Security+ Chapter 1 - 8 Review
Terms in this set (399)
Chief information security officer (CISO)
This person reports directly to the chief information officer (CIO) (large organizations may have more layers of management between this person and the CIO). This person is responsible for assessing, managing, and implementing security.
The security manager reports to the CISO and supervises technicians, administrators, and security staff. Typically, a security manager works on tasks identified by the CISO and resolves issues identified by technicians. This position requires an understanding of configuration and operation but not necessarily technical mastery.
The security administrator has both technical knowledge and managerial skills. A security administrator manages daily operations of security technology, and may analyze and design security solutions within a specific entity as well as identifying users' needs.
This position is generally an entry-level position for a person who has the necessary technical skills. Technicians provide technical support to configure security hardware, implement security software, and diagnose and troubleshoot problems.
is a specific and fail-safe solution that very quickly and easily solves a serious problem.
Universally connected devices
Attackers from anywhere in the world can send attacks.
Increased speed of attacks
Attackers can launch attacks against millions of computers within minutes.
Greater sophistication of attacks
Attack tools vary their behavior so the same attack appears differently each time.
Availability and simplicity of attack tools
Attacks are no longer limited to highly skilled attackers.
Faster detection of vulnerabilities
Weakness in hardware and software can be more quickly uncovered and exploited with new software tools and techniques. Attackers can discover security holes in hardware or software more quickly.
Delays in security updating
Vendors are overwhelmed trying to keep pace updating their products against the latest attacks.
Weak security update distribution
Many software products lack a means to distribute security updates in a timely fashion.
Attackers use thousands of computers in an attack against a single computer or network.
Introduction of BYOD (bring your own device)
Organizations are having difficulty providing security for a wide array of personal devices.
( BYOD - The practice of allowing users to use their own personal devices to connect to an organizational network.)
Users are required to make difficult security decisions with little or no instruction.
security may be defined as ___
the necessary steps to protect a person or property from harm.
This harm may come from one of two sources: either from a_____
direct action that is intended to inflict damage or from an indirect and unintentional action.
As security is increased convenience is often____
decreased That is, the more secure something is, the less convenient it may become to use (security is said to be "inversely proportional" to convenience).
The tasks of protecting the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures.
What are the 3 three protections that must be extended over information
confidentiality, integrity, and availability or CIA
It is important that only approved individuals are able to access important information. For example, the credit card number used to make an online purchase must be kept secure and not made available to other parties. Confidentiality ensures that only authorized parties can view the information. Providing confidentiality can involve several different security tools, ranging from software to "scramble" the credit card number stored on the web server to door locks to prevent access to those servers.
Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data. In the example of the online purchase, an attacker who could change the amount of a purchase from $10,000.00 to $1.00 would violate the integrity of the information.
Information has value if the authorized parties who are assured of its integrity can access the information. Availability ensures that data is accessible to authorized users. This means that the information cannot be "locked up" so tight that no one can access it.
In addition to CIA, another set of protections must be implemented to secure information. These are?
authentication, authorization, and accounting—or AAA
ensures that the individual is who she claims to be (the authentic or genuine person) and not an imposter. A person accessing the web server that contains a user's credit card number must prove that she is indeed who she claims to be and not a fraudulent attacker.
is providing permission or approval to specific technology resources. After a person has provided authentication she may have the authority to access the credit card number or enter a room that contains the web server, provided she has been given prior authorization.
Accounting provides tracking of events. This may include a record of who accessed the web server, from what location, and at what specific time.
Form the security around the data. May be as basic as door locks or as complicated as network security equipment.
Those who implement and properly use security products to protect data.
Policies and procedures
Plans and policies established by an organization to ensure that people correctly use the products.
Sometimes risk is illustrated by the calculation
Risk = Consequence × Vulnerability × Threat Likelihood
involves identifying the risk but making the decision to not engage in the activity.
simply means that the risk is acknowledged but no steps are taken to address it.
is the attempt to address the risks by making risk less serious.
Risk deterrence involves understanding something about the attacker and then informing him of the harm that may come his way if he attacks an asset.
