motonlava

Port 20, 21

23

Port 25

• Terminal Access Controller Access Control System
• Port 49
• Alternate to RADIUS
• AAA performed separately
• Supports PAP, CHAP and EAP
• Allows use of multi-factor auth
• Allows a RAS to forward user credentials to an auth server
• Uses TCP Port 49
• Encypts entire body of message

Port 53

Ports 67, 68

Port 69

Port 80

Port 110

Port 119

Port 123

Port/s 1812-1813

88

167-169

• Lightweight Directory Access Protocol 
• Port 389

443

500

636

1701

1723

3389

L2F TCP 1701

TCP 1713

UDP port 1701

VPN

Layer 3

UDP 500

UDP port 500

Unshielded Twisted pair

Shielded Twisted pair

Electromagnetic Interference

Network Interface Card

• o Povides connectivity between two or more networks
• o Routes packets based upon IP addressing
• o Standard Protocols
•    o RIP (Routing Information protocol)
•    o BGP (Border Gateway Protocol)
•    o OSPF (Open Shortest path First)

Access Control List

• o Rule based access control set on network devices that regulate traffic
• o Can be applied ro inbound/outbound traffic
• o Usually simple packet filtering that blocks traffic by:
•    o Source and Destination IP address
•    o Port
•    o Protocol

Spanning Tree Protocol

Triple Digital Encryption Standard (DES) a block cipher algorithm used for encrytion

• The Standard that provides for bandwidths of up to 54Mbps in 5GHz Frequency spectrum
• Bit Rate 5 GHz  50-100 feet

• The Standard that provides for bandwidths of up to 11Mbs in the 2.4GHz Frequency
•  150-300 feet

• The Standard that provides for bandwidths of up to 20Mbs in in the 2.4GHz Frequency
• 150-300 feet

• Aproposed amensment to the 802.11 standard that provides for bandwidthd of 74Mbs in the 2.4GHz and 5GHz frequency.
• 300-600 feet

Protocol used to map known IP addresses to unknown physical addresses.

The series of steps/formilas/poscesses that followed ro arrive at a result

• FTP       20,21
• Telnet   23
• SMTP    25
• HTTP    80
• Simple Mail Transfer Management Potocol (SNMP)   

Port 21

Port 22

(Network Address Translation)

Port Address translation

Network Access Control

A pool of public IP address is shared by an entire private IP subnet. Connections initiated by private hosts are assigned a public address from a pool

Accomplished by a straightforward, ststless implementaion that transforms only the network part of the address, leaving the host part intact. The payload of the packet must also be considered during the translation process.

• Remote Procedure call (Microsoft)
• port 135

Port 143

Port 389

Port 636

Symmetic   Block cipher 64 bits

Symmetic  Block cipher  (used in PGP/GPG)

Rijndael Block cipher (used in PGP/GPG)

Symmetic Block cipher

Symmetic Block cipher (used in PGP/GPG)

Symmetic   Block cipher (used in PGP/GPG)

• ASA Combines
• PIX firewall (Routing, ACL, NAT)
• Also known as Unifed Threat Management (UTM)

• A network device, firewall/router, that has the ability to prevent some flooding DoS attacks
• DoS attacks prevent could be
• Fraggle
• Smurf
• Syn
• Authentication DoS attacks

Asymmetic  - Key Exchange, Encryption, Digital Signatures, used in PGP/GPG

Asymmetic  - Key Exchange (used in PGP/GPG)

Asymmetic - Key Exchange, Encryption, Digital Signatures

Asymmetic - Key Exchange, Encryption, Digital Signatures (used in cell phones and wireless devices)

Hash

Hash

Hash

Hash

Access point

Anomaly-detection intustion detection system. An AD-IDS works by looking for deviations from a pattern of normal network traffic

Software that gathers info to pass on to markers or intercepts personal data such as credit card numbers and makes them available to third parties

The componet or process that analyzes the data collected by the sensor

• Software as a service over the Internet
• Eliminates the need to install/run applications on customer's computers
• No local software applications needed (just web site connectivity)

• Facilitates deployment of applications reducing cost and complexity
• Vendors allow apps to be created and run on site connectivity

• Typically a Platform virtualization enviroment
• Clients purchase resources/services (servers, software, certain networks devices, data center space

• Voice over IP
• VoIP serveices convert your voice into digital signal that travels over the Internet
• Establish a IP Phone VLAN
• Use Voice Firewalls

Session Initial Protocol - used to manage multimedia communication sessions, such as VoIP utilizing ports 5060 and 5061

