The flashcards below were created by user motonlava on FreezingBlue Flashcards.

  1. FTP (file Transfer protocol - data
    Port 20, 21
  2. Telnet
  3. SMTP (Simple mail Transfer Protocol)
    Port 25
  4. TACACS+
    • Terminal Access Controller Access Control System
    • Port 49
    • Alternate to RADIUS
    • AAA performed separately
    • Supports PAP, CHAP and EAP
    • Allows use of multi-factor auth
    • Allows a RAS to forward user credentials to an auth server
    • Uses TCP Port 49
    • Encypts entire body of message
  5. DNS (Domain Name Service)
    Port 53
  6. DHCP (Dynamic Host Control Protocol)
    Ports 67, 68
  7. TFTP (trivial File Transfer Protocol)
    Port 69
  8. HTTP (Hypertext transfer Protocol)
    Port 80
  9. POP3 (Post Office Protocol, v3)
    Port 110
  10. NNTP (Network News transfer protocol)
    Port 119
  11. NTP (Network Time Protocol)
    Port 123
  12. RADIUS
    Port/s 1812-1813
  13. Port/s 1812-1813
  14. Kerbros
  16. LDAP
    • Lightweight Directory Access Protocol 
    • Port 389
  17. HTTPS
  18. IPSEC
  19. LDAP (secure)
  20. L2TP
  21. PPTP
  22. RDP
  23. Layer 2 Forwarding (L2F) Cisco
    L2F TCP 1701
  24. Point to Point Tunneling Protocol (PPTP) Microsoft
    TCP 1713
  25. Layer 2 Tunneling Protocol (L2TP) (RFC standard)
    UDP port 1701
  26. Virtual private Network
  27. Internet Protocol Security (IPSec)
    Layer 3
  28. Internet Security Association and Key Management Protocol (ISAKMP)
    UDP 500
  29. Internet Key Exchange (IKE)
    UDP port 500
  30. UTP
    Unshielded Twisted pair
  31. STP
    Shielded Twisted pair
  32. EMI
    Electromagnetic Interference
  33. NIC
    Network Interface Card
  34. Router
    • o Povides connectivity between two or more networks
    • o Routes packets based upon IP addressing
    • o Standard Protocols
    •    o RIP (Routing Information protocol)
    •    o BGP (Border Gateway Protocol)
    •    o OSPF (Open Shortest path First)
  35. ACL
    Access Control List