Transferring the risk to a third party
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Under the Health Insurance Portability and Accountability Act (HIPAA), health care enterprises must guard protected health care information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
The Sarbanes-Oxley Act of 2002 (Sarbox)
As a reaction to a rash of corporate fraud, the Sarbanes-Oxley Act (Sarbox) is an attempt to fight corporate corruption. Sarbox covers the corporate officers, auditors, and attorneys of publicly traded companies. Stringent reporting requirements and internal controls on electronic financial reporting systems are required. Corporate officers who willfully and knowingly certify a false financial report can be fined up to $5 million and serve 20 years in prison.
The Gramm-Leach-Bliley Act (GLBA)
Like HIPAA, the Gramm-Leach-Bliley Act (GLBA) passed in 1999 protects private data. GLBA requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that all companies that process, store, or transmit credit card information must follow. PCI applies to any organization or merchant, regardless of its size or number of card transactions, that processes transactions either online or in person. The maximum penalty for not complying is $100,000 per month.
California's Database Security Breach Notification Act
The first state electronic privacy law, which covers any state agency, person, or company that does business in California.
A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence.
is often used to describe individuals who launch attacks against other users and their computers (another generic word is simply attackers).
Advanced Persistent Threat (APT)
Multiyear intrusion campaign that targets highly sensitive economic, proprietary, or national security information.
Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems.
Automated attack package that can be used without an
advanced knowledge of computers.
Employees, contractors, and business partners who can be responsible for an attack.
Attacker whose motivation may be defined as ideological, or attacking for the sake of principles or beliefs.
Attacker who attacks for ideological reasons that are generally not as well-defined as a cyberterrorist's motivation.
Attacker commissioned by governments to attack enemies' information systems.
Cyber Kill Chain®
A systematic outline of the steps of a cyberattack, introduced at Lockheed Martin in 2011.
The first step in an attack is to probe for any information about the system: the type of hardware used, version of operating system software, and even personal information about the users.
The attacker creates an exploit (like a virus) and packages it into a deliverable payload (like a Microsoft Excel spreadsheet) that can be used against the target.
At this step the weapon is transmitted to the target, such as by an email attachment or through an infected web server.
After the weapon is delivered to the victim, the exploitation stage triggers the intruders' exploit. Generally the exploitation targets an application or operating system vulnerability, but it also could involve tricking the user into taking a specific action.
At this step the weapon is installed to either attack the computer or install a remote "backdoor" so the attacker can access the system.
Command and Control
Many times the compromised system connects back to the attacker so that the system can be remotely controlled by the attacker and receive future instructions.
Actions on Objectives
Now the attackers can start to take actions to achieve their original objectives, such as stealing user passwords or launching attacks against other computers.
Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information.
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
A virus that goes to great lengths in order to avoid detection.
Software code that gives access to a program or a service that circumvents
normal security protections.
An attacker who controls a botnet.
A logical computer network of zombies under the control of an attacker.
command and control (C&C or C2)
The structure by which a bot herder gives instructions to zombies in a botnet.
computer virus (virus)
Malicious computer code that, like its biological counterpart, reproduces itself on the same computer.
The act of digging through trash receptacles to find information that can be useful in an attack.
A false warning designed to trick users into changing security settings on their computer.
A social engineering attack that involves masquerading as a real or fictitious character and then playing out the role of that person on a victim.
Software or a hardware device that captures and stores each keystroke that a user types on the computer's keyboard.
Computer code that lies dormant until it is triggered by a specific logical event.
A series of instructions that can be grouped together as a single command, often
used to automate a complex set of tasks or a repeated series of tasks.
A computer virus that is written in a script known as a macro.
Software that enters a computer system without the user's knowledge or consent
and then performs an unwanted and usually harmful action.
Malware that rewrites its own code and thus appears different each time it is executed
Malware that changes its internal code to one of a set number of predefined mutations whenever it is executed.
A phishing attack that automatically redirects the user to a fake site.
Sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
Malware code that completely changes from its original form whenever it is executed.
A computer virus that infects executable program files.
Malware that prevents a user's device from properly operating until a fee
A set of software tools used by an attacker to hide the actions or presence of other types of malicious software.
Watching an authorized user enter a security code on a keypad.
A means of gathering information for an attack by relying on the weaknesses of individuals.
A phishing attack that targets only specific users.
A variation of spam, which targets instant messaging users instead of email users.
A general term used to describe software that spies on users by gathering information without consent.
