Security Plus

STUDY
PLAY

Terms in this set (...)

Confidentiality
Term for ensuring that only authorized parties can view the information.
Availability
Term for ensuring that data is accessible to authorized users.
Asset
What is defined as something that has a value.
Risk
Term for the likelihood that a threat agent will exploit a vulnerability
Cybercrime
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information.
Cyber-terrorists
Attackers motivation based on ideology, or attacking for the sake of their principles or beliefs.
Information Assurance (IA)
Superset of information security including security issues that do not involve computers known as.
CompTIA Security +
Certification is required by many organizations to verify security competency.
Logic Bomb
Computer program or a part of a program that lies dormant until it is triggered by a specific logical event.
Once triggered, the program can perform any number of malicious activities.
Computer Virus
Program that secretly attaches itself to a legitimate "carrier" such as a document or program, and then executes when that document is opened or program is launched.
Rootkit
Set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and then hide all traces of its existence.
Privilege escalation
Exploiting a vulnerability in software to gain access to resources that user would normally be restricted from obtaining.
Storage Area Network (SAN)
Specialized high-speed network for attaching servers to storage devices.
Can be shared between servers and can be local or extended over geographical distances.
Network Attached Storage (NAS)
Another type of network storage.
Single, dedicated hard disk-based file storage device that provides centralized and consolidated disk storage available to LAN users through a standard network connection.
Spyware
General term used for describing software that imposes upon a user's privacy or security.
Adware
Software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Key-logger
Small hardware device or a program that monitors each keystroke a user types on the computer's keyboard.
Virtualization
Managing and presenting computer resources by function without regard to their physical layout or location
Data Execution Prevention (DEP)
Most modern CPU's support an NC(No Execute) bit to designate a part of memory for containing only data.
Will not allow code in the memory area to be executed.
Windows vista allows software developers to enable NX hardware protection specifically for the application software that they develop.
Address Space Layout Randomization (ASLR)
Randomly assigns executable operating system code to one of 256 possible locations in memory.
This makes it harder for an attacker to locate and take advantage of any functionality inside these executables.
Most effective when it is used in conjunction with DEP
Service Pack
Defined as a cumulative package of all security updates plus additional features.
Butter Overflow
Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage buffer.
Security Policy
Document or series of documents that clearly defines the defense mechanisms an organization will employ in order to keep information secure.
Configuration baseline
Given to operating system configuration settings that will be used for each computer in the organization.
Cookies
Computer files that contain user specific information. Types are First-party, Third-party.
Java
A complete object-oriented programming language created by Sun Microsystems
Can be used to create standalone applications
Unsigned Java applet: program that does not come from a trusted source
Signed Java applet: has information proving the program is from a trusted source and has not been altered
ActiveX
Set of technologies developed by Microsoft
Not a programming language but a set of rules for how applications should share information
Also called add-ons or ActiveX applications
Represent a specific way of implementing ActiveX
Can perform many of the same functions of a Java applet, but do not run in a sandbox
Cross Site Scripting (XSS)
An attack in which malicious code is inserted into a specific type of dynamic Web page
Typically involves using client-side scripts written in JavaScript or ActiveX
Designed to extract information from the victim and then pass the information to the attacker
Host Intrusion Detection Systems (HIDS)
Attempt to monitor and possibly prevent attempts to intrude into a system and network resources
HIDS are software-based and run on a local computer
These systems can be divided into four groups:
File system monitors
Logfile analyzers
Connection analyzers
Kernel analyzers
Torrents
What are active Internet connections that download a specific file that is available through a tracker?
SQL injection
Which attack, much like XSS, hinges on an attacker being able to enter an SQL database query into a dynamic Web page?
firewall
Which security option (sometimes called a packet filter), is designed to prevent malicious packets from entering or leaving computers
kernel
Which part of the operating system is responsible for managing the system resources
Switch flooding
an attacker overloads a switch's MAC table causing it to "act like a hub
MAC address impersonation
the attacker "spoofs" the MAC address of a legitimate client
Fake network Redirect
an attacker makes a client system believe that to send a packet to a remote client it has to be sent through the attacker's machine
Router advertisements
an attacker pretends to be a router sending router advertisements to the network
Fake device redirect
an attacker pretends to be a valid network device and sends a device redirect to the switch
Default account
A user account on a device that is created automatically by the device instead of by an administrator
Used to make the initial setup and installation of the device (often by outside personnel) easier
Back door
An account that is secretly set up without the administrator's knowledge or permission, that cannot be easily detected, and that allows for remote access to the device
Privilege escalation
It is possible to exploit a vulnerability in the network device's software to gain access to resources that the user would normally be restricted from obtaining
Denial of service (DoS) attack
Attempts to consume network resources so that the network or its devices cannot respond to legitimate requests
Distributed denial of service (DDoS)
A variant of the DoS
May use hundreds or thousands of zombie computers in a botnet to flood a device with requests
Spoofing
is impersonation
Pretends to be someone or something else by presenting false information
Variety of different attacks use spoofing
Attacker may spoof her address so that her malicious actions would be attributed to a valid user
