Study sets, textbooks, questions
Upgrade to remove ads
Chapter 4 - Network Security Threats and Issues
Get Quizlet's official A+ Core 2 - 1 term, 1 practice question, 1 full practice test
Terms in this set (95)
Unwanted and often unsolicited messages. _____ is not technically malicious software, but it can have a serious negative effect on IT infrastructures through sheer volume. Estimates vary, but it may represents up to 95 percent of all e-mail.
A closely monitored system that usually contains a large number of files that appears to be valuable or sensitive, and serves as a trap for hackers. A ___________ distracts hackers from real targets, detects new exploitations, and learns the identities of hackers.
A new, inexperienced, or ignorant hacker who uses pre-built attack tools and scripts instead of writing his or her own or customizing existing ones. Even though a derogatory term in the hacker community, "script kiddie" still describes a serious threat to network security.
The craft of manipulating people into performing tasks or releasing information that violates security. Social engineering relies on telling convincing lies to manipulate people or take advantage of the victim's desire to be helpful.
A form of security defense that focuses on discouraging a perpetrator with disincentives such as physical harm, social disgrace, or legal consequences. A deterrent can also be a defense that is complex or difficult to overcome, such as strong encryption, multifactor authentication,
or stateful inspection filtering.
A worker who feels wronged by his or her employer and who may take malicious, unethical, potentially illegal actions to exact revenge on the organization.
An outsider brought into an organization to work on a temporary basis. Contracted workers can be consultants, temporary workers, seasonal workers, contractors, or even day-laborers. Contracted workers potentially represent a greater risk than regular, full-time regular employees because they might lack loyalty, not see the company as worthy of protection, might not be accountable after a project ends, and so on.
Someone who enjoys exploring and learning about computer technology but may put an organization's network at risk by bringing in unapproved software, experimenting on the network, or just trying an exploit to "see if it works."
A person who takes advantages of unique or abnormal situations to perform malicious actions, but who would not initiate such actions otherwise.
A criminal whose objective is to compromise IT infrastructures. Whether operating as individuals, offering mercenary hacking services, or functioning as members of a criminal ring, professional hackers focus time and energy on becoming effective cyber attackers. A professional hacker is someone who contracts out his or her hacking skills to others.
The act of learning as much as possible about a target before attempting attacks. Reconnaissance consists of collecting data about the target from multiple sources online and offline. Effective reconnaissance is done covertly, without tipping off the target about the research. Reconnaissance can also be called footprinting, discovery, research, and information gathering.
The act of probing a network using custom crafted packets. Scanning can determine the IP addresses in use and whether ports are open or closed. The tool nmap can be used to perform scanning.
The process of discovering sufficient details about a potential target to learn about network or system vulnerabilities. Enumeration often starts with operating system identification, followed by application identification, then extraction of information from discovered services.
The act of researching and uncovering information about a potential attack target. Also known as reconnaissance.
Persistent public messaging forums accessed over the NNTP (Network News Transfer Protocol). USENET has existed since 1980. Although the Web, e-mail, and BitTorrent are more widely known, USENET is still in use today.
A contraction of the words "web" and "log," it is a form of Web site where the site owner posts messages, images, and videos for the public to view and potentially comment on. Blogs are commonly a platform for discussing issues, causes, or interests.
A tool used to view domain registration information. Whois is a command line function of Linux and Unix, but is also a tool on most domain registrar Web sites.
The information related to the owners and managers of a domain name accessed through domain registrar's Web sites and whois lookups. A domain registration might include a physical address, people's names, e-mail addresses, and phone numbers. This information is useful
in waging social engineering attacks.
A method of discovering active modems by dialing a range of phone numbers.
A method of discovering wireless networks by moving around a geographic area with a detection device.
A network scan that sends ICMP type 8 echo requests to a range of IP addresses to obtain ICMP type 0 echo responses. A ping sweep can discover active systems and identify the IP addresses in use.
A network scan that sends various constructions of TCP or UDP packets to determine the open or closed state of a port. Tools such as nmap are used to perform port scanning.
A network mapping tool that performs network scanning, port scanning, OS identification, and other types of network probing. Nmap is avail- able at http://www.insecure.org/.
The act of capturing or extracting banners from services. Hackers often perform banner grabbing after port scanning to learn what service is active on a port.
A message sent by a service in response to a valid or invalid query. A banner can confirm communication is functioning properly or announce an error. Some banners disclose the product name and version number of the service.