When an unauthorized individual enters a restricted-access building by following an authorized user.
Trojan horse (Trojan)
An executable program that is advertised as performing one activity but which actually performs a malicious activity.
Redirecting a user to a fictitious website based on a misspelling of the URL. Also called URL hijacking.
Redirecting a user to a fictitious website based on a misspelling of the URL. Also called typo squatting.
A phishing attack uses telephone calls instead of emails.
watering hole attack
A malicious attack that is directed toward a small group of specific
individuals who visit the same website.
A phishing attack that targets only wealthy individuals.
A malicious program designed to enter a computer via a network to take advantage of a vulnerability in an application or an operating system.
An infected computer that is under the remote control of an attacker.
Some malware has as its primary trait spreading rapidly to other systems in order to impact a large number of users. Malware can circulate through a variety of means: by using the network to which all the devices are connected, through USB flash drives that are shared among users, or by sending the malware as an email attachment. Malware can be circulated automatically or it may require an action by the user.
Once the malware reaches a system through circulation, then it must "infect" or embed itself into that system. The malware might run only one time and then store itself in the computer's memory, or it might remain on the system and be launched an infinite number of times through an auto-run feature. Some malware attaches itself to a benign program while other malware functions as a stand-alone process.
Some malware has as its primary trait avoiding detection by concealing its presence from scanners. Polymorphic malware attempts to avoid detection by changing itself, while other malware can embed itself within existing processes or modify the underlying host operating system.
When payload capabilities are the primary focus of malware, the focus is on what nefarious action(s) the malware performs.
an agent that reproduces inside a cell. When a cell is infected by a virus, the virus takes over the operation of that cell, converting it into a virtual factory to make more copies of it.
Swiss cheese infection
Instead of having a single "jump" instruction to the "plain" virus code, some armored viruses perform two actions to make detection more difficult. First they "scramble" (encrypt) the virus code to make it more difficult to detect. Then they divide the engine to "unscramble" (decrypt) the virus code into different pieces and inject these pieces throughout the infected program code.
Instead of inserting pieces of the decryption engine throughout the program code, some viruses split the malicious code itself into several parts (along with one main body of code), and then these parts are placed at random positions throughout the program code.
A set of rules for how applications under the Microsoft Windows operating system should share information.
A specific way of implementing ActiveX that runs through the web browser and functions like a miniature application.
Program that provides additional functionality to web browsers. Also called extension.
Address Resolution Protocol (ARP)
Part of the TCP/IP protocol for determining the MAC address based on the IP address.
arbitrary/remote code execution
An attack that allows an attacker to run programs and execute commands on a different computer.
An attack that corrupts the ARP cache.
A file that is coupled to an email message and often carries malware.
buffer overflow attack
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data.
Injecting and executing commands to execute on a server.
A file on a local computer in which a web server stores user-specific information.
cross-site scripting (XSS)
An attack that injects scripts into a web application server to direct attacks at clients.
denial of service (DoS)
An attack that attempts to prevent a system from performing its normal functions by overwhelming the system with requests.
An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories.
distributed denial of service (DDoS)
An attack that uses many computers to perform a DoS attack.
An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.
Domain Name System (DNS)
A hierarchical name system for translating domain names to IP addresses.
what is Another name for add-on?
A cookie that is created from the website currently being viewed.
Another name for locally shared object (LSO).
A list of the mappings of host names to IP addresses.
Part of HTTP that is comprised of fields that contain the different
characteristics of the data that is being transmitted.
HTTP header manipulation
Modifying HTTP headers to create an attack.
integer overflow attack
An attack that is the result of an attacker changing the value of a variable to something outside the range that the programmer had intended.
Locally shared object (LSO)
A cookie that is significantly different in size and location from regular cookies, and can store more complex data. Also called Flash cookie.
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.
A utility that sends an ICMP echo request message to a host.
An attack that uses the Internet Control Message Protocol (ICMP) to flood a
victim with packets.
A third-party library that attaches to a web browser and can be embedded inside a webpage.
An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing.
An attack that makes a copy of the transmission before sending it to the recipient.
A cookie that is stored in Random Access Memory (RAM), instead of on
the hard drive, and only lasts only for the duration of a visit to a website.
An attack in which an attacker attempts to impersonate the user by using the user's session token.