Realtime Transport Protocol - used to transfer steaming media over networks

Network detection Systems : Network monitoring - The process of using data-capturing device or other method to intercept information from a network

Network IDS (NIDS) Can Not analyze encrypted traffic

• Host IDS
• Installed on a Host
• Detects attacks against the host and the level of their success
• Relies on the auditing and loggong capabilities of the operating system
• Can view encrypted data in transit
• Is detectable and can be a target of attack

• Looks for secuity breaches, but effectively takes no action
• Logs suspicious activity
• Generates alerts if the attack is deemed to be severe
• the Network analyst interprets the degree of the threat and responds accordingly

• Active IDS - Can be configured to take specific actions
• Can automate responses including dynamic policy adjustment and reconfiguartion of supporting network devices

• IDS reports legitimate activity as an intrusion
• caused by
• Poorly tuned
• bad/outdated baseline

• IDS Fails to detect malicous intrusion
• caused by
• New attacks not yet identified by vendor
• poorly wriiten signatures
• Outdtaed signature files
• Patient, stealthy attacks

Intrusion Prevention System

• Network Access Control
• Evaluates system security status before connecting to the network
• Ani-virus stats
• System update level

Wieless Personal Area Network (WPAN) Bluetooth is an implemenation of WPAN

• Wired Equivalent Privacy
• Intended to provide the equivalent security of a wired network protocol
• Encyrpts data using RC4 algorithm
• No Authentication
• Open System Auth
• Shared Key Auth

• WiFi Protected Access
• WPA implements most of IEEE 802.11i

• Mandatory to be Wi-Fi certified
• NIST FIPS 140-2 compliant

Symmetic Key Alogrithms Steam: Variable key length

Block cipfer

Sending of unsolicited messages over bluetooth

Taking control of a bluetooth device for personal gain (phone calls,etc.) 

Theft of information from a wireless device through a Bluetooth connection

• Captures all the data that pass through a given network interface
• promiscous Mode: sniffer is capable of capturing All packets traversing the network
• Possible to capture both wireless and wired packets
• Can capture and read plaintext

War Charking is the drawing of symbols in public places to advertise an open WiFi wireless network.

• Type 1 or native, bare-metal
• Type 2 or hosted

Host OS must be secured

Port 22

Internet Control Mesage Protocol

• Network Address Translation
• Translates a private address into a public address
• Hides devices in a private network
• Allows sharing of a single public IP address or a pool of public IP addresses

Dynamic NAT - A pool of public IP addresses is hared by an entire private IP address and use public addreeese only for the NAT to translate to and communicate with the outside

• Static NAT - Accomplished by a straightforward, stateless implementation that transforms only the network part of the address, leaving the host paart intact. The payload of the packet must also be considered during the translation process.
• Port Address NAT

• Allows many hosts to share a single IP address by multiplexing strams differentiated by TCP/UDP port numbers
• Poets are selected at random for each insidfe address which generates a request

• DMZ: contains public facing servers
• Bastion hosts: any hardened system located in the DMZ (File server, Web Server)
• Internal: Internet network ti include systems and work stations you do not want anyone outside of your network to directly connect to.
• External: Segment of tyour network set aside for trusted partners, organizations
• Internet: Unsecure secity zone

• A Single devi ce that handles large number of VPN tunnels
• Primarily used for remote sccess VPN's
• Usually two flavors; SSL or IPSec (some can do both, ie. CISCO)
•   Examples:  Cisco
•                   Netgear
•                   Juniper

• Authentication
• Authorization
• Accounting

• Process of identifying an entity for authentication
• User Identification Guidelines
• Uniqueness -   User ID must be unique identifier to provide positive id
• Non-descriptive -  Usre Id should not expose the associated role or job function
• Issuance  - The process od issuing id's must be secure and documented.
• Most common forms:
•    User Name
•    User ID
•    Account Number

• Something you know -  Password or PIN
• Something you have  - Smart Card, Token, or Device
• Something you are   -  Fingerprints or retinal Patten
• Something you do  -  Keystroke Auth
• Somewhere you are   -  Location

• Fingerprints   Easy to use    Assoiciated with criminlals
• Iris               High Accuracy & non-intrusive   Expensive
• Retina           High Accuracy      Intrusive and Expensive
• Face             Easy to use         Accuracy issues
• Hand            Easy to use          Accuracy issues     Accuracy issues
• Voice            Inexpensive and non-intrusive
• Signature      Inexpensive and non-intrusive

• Type 1 Error : False Reject Rate (FRR)
• Type 2 Error : False Accept Rate (FAR)
• Crossover Error rate (CER)

A collection of computer networks that agree on standards of operation such a security standards