The MITRE Corporation is a not-for-profit organization chartered to work in the public interest. It sponsors a vulnerability research, cataloging, and information organization: http://cve.mitre.org/.
National Institute of Standards and Technology (NIST)
NIST is a non-regulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. As part of
its mission, the NIST performs vulnerability research, cataloging, and information distribution: http://nvd.nist.gov/.
Advanced persistent threat (APT)
A network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The purpose of such an attack is to steal data, not to damage the network or organization. Sectors with high-value information, such as national defense, manufacturing, and the financial industry, are commonly the target of such attacks.
The content of an exploit to be executed on or against a target system.
A software interface with a system that allows code execution. A command shell is often the focus of an attack. If a hacker gains access to a command shell, he or she can perform arbitrary code execution. Also known as a terminal window or a command prompt. For example, in Windows, the command shell prompt is usually "C:\>".
A condition in which a memory buffer exceeds its capacity and extends its contents into adjacent memory. Often used as an attack against poor programming techniques or poor software quality control. Hackers can inject more data into a memory buffer than it can hold, which may result in the additional data overflowing into the next area of memory. If the overflow extends to the next memory segment designated for code execution, a skilled attacker can insert arbitrary code that will execute with the same privileges as the current program. Improperly formatted overflow data may also result in a system crash.
The act of obtaining a higher level of privilege or access for a user account or a session. A tactic employed by hackers once they intrude into a network through the compromise of a normal user account.
Malware that records all keyboard input and transmits the keystroke log to a hacker.
A leetspeak word derived from a common IRC typo of "owned." Used to mean hacking and taking over control of a computer or network.
A somewhat secret form of communication or language hackers use based on replacing letters with numbers, symbols, or other letters that somewhat resemble the original characters. For example, "elite" becomes "eleet," and then becomes "31337."
When a hacker is able to take over a connection after a client has authenticated with a server. To perform this attack, a hacker must eavesdrop on the session to learn details, such as the addresses of the session endpoints and the sequencing numbers. With this information, the hacker can desynchronize the client, take on the client's addresses, and then inject crafted packets into the data stream. If the server accepts the initial false packets as valid, then the session has been hijacked.
A form of Web site/application attack in which a hacker submits SQL expressions to cause authentication bypass, extraction of data, planting of information, or access to a command shell.
Redundant array of independent disks (RAID)
A disk set management technology that gains speed and fault tolerance. RAID can provide some protection against hard drive failure, but does not protect against software or data compromises, such as virus infection.
Mean time of failure (MTTF)
A rating on some hardware devices expressing the average length of time until the first significant failure is likely to happen.
Mean time between failures (MTBF)
A rating on some hardware devices expressing the average length of time between significant failures.
The slow movement of a chip out of its socket or solder points because of expansion and contraction caused by extreme temperature fluctuations.
Static electricity discharge (SED)
A sudden and momentary electric current, usually of high voltage and low amperage, that flows between two objects. Commonly caused by low humidity environments. Humans, polyester, and plastics are prone to static build-up. SED can damage most computer components.
Intentional electromagnetic interference (IEMI)
The result of an intentional discharge made to damage or destroy electronic equipment ranging from cell phones to computers and servers.
Malware that needs a host object to infect. Most ______ infect files, such as executables, device drivers, DDLs, system files, and sometimes even document, audio, video, and image files. Some _______ infect the boot sector of a storage device, including hard drives, floppies, optical discs, and USB drives. _____ are spread through the actions of users, and spread file-to-file (compare to worms).
Malware that does not need a host object; instead, a worm is a self-sustaining program in its own right. Worms are designed around specific system flaws. The worm scans other systems for this flaw and exploits the flaw to gain access to another victim. Once hosted on another system, the worm seeks to spread itself by repeating the process. Worms can act as carriers to deposit other forms of malicious code as they multiply and spread across networked hosts.
A mechanism of distribution or delivery more than a specific type of malware. The Trojan horse embeds a malicious payload within a seemingly benign carrier or host program. When the host program is executed or otherwise accessed, the malware is delivered. The gimmick of a Trojan horse is the act of fooling someone (a type of social engineering attack) into accepting the Trojan program as safe.
An advancement of keystroke logging to monitor and record many other user activities. Spyware varies greatly, but it can collect a list of applications launched, URLs visited, e-mail sent and received, chats sent and received, and names of all files opened. It can also record network activity, gather periodic screen captures, and even recording from a microphone or Web cam. Can be linked with adware.
Unwanted software that displays advertisements. Often linked with spyware.