A form of verification used when accessing a secure web application.
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.
Impersonating another computer or device.
An attack that targets SQL servers by injecting commands to be manipulated
by the database.
SYN flood attack
An attack that takes advantage of the procedures for initiating a TCP/IP session.
A cookie that was created by a third party that is different from the primary website.
An attack that exploits the trust relationship between three parties.
XML (Extensible Markup Language)
A markup language that is designed to carry data, in
contrast to HTML, which indicates how to display data.
An attack that injects XML tags and data into a database.
Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.
HTTP field name : Server
Source: Web server
Explanation: Type of web server
Example: Server: Apache
HTTP field name: Referer or Referrer
Source: Web browser
Explanation: The address of the previous webpage from which a link to the currently requested page was follower
Example: Referer: http://www.askapache .com/show-error-502/
HTTP field name: Accept-Language
Source: Web browser
Explanation: List of acceptable languages for content
HTTP field name:
Source: Web Server
Explanation: Parameters for setting a cookies on the local computer
Example: Set-Cookie: UserID=ThomasTrain; Max-Age=3600; Version=1
Because some websites check the Referer field to ensure that the request came from a page generated by that site, an attacker can bypass this security by modifying the Referer field to hide the fact that it came from another site.
Some web applications pass the contents of this field directly to the database. An attacker can inject an SQL command by modifying this header. In addition, if the web application used the Accept-Language field contents to build a filename from which to look up the correct language text, an attacker could generate a directory traversal attack.
One of the most common HTTP header manipulation attacks is response splitting. First, the application on the client computer must allow input that contains carriage return (CR using %0d or \r) and line feed (LF using %0a or \n) characters in the header. By inserting a CRLF in an HTTP header (%0d%0a), these characters can not only give attackers control of the remaining HTTP headers and body of the response but also allow them to create additional responses via HTTP headers that are entirely under their control.
What are the two categories of tools that can be added to enhance a users interaction with a website through there browser?
A plug-in and A add-ons or extensions.
Impartial Overflow Attacks
Some attacks are "impartial" in that they can target either a server or a client. Many of these attacks are designed to "overflow" areas of memory with instructions from the attacker. This type of attack includes buffer overflow attacks, integer overflow attacks, and arbitrary/ remote code execution attacks.
What are the two of the most common interception attacks?
man-in-the-middle and replay attacks.
What are the two types of attacks injecting poison into a normal network process?
ARP poisoning and DNS poisoning
A paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area.
activity phase controls
Subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective.
Process for developing and ensuring that policies and procedures are carried out, specifying actions that users may do, must do, or cannot do.
An audible sound to warn a guard of an intruder.
Software that helps prevent computers from becoming infected by different
types of spyware.
Software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus.
A structure designed to block the passage of traffic.
Spam filtering software that analyzes every word in an email and
determines how frequently a word occurs in order to determine if it is spam.
A collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications.
Permitting everything unless it appears on the list; a list of non approved senders.
A device that can be inserted into the security slot of a portable device and
rotated so that the cable lock is secured to the device to prevent it from being stolen.
Having the client web browser perform all validations and error recovery procedures.
closed circuit television (CCTV)
Video cameras and receivers used for surveillance in areas that require security monitoring.
Control that provides an alternative to normal controls that for some reason cannot be used.
Control that is intended to mitigate or lessen the damage caused by an incident.
cross-site request forgery (XSRF)
An attack that uses the user's web browser settings to impersonate the user.
Data that is stored on electronic media.
Data that is in transit across a network, such as an email sent across the
A state of data in which actions upon it are being performed by "endpoint devices" such as printers.
data loss prevention (DLP)
A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users.
A door lock that extends a solid metal bar into the door frame for extra security.
A control that is designed to identify any threat that has reached the
A control that attempts to discourage security violations before they occur.
A computer system with a dedicated function within a larger electrical or mechanical system.
Faults in a program that occur while the application is running.
What is errors also called?
Securing a restricted area by erecting a barrier.
Hardware or software that is designed to prevent malicious packets from entering or leaving computers
What is another term used to describe firewall?
fuzz testing (fuzzing)
A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program.
A human who is an active security element.
host-based application firewall
A firewall that runs as a program on a local system.
Software that addresses a specific customer situation and often may not be distributed outside that customer's organization
Verifying a user's input to an application.