Means of liknking a user's identiy with their privileges

Password Authentication Protocol - sends the username and password to all appliications and systems they need when they log on

• (Shiva Password Authentication Protocol)
• Encrypts the username and password

• Challenge Handshake Authentication protocol
• Encrypts passwords during logon
• Challenges/response method of authenitication
• Re-authentication to protect against man-in-the middle attacks
• Credentials are hashed using MD5

• Time-Based One-Time Password
• Algorithm uses a time-based fact to create unique passwords

• HMAC-Based One-Time Password
• Algorithm is based on using HMAC algorithm

• Single Sign-On -
• Provides access to all authorized resources with single instance of authentication (authenticates only once)
• Uses centralized authentication servers: Once authenticated, subjects can use the network/resources without being challenged again.
• If account is compromised, malicious subject has unrestricted access

• New Technology LANMAN
• Challenge-Response Auth replacement for older LANMAM protocol used to auth when Kerberos is not applicable/available Both versions lack mutual auth

• First available to NT OS before NT4 service pack 4
• Uses DES for enciphering

• First available to NT OS before NT4 service pack 4
• Uses MD5 for enciphering

• Lightweight Directory Access protocol
• Folloes X.500 standard
• Directory uses a hierachical design with a root object at the top followed by organization and OU containers for logical organization
• Port 389  (standard)
• Port 636 LDAP over TLS/SSL (secure)

• Simple Authentication and Sercurity Layer
• Can use Kerberos, MD5, S/Key, IPSec, TLS

• Remote Authentication Dail-In User Service
• Centralized system for auth, auth and accounting (AAA)
• Supports PAP, CHAP and EAP
• Authentication and Authorization (Only Password is encypted
• Uses UDP port 1812 for auth
• Uses UDP port 1813 for accounting

tpically a network access server such as Dial-up Server, VPN srever, or Wireless AP

• Stores all user auth and network service access information
• Ability to implement auditng and accounting

• Security Assertion Markup Language (SAML)
• An openstandard based on XML that is used for auth and auth data
• Service providers often use SAML to prove the ID od someone connecting to the service

The trusts between (A) and (C) the relationship flows

• Explicit Deny - You specifically deny a subject (person, IP address, etc.)
• Implicit - By not specifically allowing access
• Least privilege - Give users omly the permissions they need to do their work

• Mandatory Access Control
• Most secure

Role-Based Access Contol

Problem - Privilege creep

• Limits the user to settings in preconfigured policies
• Normally found in firewalls and routers (ACLs)

• Discretionary Access Control
• Allows usres to share info dynamically with others
• Ower establishes privileges

Given to an individual because of where they work or the group they belong to

Assigned to an individual based upon their need-to-know

• Based upon users need-to-know
• File Controls

The act of exploiting a bug or design flaw in a software application to gain access

Lower privilege user accesses functions or content reserved for higher privilege users

Normal user accesses functions or content reserved for other uses

• Spam - Malwrae
• Replicates inself on a system
•    Goals:
•              Renders your system inoperable
•              Spreads to thers systems
•    Symptoms:
•              Programs on your system start to load more slowly
•              Unusal files appear or disappear
•              program sizes change from the installed versions

• Adware - Computer program that propagates on it's own
• Does not need a host application to be transported
• Self containied

• Ransonware - A program that is disguised as another program
• May be included as an attachment or as part of an mail, website, DL's

Spyware - Malware inserted into a system which sets off an action when specific conditions are met

• Zombies - Malware that has the ability to hide spyware blockers, anti-virus program, and system utilities
• Runs at the root level or admin access

Botnets

• Armored - Makes itself difficult to detect or analyze
• Retrovirus -Designed to avoid discovery by actively attacking the anti-virus programs attempting to detect it.
• Stealth - Hides itself by intercepting disk access requests
• When an anti-virus prg tries to read files or boot sectors to find the virus, the stealth virus feeds the anti-virus prg a clean image of the file or boot sector
• Boot Sector - Speads by infecting boot sector
• File infector Virus (Parasitic Virus) - Copies themselves into other programs
• When an infected file is executed, the virus is loaded into memory and tries to infect other executables
• Macro Virus - Malware that is encoded as a macro embedded in a document
• Programs such as word and Excell allow programmers to expand the capability of the application.
• Multipartite - Propagates by using both sector and file infector methods

• Allows access to a computer (i.e server, workstation, network device)
• Full access to every aspect of the device
• Can be spread via malware
• Example : Back Orfice or NetBus

• Up-to-date Anti-virus
• IDS/IPS

• Frequently refers to any software which displays advertisements
• Some are spyware or malware