A form of malware that hackers can upload and deploy on a target system. It often replaces multiple components of the host operating system with altered code.
Malware that acts like an electronic land mine. Once a hacker places a logic bomb in a system, it remains dormant until a triggering event takes place. The trigger can be a specific time and date, the launching of a program, the typing of
a specific keyword, or accessing a specific URL. Once the trigger occurs, the logic bomb springs its malicious event on the unsuspecting use.
A form of unauthorized access to a system. A trapdoor is any access method or pathway that circumvents access or authentication mechanisms. Also known as a backdoor.
Unauthorized access to a system. A ________ is any access method or pathway that circumvents access or authentication mechanisms.
A rogue program that automatically dials a modem to a pre-defined number. Sometimes this is to auto-download additional malware to the victim or to upload stolen data from the victim. In other cases, the dialer calls premium rate telephone numbers to rack up massive long distance charges.
Malware that replaces URLs in HTTP GET requests for alternative addresses. These injected URLs cause a different Web page to appear in the browser than the one requested by the user's request. These replaced Web pages could be advertisement sites, generate traffic to falsify search engine optimization (SEO), or lead to fake or spoofed sites.
A subdivision of computer storage medium that represents a fixed size of user-accessible data. Magnetic disks typically have 512-byte sectors; optical disks have 2,048-byte sectors. When a device is formatted, sectors are grouped into clusters.
A tool used to create Trojan horses by embedding malware inside of a host file or program.
Instant message (IM)
A form of near real-time text communication. Also known as chat, IRC, and SMS messaging.
An attack, usually resulting in a DoS, in which hackers direct massive amounts of traffic toward a target to fully consume available band- width or processing capabilities.
An attack that seeks to obtain information from a victim by presenting false credentials or luring victims to an attack site. Phishing can occur face to face, over the phone, via e-mail,
on a Web site, or through IM.
A form of software transmitted to and executed on a client. Hackers can use mobile code for malicious purposes.
Politically or socially motivated hacking, seen by activists as a form of civil disobedience in the interest of free speech and human rights, but seen by its opponents as a form of cyberterrorism.
Return on investment (ROI)
A business evaluation technique to determine whether an investment will earn back equivalent or greater benefit within a specific time.
Playback attacks (or Replay attacks)
This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on to the network at a later time. Replay attacks often focus on authen- tication traffic in the hope that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access.
An exploit-based on the introduction of unauthorized content or devices to an otherwise secured infrastructure. Three common insertion-based attacks include SQL injection, IDS insertion, and rogue devices.
An attack that exploits the nature of a network-focused IDS to collect and analyze every packet to trick the IDS into thinking an attack took place when it actually hasn't. The common purpose of IDS injection attacks is to trick signature or pattern matching detection of malicious network events.
A character that has a special meaning assigned to it and recognized as part of a scripting or programming language. Metacharacters should be filtered, escaped, or blocked to prevent script injection attacks. Escaping metacharacters is a programmatic tactic to treat
all characters as basic ASCII rather than as some- thing with special meaning or purpose.
Maximum transmission unit (MTU)
The largest amount of data that a datagram can hold based on the limitations of the networking devices managing a given segment. As an MTU changes across a communication path, a datagram may be fragmented to comply with the MTU restriction.
Arbitrary code execution
An exploit that allows a hacker to run any command line function on a compromised system. Buffer overflow attacks and SQL injection attacks can often allow arbitrary code execution.
Cross-site scripting (XSS)
The malicious insertion of scripting code onto a vulnerable Web site. The results of an XSS attack can include the corruption of the data on the Web site or identity theft of the site's visitors.
Any attack that positions the attacker inline with a session between a client and server. Such attacks typically allow the hacker to eavesdrop and manipulate the contents of the session. Also known as a man-in-the-middle attack.
See man-in-the-middle attack.
Another term for man-in-the-middle attack.
The falsification of ARP replies to trick the requestor into sending frames to a system other than its intended destination.
The act of a hacker changing the MAC address of their network interface. Commonly used to bypass MAC filtering on a wireless access point by impersonating a valid client.
A network service that resolves fully qualified domain names (FQDNs) into their corresponding IP address. DNS is an essential service of most networks and their directory services.
Non-authenticating query service
Any communication exchange that does not verify the identity of the endpoints of a communication and accepts any properly formed response as valid. DNS and ARP are common examples. Hackers can easily spoof such a service.
An announcement message sent to hosts to adjust the routing table. ICMP type 5 messages are known as redirects. Hackers can use ICMP redirects to perform man-in-the-middle or session hijacking attacks.
