Upgrade to remove ads
Computer Security and Reliability
CCNA Cyber Ops
Get Quizlet's official CCNA - 1 term, 1 practice question, 1 full practice test
Terms in this set (61)
mechanism that is used for data integrity assurance. Based on a one-way mathematical function: functions that are relatively easy to compute, but significantly difficult to reverse. Grinding coffee is a good example of a one-way function: It is easy to grind coffee beans, but it is almost impossible to put back all the tiny pieces together to rebuild the original beans.
Uses the same key to encrypt and decrypt data. Quite fast, used in VPN. Key management is a challenge.
Examples of this are: DES, 3DES, AES, AC4
utilize a pair of keys for encryption and decryption. The paired keys are intimately related and are generated together. Most commonly, an entity with a key pair will share one of the keys (the public key) and it will keep the other key in complete secrecy (the private key). The private key cannot, in any reasonable amount of time, be calculated from the public key. Data that is encrypted with the private key requires the public key to decrypt. Conversely, data that is encrypted with the public key requires the private key to decrypt. Asymmetric encryption is also known as public key encryption.
Examples: RSA, DSA, ELGAMAL, and elliptic curve algorithms
one-way function that makes it easy to compute a hash from the given input data, but makes it unfeasible to compute the original input data that are given only a hash. Essentially a complex sequence of simple binary operations, such as XORs and rotations, that is performed on input data and produces a 128-bit digest. MD5 was originally thought to be collision-resistant, but has been shown to have collision vulnerabilities.
takes a message of up to 264 bits in length and produces a 160-bit message digest. The algorithm is slightly slower than MD5, but the larger message digest makes it more secure against brute-force collision and inversion attacks.
is a set of cryptographic hash functions designed by the National Security Agency (NSA)
consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
a symmetric-key algorithm for the encryption of electronic data. Although now considered insecure, it was highly influential in the advancement of modern cryptography.
is a symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
an iterated block cipher, which means that the initial input block and cipher key undergo multiple transformation cycles before producing output. AES specifically uses keys with a length of 128, 192, or 256 bits to encrypt 128-bit blocks
Faster than DES and 3DES
symmetrical encryption algorithm that has become ubiquitous, due to the acceptance of the algorithm by the U.S. and Canadian governments as standards for encrypting transited data and data at rest. Because of the length of the key (256 bits) and the number of hashes (14), it takes a murderously long time for a malware hacker to perform a dictionary attack.
is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. This asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem
is a Federal Information Processing Standard for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS) and adopted as FIPS 186 in 1993.
is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.
are cryptographic protocols that provide communications security over a computer network.
Cryptographic keys are exchanged between two parties, allowing the use of a cryptographic algorithm
public-key cryptography standards devised and published by RSA Security Inc, starting in the early 1990s. The company published the standards to promote the use of the cryptography techniques to which they had patents, such as the RSA algorithm, the Schnorr signature algorithm, and several others.
RSA cryptographic standard
Diffie-Hellman key exchange
This is a format that can be used by a CA as a response to a PKCS #10 request. The response itself will very likely be the identity certificate (or certificates) that had been previously requested.
This is a format of a certificate request sent to a CA that wants to receive its identity certificate. This type of request would include the public key for the entity desiring a certificate.
A format for storing both public and private keys using a symmetric password-based key to "unlock" the data whenever the key needs to be used or accessed.
function of the likelihood of a given threat source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization
the potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.
the weakness that makes the resource susceptible to the threat. An attack surface is the total sum of the vulnerabilities in a given system that is accessible to an attacker. The attack surface describes different points where an attacker could get into a system, and where they could get data out of the system.
a method of leveraging a vulnerability to do harm
the application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
assessing the probabilities and consequences of risk events if they are realized. The results of this assessment are then used to prioritize risks to establish a most-to-least-critical importance ranking. Ranking risks in terms of their criticality or importance provides insights to the project's management on where resources may be needed to manage or mitigate the realization of high probability/high consequence risk events.
Discretionary access control
Uses an ACL to decide which users or group of users have access to the information. The owner of information is able to change the ACL permissions at his or her discretion
Mandatory access control
Secures information by assigning sensitivity (security level) labels on information and comparing it to the level of sensitivity a user is operating at. Usually appropriate for extremely secure systems including military applications or mission critical applications.
Nondiscretionary access control
Access decisions are based on an individual's roles and responsibilities within the organization, also known as RBAC.
provides real-time analysis of security alerts generated by network hardware and applications. In log collection, the events from the assets on the network, such as servers, switches, routers, storage arrays, operating systems, and firewalls are saved to a location for further analysis.
○ comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.). Log Management generally covers:
○ Log collection
○ Centralized log aggregation
○ Long-term log storage and retention
○ Log rotation
○ Log analysis (in real-time and in bulk after storage)
○ Log search and reporting.
the "cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities", especially in software and firmware. Vulnerability management is integral to computer security and network security.
an instance of an executing program
basic unit the operating system allocates processor time to. Can execute any part of the process code, including parts currently being executed by another thread
central hierarchical database in which Microsoft Windows stores information that is necessary to configure the system for one or more users, applications, and hardware devices
History of USB storage devices
Stores data that is associated with the currently logged in user.
Stores information about all the user accounts on the host.
Stores information about file associations and object linking and embedding (OLE) registrations.
Stores system-related information
Stores information about the current hardware profile.
WMI(Windows Management Instrumentation)
the infrastructure for management data and operations on Windows-based operating systems
provides the process with access to a specific kernel level resource.
used to examine or modify the system resource
a new process with a new PID is created. The process that made the fork call is the parent process and the new process is the child process. The child process starts as a duplicate of the parent process, with some significant status changes. Both processes receive a value from the fork call. The parent process receives the PID of the child process while the child process receives the value 0. The two processes can determine which is which by the return value of the fork call.
file that contains a reference to another file or directory.
a computer program that runs as a background process, rather than being under the direct control of an interactive user.
will have an associated process identification number (PID).
Parent is usually the init process
Denial of service
the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Distributed denial of service
cyber attack where the perpetrator uses more than one, often thousands of, unique IP addresses
Man in the middle
an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
an attack in which the goal is the execution of arbitrary commands on the host operating system via a vulnerable application. These attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.
Encryption and tunneling
the IPS sensor captures the data but is unable to decrypt it and cannot perform meaningful analysis, which is assuming the attacker has already established an encrypted connection with the target, for example a site-to-site VPN tunnel.
Attackers can also try to avoid detection by tunneling their traffic over a protocol that is normally permitted and may not be inspected, for example, tunneling the attack traffic inside DNS or HTTP.
The attacker sends lots of fake traffic to produce noise. If the IPS sensor is too busy to analyze the noise traffic, the true attack traffic may go undetected. For example, attack tools can be used to create a tremendous number of false IPS alerts that consume the resources of the IPS sensor and prevent attacks from being detected.
Reordering the fragments, hoping the network IPS sensor does not correctly reorder the fragments
Because most IPS sensors perform fragment reassembly, the next step of the attacker could be to fragment IP traffic in a manner that is not uniquely interpreted, causing the IPS sensor to interpret it differently from the target, which interprets it in a way that compromises the target
the offset values in the IP header do not match up as they should; therefore, one fragment overlaps another. Different operating systems manage this situation differently, and the IPS sensor may not know how the target system will reassemble these packets
misinterpret the end-to-end meaning of network protocols and see traffic differently from the target. Therefore, the IPS sensor will either ignore traffic that should not be ignored or vice versa.
Traffic substitution and insertion
by substituting the payload data with other data in a different format but with the same meaning. If the IPS sensor does not recognize the true meaning of data, and only looks for data in a particular format, the IPS sensor may miss such malicious payloads.
Example of session data
Examples of transaction data
OS Login data, SMTP command data, HTTP header/request info
Example of Statistical data
data is processed and a graph is produced that shows the average number of connections per minute to the web server graphed over the last month, then the graph is considered statistical data. Statistical data is used to formulate baselines. Baselines document the aggregate normal patterns and their trends. Comparing actual traffic patterns to the baseline patterns can reveal anomalous behavior.
Judgments made by tools that inspect network traffic. Typically the result of finely-tuned signatures matching against packet content, and similar in nature to transaction data. This information, rather than being for logging purposes is intended to indicate discrete events which might be attacks.
IDS or IPS
THIS SET IS OFTEN IN FOLDERS WITH...
CCNA Cyber Ops Practice Questions
CCNA Cyber Ops - Crypto
CCNA Cyber Ops General
CCNA Cyber Ops Practice Questions
YOU MIGHT ALSO LIKE...
CH3 Network security
ch5 net sec
IS 577-01 Chapter 3
OTHER QUIZLET SETS
Ex Phys Exam 2
CH 3 Food as Medicine
HPS Sem 1 Exam Flashcards