Attacker may spoof his network address with an address of a known and trusted host
Man-in-the-Middle
Intercepts legitimate communication and/or forges a fictitious response to the sender
Can be active or passive
Active attacks intercept and alter the contents before they are sent on to the recipient
Replay
Similar to a passive man-in-the-middle attack
Captured data is used at a later time
A simple replay would involve the man-in-the-middle capturing login credentials between the computer and the server
Domain Name System (DNS)
is the basis for name resolution to IP addresses today
DNS poisoning
Substitute a fraudulent IP address so that when a user enters a symbolic name, she is directed to the fraudulent computer site
Address Resolution Protocol (ARP)
Used by TCP/IP on an Ethernet network to find the MAC address of another device
The IP address and the corresponding MAC address are stored in an ARP cache for future reference
TCP/IP hijacking
Takes advantage of a weakness in the TCP/IP protocol
The TCP header consists of two 32-bit fields that are used as packet counters
Updated as packets are sent and received between devices
Packets may arrive out of order
Receiving device will drop any packets with lower sequence numbers
Bluetooth
A wireless technology that uses short-range RF transmissions
Provides for rapid "on the fly" and ad hoc connections between devices
The IEEE 802.15.1 standard was adapted and expanded from the existing Bluetooth standard
Bluesnarfing
The unauthorized access of information from a wireless device through a Bluetooth connection
Allows an attacker to access e-mails, calendars, contact lists, and cell phone pictures and videos
By simply connecting to that Bluetooth device without the owner's knowledge or permission
Blue jacking
Sending unsolicited messages from Bluetooth to Bluetooth-enabled devices
Null sessions
Unauthenticated connections to a Microsoft Windows 2000 or Windows NT computer that do not require a username or a password
Could allow an attacker to connect to open a channel over which he could gather information about the device
Demilitarized Zone (DMZ)
A separate network that sits outside the secure network perimeter (can be created using 1 or 2 firewalls)
Outside users can access the DMZ but cannot enter the secure network
Bastion Host
An exposed server that provides public access to a critical service, such as email or web server, may be configured to isolate it from an organization's network and to report attack attempts to the administrator
Network Address Translation (NAT)
Hides the IP addresses of network devices from attackers
1 to 1 implementation Public to Private
Port address translation (PAT)
A variation of NAT
Each packet is given the same IP address but a different TCP port number
Network Access Control (NAC)
Examines the current state of a system or network device before it is allowed to connect to the network
Any device that does not meet a specified set of criteria is only allowed to connect to a "quarantine" network where the security deficiencies are corrected
Proxy server
A computer system (or an application program) that intercepts internal user requests and then processes that request on behalf of the user
Goal is to hide the IP address of client systems inside the secure network
Network intrusion detection system (NIDS)
Watches for attempts to penetrate a network
NIDS work on the principle of comparing new behavior against normal or acceptable behavior
A NIDS looks for suspicious patterns
Honeypot
Three primary purposes of a honeypot:
Deflect attention
Early warnings of new attacks
Examine attacker techniques
Intrusion prevention system (IPS)
Finds malicious traffic and deals with it immediately
A typical IPS response may be to block all incoming traffic on a specific port
Host intrusion prevention systems (HIPS)
Installed on each system that needs to be protected
Rely on agents installed directly on the system being protected
Work closely with the operating system, monitoring and intercepting requests in order to prevent attacks
Institute of Electrical and Electronics Engineers (IEEE)
The most widely known and influential organization for computer networking and wireless communications
In the early 1980s, the IEEE began work on developing computer network architecture standards
This work was called Project 802
Wired Equivalent Privacy (WEP)
Designed to ensure that only authorized parties can view transmitted wireless information
Uses RC4 encryption to protect traffic
Currently legacy
Wi-Fi Protected Access (WPA)
WPA had the design goal to protect both present and future wireless devices, addresses both wireless authentication and encryption
Preshared key (PSK)
Uses a passphrase to generate the encryption key
When using PSK, a key must be created and entered into both the access point and all wireless devices
Wi-Fi Protected Access 2 (WPA2)
Introduced by the Wi-Fi Alliance in September 2004
The second generation of WPA security
Still uses PSK authentication but instead of TKIP encryption it uses enhanced data encryption
Enterprise Wireless Security
The enterprise wireless security options can be divided into those that follow the IEEE 802.11i standard and those that follow the WPA and WPA2 models
IEEE 802.11i
The IEEE 802.11i wireless security standard
Addresses the two main weaknesses of wireless networks: encryption and authentication
Encryption is accomplished by replacing WEP's original PRNG RC4 algorithm
WPA2 Enterprise Security
Provides the highest level of secure authentication and encryption on a wireless LAN
Authentication used is IEEE 802.1x and the encryption is AES
IEEE 802.1x authentication provides the most robust authentication for a WPA2 enterprise model WLAN
Steganography
Hides the existence of the data
What appears to be a harmless image can contain hidden data embedded within the image
Can use image files, audio files, or even video files to contain hidden information
Secure Hash Algorithm (SHA)
A more secure hash than MD
A family of hashes
SHA-1
Patterned after MD4, but creates a hash that is 160 bits in length instead of 128 bits
SHA-2
Comprised of four variations, known as SHA-224, SHA-256, SHA-384, and SHA-512
Considered to be a secure hash
Whirlpool
A relatively recent cryptographic hash function
Has received international recognition and adoption by standards organizations
Creates a hash of 512 bits
NTLM (New Technology LAN Manager)
Most Linux systems use password-hashing algorithms such as MD5
Apple Mac OS X uses SHA-1 hashes
Cryptography
____ is the science of transforming information into an unintelligible form while it is being transmitted or stored so that unauthorized users cannot access it
steganography
Whereas cryptography scrambles a message so that it cannot be viewed, ____ hides the existence of the data.
encryption
...