An attack in which a hacker modifies the proxy settings on a client to redirect traffic to another system, such as the hacker's own machine. The hacker may host a proxy server in addition to eavesdropping and manipulating the redirected traffic.
Rogue access point
An access point set up and configured by a hacker to fool users into connecting with it. The hacker may then use the connection to carry out an attack such as a man-in-the-middle attack.
Alternate data streams(ADS)
A feature added to the NTFS file system to support files from POSIX, OS/2, and Macintosh. ADS supports multiple resource forks for file objects. Hackers use ADS to hide files.
A variant of the UNIX operating system. Supported by Windows NT 4.0, but not in any subsequent version of Windows. POSIX used the ADS feature of NTFS.
A multi-tasking operating system developed jointly by Microsoft and IBM. First released in 1987, it lost nearly its entire market share to Windows after the two companies ceased collaboration in 1990. IBM discontinued support in 2006.
Hierarchical file system (HFS)
A storage device file system developed by Apple Inc. for use on Macintosh computers. HFS supports multiple resource forks for file objects.
An unknown, secret pathway of communication. Covert channels can be timing or storage-based.
The area on a storage device not contained within a partition. Unpartitioned space is not directly accessible by the OS.
New technology file system (NTFS)
A file format developed by Microsoft commonly used on Windows systems. NTFS offers file security, large volume size, large file size, and alternate data streams (ADS).
The unused portion of the last cluster allocated to a stored file. It may contain remnants of prior files stored in that location. Hackers can hijack slack space to create hidden storage compartments.
A logical division of a hard drive that can be formatted with a file system.
A logical division of data composed of one or more sectors on a hard drive. A cluster is the smallest addressable unit of drive storage, usually 512, 1,024, 2,048, or 4,096 bytes, depending on the logical volume size.
Flaw exploitation attacks
A form of DoS that uses a software specific exploit to cause the interruption of availability. Once you apply the appropriate patch, the system is no longer vulnerable to this particular exploit.
The management of traffic by a firewall or other filtering device located one or more hops away (upstream) from a private network.
Internet relay chat (IRC)
A real-time text communication system. Hackers commonly use IRC as a way to communicate anonymously and control botnets.
Botnet army (or zombie army)
A network of zombie/bot/agent- compromised systems controlled by a hacker. The network consists of the bots, agents, or zombies that intercommunicate over the Internet. Another term for zombie.
A type of reconnaissance in which an attacker examines an organization's trash or other discarded items to learn internal or private information. The results of dumpster diving are often used to wage social engineering attacks.
A tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack. A cold call presupposes little or no knowledge of the person answering the phone. It requires the caller to be able to pick up on vocal and word clues, be knowledgeable about human nature, and adapt quickly to changes in conversation.
Which statement best describes the difference between social media providers and social media sponsors?
When US represents an American client in a foreign place, they must fil out the FARA .
Downloading free gaming software to a flash drive on a library computer is...
The encryption method based on the idea of using a shared key for encryption and decryption of data is
Sets found in the same folder
Chapter 1, 2 and 3 exam Network Security, Firewall…
ITN 263 Midterm
CISS 3355 MIDTERM
Sets with similar terms
I2Cyber - Chapter 2
ISSA Chapter 3
Security Chapter 2
Types of Attacks - Threats and Vulnerabi…
Other sets by this creator
Chapter 8: Security
Chapter 5 Network Layer: Control Plane
Chapter 4: Network Layer: Data Plane
IS 450 Exam 2 (ch. 4-5)
Other Quizlet sets
Topic 11: Animal Physiology IB Bio
Sport and Recreation Management Test 1
1. Microbiology basics
A prominent sociologist who studies martial relationships says that he can predict with 95 percent accuracy whether a newly married couple will fail or succeed in their marriage. He has newlyweds attend a retreat and perform a series of tasks, videotaping each couple’s interaction as they work on projects together. At the end of the weekend, he tells the couples what he observed and what it could mean for the future of their marriages. Remember, his accuracy rating is 95 percent. a. What do you think he looks for while he watches couple’s interactions? b. Do you believe his approach is ethical? c. If you had the opportunity as a newlywed, would you attend this retreat?
Explain why such reforms as open classrooms and integrative learning are characterized as more democratic than the traditional or bureaucratic approach.
What was Weber’s contribution to the sociological study or religion?
Some people believe that in the future the nuclear family will be a reality for only a minority of Americans. Do you agree or disagree? Explain.