Lights that illuminate an area so that it can be viewed after dark.
A ruggedized steel box with a lock.
A very large computing system that has significant processing capabilities.
A device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas.
Determining an object's change in position in relation to its surroundings.
A non-relational database that is better tuned for accessing large data sets.
NoSQL databases vs. SQL databases
An argument regarding which database technology is
NoSQL databases vs. SQL databases is also called?
SQL vs. NoSQL.
Tightening security during the design and coding of the OS.
A general software security update intended to cover vulnerabilities that have been discovered.
Either a program or a feature incorporated within a browser that stops popup advertisements from appearing.
A control that attempts to prevent the threat from coming in and reaching contact with the vulnerability.
protected distribution system (PDS)
A system of cable conduits that is used to protect classified information being transmitted between two secure areas.
A device that detects an emitted signal in order to identify the owner.
A ruggedized steel box with a lock.
SCADA (supervisory control and data acquisition)
Large-scale, industrial-control systems.
Any device or process that is used to reduce risk.
A document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure.
Having the server perform all validations and error recovery procedures.
Software that is a cumulative package of all security updates plus additional features.
A written placard that explains a warning, such as notice that an area is restricted.
A cell phone with an operating system that allows it to run third-party
Devices in which additional hardware cannot easily be added or attached.
Security controls that are carried out or managed by devices.
An operating system that has been designed through OS hardening.
Monitoring activity that is captured by a video camera.
Permitting nothing unless it appears on the list.
A substitute for a regular function that is used in testing.
Control name: Deterrent control
Description: Discourage attack
When it occurs: Before attack
Example: Signs indicating that the area is under video surveillance
Control name: Preventive control
Description: Prevent attack
When it occurs: Before attack
Example: Security awareness training for all users
Control name: Detective control
Description: Identify attack
When it occurs: During attack
Example: installing motion detection sensors
Control name: Compensating control
Description: Alternative to normal control
When it occurs: During attack
Example: An infected computer is isolated on a different network
Control name: Corrective control
Description: Lessen damage from attack
When it occurs: After attack
Example: A virus is cleaned from an infected server
Description: A nontoxic petroleum gel-based paint that is thickly applied and does not harden, making any coated surface very difficult to climb.
Comments: Typically used on poles, downpipes, wall tops, and railings above head height (8 feet or 2.4 meters).
Description: Spiked collar that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing it; serves as both a practical and visual deterrent.
Comments: Used for protecting equipment mounted on poles like cameras or in areas where climbing a pole can be an easy point of access over a security fence.
Independently rotating large cups (diameter of 5 inches or 115 millimeters) affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it.
Comments: Often found around public grounds and schools where a nonaggressive barrier is important.
Installed at the top of walls, gates, or fences; the tri-wing spike collars rotate around a central spindle
Comment: Designed for high-security areas; can be painted to blend into fencing.
automated patch update service
This service is used to manage patches locally instead of relying upon the vendor's online update service. An automated patch update service typically consists of a component installed on one or more servers inside the corporate network. Because these servers can replicate information among themselves, usually only one of the servers must be connected to the vendor's online update service
DLP network sensors
are installed on the perimeter of the network to protect data in-transit by monitoring all network traffic. This includes monitoring email, instant messaging, social media interactions, and other web applications. DLP network sensors can even monitor multiple protocols (including HTTP, SMTP, POP, IMAP, FTP, and Telnet).
DLP storage sensors
Sensors on network storage devices are designed to protect data at-rest. These sensors monitor the devices to ensure that the files on the hard drives that store sensitive data are encrypted. They also scan the drives to determine where specific data is stored.
DLP agent sensors
These sensors are installed on each host device (desktop, laptop, tablet, etc.) and protect data in-use. The DLP agent sensors watch for actions such as printing, copying to a USB flash drive, and burning to a CD or DVD. They can also read inside compressed (ZIP) files and binary files (such as older Microsoft Office non-XML files).
Advanced Encryption Standard (AES)
A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.
Procedures based on a mathematical formula used to encrypt and decrypt the data.
asymmetric cryptographic algorithm
Cryptography that uses two mathematically related keys.
A cipher that manipulates an entire block of plaintext at one time.
A block cipher that operates on 64-bit blocks and can have a key length from 32
to 448 bits.
