interactions can be manipulated and disguised from higher level applications.
this can hide from nefarious activity and suspect files or data over a remotely controlled network.
this is a self replicating file which always attaches to a host.
this has the ability to change its internal code.
A largely unpopular unsolicited email sending method
files that are usually stored as a local text file, but other formats are possible.
this can intervene on kernel processes and utility resources to hide attacker-born processes, files and network connections.
Cross Site Scripting
this represents an ability to inject malicious code into web pages viewed by other users.
Cross Site Scripting
these attacks exploit vulnerable browsers to bypass built in security controls.
this is an attack that can be performed by posing as a trusted entity.
this is an attack carried out against parties on behalf of other presumably trusted parties.
these attacks involve the interruption and intrusion upon ongoing communications between trusted parties.
this is an apparently vulnerable system established to lure would be attackers in order to observe their activities and behaviors.
this can actively or passively monitor protocol traffic for features that indicate general platforms down to specific versions.
this is required for a successful MitM attack because both parties are unaware of the intermediary presence.
this occurs when an individual attampts to provide false info about their identity to gain access to a network or system.
a network setup to monitor attacker activity and determine how they are attempting to gain access to the network.
this type of network can assist in reducing the likelihood of a successful outcome stemming from a war driving attack.
this can create fear as it is very convincing, but can ultimately result in lowered productivity levels by deceiving people in work related ways.
these types of people are commonly considered the weakest links in security chains because they activate infectious attachments and download, flout usage policies, neglect security practices etc.