• Denial of Service -
• Prevents access to resources for authorized users
• Common DoS attacks: - prevent access to resources bt users authorized to use those resources. Most simple DoS attack oocur from a single, and a specific server or organization is the target
• Ping-of-Death
• Land Attack
• teardrop
• SYN Flood

• Attacker sends a succession of SYN requests to a target
• Can be Mitigated on most modern networks

• Amplifies a DoS by using multiple computers to conduct an attack against a single entity (Smurf Attack)
• Compromised systems are referred to as Bots or Zombies

• Man-in-Middle Attacks
• Occurs when someone/-thing intercepts data and retransmits to another entity

Information (credentials) captured over a network and replayed later

Spoofing is a situation in which one person or program successfully masquerades as another by falsifying data

Is creation of TCP/IP packets using someones else IP Address

is a technique for changing a factory-assigned media Access Contol (MAC) address of a network interface on a networked device.

An attacker (on the same switched network) forges ARP replies to a vitim system and device like the default gateway.

• Scans/attack conducted with Xmas packets
• Packet with every single option set for whatever protocol is in use
• By oberving how a host responds to the packet, assumptions can be made regarding the host's operating system

• A service that involvs another service to satisfy an initial request
• Problem arises from a poor choice of access control mechanism, one that uses auth to make access secisions

SPAM over Instant Messaging

SPAM ocer Internet telephony

Uses social engineering (Emails) to steal personal identity data and financial account credentials

Email/IM scam to a particular target, some inside information about the organization or individual is needed

Structured Exception Handler

• Vulnerability where an attacker can add comments/code to web pages which allows code injection
• Code could redirect valid data to the attacker
• Typically found in web pages

• Safeguards- Input validation
• Disable the running of scripts
• Keep browser and apps updated
• Keep web server app updated

• Cross-site Request Forgery - Session Riding
• One-Click attack

Code injected into a database via a web form

Can occur anywhere that underlying code use some type of input for LDAP searches, queries or any other LDAP function

• Attack technique used to manipulate or compromise the logic of an XML app or service
• Injection can cause the insertion of malicious content into the resulting messgae/document

• Text file associated with your current web session and/or user information for a site
• Save your internet activity locally (not data)
• Browsers offer setting to help control vulnerabilities from cookies
• Transient vs Persistant cookies

Code signing mechanism, identifying the publisher

• Thrat that exploits vulnerabilities thst are unknown to others or the software developer
• Occur during the vulnerabilities window

Defense - Firewall (Comptia) No defense, until sig comes out

SSH Secure Shell

SFTP - Simple File Transfer Potocol

NNTP - Network News Transfer Potocol

Which shields the organizaton from attackes attempting to gain access to it's premises; examples includes sensors, alarms, cameras, and motion detectors.

Exposure Factor

Single Loss Expectancy

Annualized Rate of Occurrence

Annualized Loss Expectancy

• Striping
• Highest Performance
• No Redundancy 1 fall = all fail
• Minimal of 2 Disks

• Mirroring
• Duplicates data on the disks
• Expensive; double cost of storage

• Striping with dedicated parity
• Excellent Performance; fault tolerance
• Write requests suffer from same single parity-drive

• Striped with dedicated parity
• Excellellent performance; fault
• Writes request suffer from same single parity-drive

• Clock-level striping with distributed parity
• Best cost/performance for networks; high performance; high data protection
• Write performance is slower than RAID 0 or RAID 1
• RAID 5 uses Databases, Min 3 Disks
• RAID 6 needs 4 or more disks

Interconnection Security Agreement

Memorandum of Understanding

Service Level Agreement

• MTBF - Mean Time Between Failures
• MTTR - Mean Time to  Repair
• MTD   - Maximum Tolerable Downtime 

• Used to test for security problems in software or computer systems
• Used in large software development projects that employ black-box testing
• An assurance of overall quality rather than a bug-finding tool
• Often finds odd oversights and defects which human tersters would fail to find

• Configuration Baseline -
• Establishes the mandatory settings that systems must have in place to be accepted for use in the network

Aplication headening is the process to address aplication security weakness by implementing ther latest software patches. The three main areas requiring hardening are operating system, network and applications

• Windows Server Update Services
• Keep application patches current
• Vendors post patches on regular basis
• Large numbers of attacks today targets client systems

Data moving between devices across an internal or external network

• Trusted Plaform Module - Bitlocker
• A microcontoller that stores keys, passwords, and digital certificates
• Typically affixed to the motherboard of a PC
• More secure from extermal software attack and phyical theft