Data that has been encrypted.
The science of transforming information into a secure form so that unauthorized persons cannot access it.
Data Encryption Standard (DES)
A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks.
The process of changing ciphertext into plaintext.
A key exchange that requires all parties to agree upon a large prime number and related integer so that the same key can be separately created.
Diffie-Hellman Ephemeral (DHE)
A Diffie-Hellman key exchange that uses different keys.
The unique digital fingerprint created by a one-way hash algorithm.
An electronic verification of the sender.
elliptic curve cryptography (ECC)
An algorithm that uses elliptic curves instead of prime numbers to compute keys.
Elliptic Curve Diffie-Hellman (ECDH)
A Diffie-Hellman key exchange that uses elliptic curve cryptography instead of prime numbers in its computation.
The process of changing plaintext into ciphertext.
A temporary key that is used only once before it is discarded.
GNU Privacy Guard (GPG)
Free and open-source software that is commonly used to encrypt and decrypt data.
Hardware Security Module (HSM)
A secure cryptographic processor. hash An algorithm that creates a unique digital fingerprint.
An algorithm that creates a unique digital fingerprint.
Hashed Message Authentication Code (HMAC)
A hash function that is applied to both the key and the message.
Exchanging secure information within normal communication channels.
A mathematical value entered into a cryptographic algorithm to produce encrypted
The process of sending and receiving secure cryptographic keys.
Message Digest (MD)
A common hash algorithm with several different versions.
Message Digest 5 (MD5)
The current version of MD.
The process of proving that a user performed an action.
one-time pad (OTP)
Combining plaintext with a random key to create ciphertext that cannot be broken mathematically.
Exchanging secure information outside the normal communication channels.
perfect forward secrecy
Public key systems that generate random public keys that are
different for each session.
Cleartext data that is to be encrypted and decrypted by a cryptographic algorithm.
Pretty Good Privacy (PGP)
A commercial product that is commonly used to encrypt files and messages.
An asymmetric encryption key that does have to be protected.
private key cryptography
Cryptographic algorithms that use a single key to encrypt and decrypt a message.
An asymmetric encryption key that does not have to be protected.
public key cryptography
Cryptography that uses two mathematically related keys.
A type of asymmetric cryptography that attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys.
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
A hash algorithm that uses two different and independent parallel chains of computation and then combines the result at the end of the process.
An RC stream cipher that will accept keys up to 128 bits in length.
The most common asymmetric cryptography algorithm.
Secure Hash Algorithm (SHA)
A secure hash algorithm that creates more secure hash values than Message Digest (MD) algorithms.
A cryptographic function that applies a process on the input that has been padded with additional characters until all characters are used.
Hiding the existence of data within another type of file.
An algorithm that takes one character and replaces it with one character.
symmetric cryptographic algorithm
Encryption that uses a single key to encrypt and decrypt a message.
Triple Data Encryption Standard (3DES)
A symmetric cipher that was designed to replace DES.
Trusted Platform Module (TPM)
A chip on the motherboard of the computer that provides cryptographic services.
A derivation of the Blowfish algorithm that is considered to be strong.
whole disk encryption
Cryptography that can be applied to entire disks.
bridge trust model
A trust model with one CA that acts as a facilitator to interconnect all other CAs.
Certificate Authority (CA)
A trusted third-party agency that is responsible for issuing digital certificates.
Certificate Repository (CR)
A publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate.
Certificate Revocation List (CRL)
A repository that lists revoked digital certificates.
Certificate Signing Request (CSR)
A specially formatted encrypted message that validates
the information the CA requires to issue a digital certificate
A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS.
A technology used to associate a user's identity to a public key, in which the user's public key is digitally signed by a trusted third party.
A type of trust model in which a relationship exists between two individuals because one person knows the other person.
distributed trust model
A trust model that has multiple CAs that sign digital certificates.
hierarchical trust model
A trust model that has a single hierarchy with one master CA.
Hypertext Transport Protocol Secure (HTTPS)
A secure version of HTTP sent over SSL or TLS.
Internet Protocol Security (IPsec)
A set of protocols developed to support the secure exchange of packets between hosts or networks.
A process in which keys are managed by a third party, such as a trusted CA.
key recovery agent (KRA)
A highly trusted person responsible for recovering lost or
damaged digital certificates.
Online Certificate Status Protocol (OCSP)
A protocol that performs a real-time lookup of a
public key infrastructure (PKI)
A framework for managing all of the entities involved in
creating, storing, distributing, and revoking digital certificates.
Registration Authority (RA)
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
Secure Shell (SSH)
A Linux/UNIX-based command interface and protocol for securely
accessing a remote computer.
Secure Sockets Layer (SSL)
A protocol originally developed by Netscape for securely transmitting data.
Symmetric keys to encrypt and decrypt information exchanged during a handshake session between a web browser and web server.
A trust model in which two individuals trust each other because each individually trusts a third party.
Transport Layer Security (TLS)
A protocol that is more secure than SSL and guarantees privacy and data integrity between applications.
The type of trust relationship that can exist between individuals or entities.
A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.
A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications.
A specialized intrusion detection system (IDS) that is capable of using "contextual knowledge" in real time.
An intrusion prevention system (IPS) that knows information such as the applications that are running as well as the underlying operating systems.
A special proxy server that knows the application protocols that it supports.
A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it.
Searching incoming web content to match keywords.
demilitarized zone (DMZ)
A separate network that rests outside the secure network
perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.
A set of individual instructions to control the actions of a firewall.
A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists.
host-based intrusion detection system (HIDS)
A software-based application that runs on a local host computer that can detect an attack as it occurs.
intrusion detection system (IDS)
A device that detects an attack as it occurs.
A defense that uses multiple types of security devices to protect a
what is another term for Layered security?
defense in depth
A dedicated network device that can direct requests to different servers
based on a variety of factors.
Searching for malware in incoming web content.
network access control (NAC)
A technique that examines the current state of a system or network device before it is allowed to connect to the network.
network address translation (NAT)
A technique that allows private IP addresses to be used on the public Internet.
network intrusion detection system (NIDS)
A technology that watches for attacks on the network and reports back to a central device.
network intrusion prevention system (NIPS)
A technology that monitors network traffic to immediately react to block a malicious attack.
Hardware or software that captures packets to decode and analyze their contents.
A computer or an application program that intercepts user requests from the
internal secure network and then processes those requests on behalf of the users.
Any combination of hardware and software that enables remote users to access a local internal network.
A computer or an application program that routes incoming requests to the correct server.
A device that can forward packets across computer networks.
A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.
subnetting (subnet addressing)
A technique that uses IP addresses to divide a network into network, subnet, and host.
A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.
Unified Threat Management (UTM)
Network hardware that provides multiple security functions.
Restricting access to unapproved websites.
virtual LAN (VLAN)
A technology that allows scattered users to be logically grouped
together even though they may be attached to different switches.
virtual private network (VPN)
A technology that enables use of an unsecured public network as if it were a secure private network.
A device that aggregates VPN connections.
web application firewall
A special type of application-aware firewall that looks at the
applications using HTTP.
web security gateway
A device that can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).
Hubs work at the ____ of the OSI Model
Physical Layer (Layer 1)
A switch operates at the _____ of the OSI model
Data Link Layer (Layer 2)
Routers Operate at the _____ of the OSI Model
Network Layer (Layer 3)
Load balancers are often grouped into two categories known as?
Layer 4 load balancers and Layer 7 load balancers.
Layer 4 load balancers
act upon data found in Network and Transport layer protocols such as Internet Protocol (IP), Transmission Control Protocol (TCP), File Transfer Protocol (FTP), and User Datagram Protocol (UDP).
Layer 7 load balancers
distribute requests based on data found in Application layer protocols such as HTTP. Although both Layer 4 and Layer 7 load balancers can distribute work based on a "round-robin" rotation to all devices equally or to those devices that have the least number of connections, Layer 7 load balancers also can use HTTP headers, cookies, or data within the application message itself to make a decision on distribution.
Because proxy servers can cache material, a request can be served
from the cache instead of retrieving the webpage through the Internet.
A proxy server can reduce the amount of bandwidth usage because of the cache.
A proxy server can block specific webpages and/or entire websites. Some proxy servers can block entire categories of websites such as entertainment, pornography, or gaming sites.
Acting as the intermediary, a proxy server can protect clients from malware by intercepting it before it reaches the client. In addition, a proxy server can hide the IP address of client systems inside the secure network. Only the proxy server's IP address is used on the open Internet.
Class A (IP address)
Beginning address: 10.0.0.0
Class B (IP address)
Beginning address: 172.16.0.0
Ending address: 172.31.255.255
Class C (IP address)
Beginning address: 192.168.0.0
A log that can provide details regarding requests for specific files on a system.
A log that is used to record which user performed an action and what that
A pay-per-use computing model in which customers pay only for the online computing resources that they need, and the resources can be easily scaled.
A pay-per-use computing model in which customers pay only for the online computing resources that they need, and the resources can be easily scaled.
A cloud that is open only to specific organizations that have common concerns.
disabling unused interfaces
A security technique to turn off ports on a network device that are not required.
Log that documents any unsuccessful events and the most significant successful events.
Fibre Channel (FC)
A high-speed storage network protocol that can transmit up to 16 gigabits per second.
Fibre Channel over Ethernet (FCoE)
A high-speed storage network protocol that encapsulates Fibre Channel frames over Ethernet networks.
File Transfer Protocol (FTP)
An unsecure TCP/IP protocol that is commonly used for transferring files.
A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack.
FTP Secure (FTPS)
A TCP/IP protocol that uses Secure Sockets Layer or Transport Layer Security to encrypt commands sent over the control port (port 21) in an FTP session.
The ability to quickly make new virtual server machines available.
The ability to easily expand or contract resources in a virtualized
A type of virtualization in which an entire operating system environment is simulated.
A combination of public and private clouds.
A standard that authenticates users on a per-switch port basis by permitting
access to valid users but effectively disabling the port if authentication fails.
Infrastructure as a Service (IaaS)
A cloud computing model in which customers have the highest level of control and can deploy and run their own software.
Internet Control Message Protocol (ICMP)
A TCP/IP protocol that is used by devices to communicate updates or error information to other devices.
Internet Protocol version 6 (IPv6)
The next generation of the IP protocol that addresses weaknesses of IPv4 and provides several significant improvements.
Using a data-based IP network to add digital voice clients and new voice applications onto the IP network.
iSCSI (Internet Small Computer System Interface)
An IP-based storage networking standard for linking data storage facilities.
A record of events that occur.
Technique to prevent broadcast storms by using the IEEE 802.1d
standard spanning-tree algorithm (STA).
MAC limiting and filtering
A security technique to limit the number of media access control (MAC) addresses allowed on a single port.
NetBIOS (Network Basic Input/Output System)
An older transport protocol used by Microsoft Windows systems for allowing applications on separate computers to communicate over a LAN.
The impact of a patch on other software or even hardware.
Platform as a Service (PaaS)
A cloud service in which consumers can install and run their
own specialized applications on the cloud computing network.
A cloud that is created and maintained on a private network.
A cloud in which the services and infrastructure are offered to all users with access provided remotely through the Internet.
The process of administration that relies on following procedural and technical rules.
Using a virtual machine to run a suspicious program to determine if it is malware.
Secure Copy Protocol (SCP)
A TCP/IP protocol used mainly on UNIX and Linux devices that securely transports files by encrypting files and commands.
Secure FTP (SFTP)
A secure TCP/IP protocol that is used for transporting files by encrypting and compressing all data and commands.
security control testing
Testing the existing security configuration.
Log that can reveal the types of attacks that are being directed at the network
and if any of the attacks were successful.
Simple Network Management Protocol (SNMP)
A TCP/IP protocol that exchanges management information between networked devices. It allows network administrators to remotely monitor, manage, and configure devices on the network.
An instance of a particular state of a virtual machine that can be saved for later use.
Software as a Service (SaaS)
A model of cloud computing in which the vendor provides access to the vendor's software applications running on a cloud infrastructure.
storage area network (SAN)
A dedicated network storage facility that provides access to data storage over a high-speed network.
An older TCP/IP protocol and an application used for text-based communication.
Transmission Control Protocol/Internet Protocol (TCP/IP)
The most common protocol suite
used today for local area networks (LANs) and the Internet.
Trivial File Transfer Protocol (TFTP)
A light version of FTP that uses a small amount of memory and has limited functionality.
A means of managing and presenting computer resources by function without regard to their physical layout or location.