    • o Rule based access control set on network devices that regulate traffic
    • o Can be applied ro inbound/outbound traffic
    • o Usually simple packet filtering that blocks traffic by:
    •    o Source and Destination IP address
    •    o Port
    •    o Protocol
  36. STP
    Spanning Tree Protocol
  37. 3DES
    Triple Digital Encryption Standard (DES) a block cipher algorithm used for encrytion
  38. 802.11a
    • The Standard that provides for bandwidths of up to 54Mbps in 5GHz Frequency spectrum
    • Bit Rate 5 GHz  50-100 feet
  39. 802.11b
    • The Standard that provides for bandwidths of up to 11Mbs in the 2.4GHz Frequency
    •  150-300 feet
  40. 802.11g
    • The Standard that provides for bandwidths of up to 20Mbs in in the 2.4GHz Frequency
    • 150-300 feet
  41. 802.11n
    • Aproposed amensment to the 802.11 standard that provides for bandwidthd of 74Mbs in the 2.4GHz and 5GHz frequency.
    • 300-600 feet
  42. ARP
    Protocol used to map known IP addresses to unknown physical addresses.
  43. Algorithm
    The series of steps/formilas/poscesses that followed ro arrive at a result
  44. level 7 Applications
    • FTP       20,21
    • Telnet   23
    • SMTP    25
    • HTTP    80
    • Simple Mail Transfer Management Potocol (SNMP)   
  45. FTP - File Transfer Protocol - control
    Port 21
  46. SSH (Secure Shell)
    Port 22
  47. NAT (Network Address Translation)
    (Network Address Translation)
  48. PAT
    Port Address translation
  49. NAC
    Network Access Control
  50. Dynamic NAT
    A pool of public IP address is shared by an entire private IP subnet. Connections initiated by private hosts are assigned a public address from a pool
  51. Static NAT
    Accomplished by a straightforward, ststless implementaion that transforms only the network part of the address, leaving the host part intact. The payload of the packet must also be considered during the translation process.
  52. RPC
    • Remote Procedure call (Microsoft)
    • port 135
  53. IMAP (Internet Message Access Protocol)
    Port 143
  54. LDAP (lightweigtht Directory Access Protocol)
    Port 389
  55. Secure LDAP
    Port 636
  56. DES
    Symmetic   Block cipher 64 bits
  57. 3DES
    Symmetic  Block cipher  (used in PGP/GPG)
  58. AES
    Rijndael Block cipher (used in PGP/GPG)
  59. Blowfish
    Symmetic Block cipher
  60. Twofish
    Symmetic Block cipher (used in PGP/GPG)
  61. CAST-128
    Symmetic   Block cipher (used in PGP/GPG)
  62. All in One Appliance
    • ASA Combines
    • PIX firewall (Routing, ACL, NAT)
    • Also known as Unifed Threat Management (UTM)
  63. Flood Guards
    • A network device, firewall/router, that has the ability to prevent some flooding DoS attacks
    • DoS attacks prevent could be
    • Fraggle
    • Smurf
    • Syn
    • Authentication DoS attacks
  64. RSA
    Asymmetic  - Key Exchange, Encryption, Digital Signatures, used in PGP/GPG
  65. Diffe-Hellman
    Asymmetic  - Key Exchange (used in PGP/GPG)
  66. El Gamal
    Asymmetic - Key Exchange, Encryption, Digital Signatures
  67. ECC
    Asymmetic - Key Exchange, Encryption, Digital Signatures (used in cell phones and wireless devices)
  68. HMAC
  69. MD5
  70. SHA-1
  71. Whirlpool
  72. AP
    Access point
  73. AD-IDS
    Anomaly-detection intustion detection system. An AD-IDS works by looking for deviations from a pattern of normal network traffic
  74. Adware
    Software that gathers info to pass on to markers or intercepts personal data such as credit card numbers and makes them available to third parties
  75. Analyer
    The componet or process that analyzes the data collected by the sensor
  76. SaaS - Software as a Service
    • Software as a service over the Internet
    • Eliminates the need to install/run applications on customer's computers
    • No local software applications needed (just web site connectivity)
  77. PaaS - Platform as a Service
    • Facilitates deployment of applications reducing cost and complexity
    • Vendors allow apps to be created and run on site connectivity
  78. IaaS  - Infrastructure as a service
    • Typically a Platform virtualization enviroment
    • Clients purchase resources/services (servers, software, certain networks devices, data center space
  79. VoIP
    • Voice over IP
    • VoIP serveices convert your voice into digital signal that travels over the Internet
    • Establish a IP Phone VLAN
    • Use Voice Firewalls
  80. SIP
    Session Initial Protocol - used to manage multimedia communication sessions, such as VoIP utilizing ports 5060 and 5061
  81. RTP
    Realtime Transport Protocol - used to transfer steaming media over networks
  82. IDS
    Network detection Systems : Network monitoring - The process of using data-capturing device or other method to intercept information from a network
  83. NIDS
    Network IDS (NIDS) Can Not analyze encrypted traffic
  84. Host IDS (HIDS)
    • Host IDS
    • Installed on a Host
    • Detects attacks against the host and the level of their success
    • Relies on the auditing and loggong capabilities of the operating system
    • Can view encrypted data in transit
    • Is detectable and can be a target of attack
  85. Passive IDS
    • Looks for secuity breaches, but effectively takes no action
    • Logs suspicious activity
    • Generates alerts if the attack is deemed to be severe
    • the Network analyst interprets the degree of the threat and responds accordingly
  86. Active IDS
    • Active IDS - Can be configured to take specific actions
    • Can automate responses including dynamic policy adjustment and reconfiguartion of supporting network devices
  87. False Positives
    • IDS reports legitimate activity as an intrusion
    • caused by
    • Poorly tuned
    • bad/outdated baseline
  88. False Negatives
    • IDS Fails to detect malicous intrusion
    • caused by
    • New attacks not yet identified by vendor
    • poorly wriiten signatures
    • Outdtaed signature files
    • Patient, stealthy attacks
  89. IPS
    Intrusion Prevention System
  90. NAC
    • Network Access Control
    • Evaluates system security status before connecting to the network
    • Ani-virus stats
    • System update level
  91. 802.15
    Wieless Personal Area Network (WPAN) Bluetooth is an implemenation of WPAN
  92. WEP
    • Wired Equivalent Privacy
    • Intended to provide the equivalent security of a wired network protocol
    • Encyrpts data using RC4 algorithm
    • No Authentication
    • Open System Auth
    • Shared Key Auth
  93. WPA
    • WiFi Protected Access
    • WPA implements most of IEEE 802.11i
  94. WPA2
    • Mandatory to be Wi-Fi certified
    • NIST FIPS 140-2 compliant
  95. RC4
    Symmetic Key Alogrithms Steam: Variable key length
  96. RC5
    Block cipfer
  97. Bluejacking
    Sending of unsolicited messages over bluetooth
  98. Bluebugging
    Taking control of a bluetooth device for personal gain (phone calls,etc.) 
  99. Bluesnarfing
    Theft of information from a wireless device through a Bluetooth connection
  100. Packet Sniffing
    • Captures all the data that pass through a given network interface
    • promiscous Mode: sniffer is capable of capturing All packets traversing the network
    • Possible to capture both wireless and wired packets
    • Can capture and read plaintext
  101. War Chalking
    War Charking is the drawing of symbols in public places to advertise an open WiFi wireless network.
  102. Types of Hypervisor
    • Type 1 or native, bare-metal
    • Type 2 or hosted
  103. Vulnerabilities of Virtualization
    Host OS must be secured
  104. SSH (Secure Shell)
    Port 22
  105. ICMP
    Internet Control Mesage Protocol
  106. NAT
    • Network Address Translation
    • Translates a private address into a public address
    • Hides devices in a private network
    • Allows sharing of a single public IP address or a pool of public IP addresses
  107. Types of NATs:
    Dynamic NAT - A pool of public IP addresses is hared by an entire private IP address and use public addreeese only for the NAT to translate to and communicate with the outside

    • Static NAT - Accomplished by a straightforward, stateless implementation that transforms only the network part of the address, leaving the host paart intact. The payload of the packet must also be considered during the translation process.
    • Port Address NAT
  108. Port Address translation (PAT)
    • Allows many hosts to share a single IP address by multiplexing strams differentiated by TCP/UDP port numbers
    • Poets are selected at random for each insidfe address which generates a request
  109. Security Zones
    • DMZ: contains public facing servers
    • Bastion hosts: any hardened system located in the DMZ (File server, Web Server)
    • Internal: Internet network ti include systems and work stations you do not want anyone outside of your network to directly connect to.
    • External: Segment of tyour network set aside for trusted partners, organizations
    • Internet: Unsecure secity zone
  110. VPN Concentrator
    • A Single devi ce that handles large number of VPN tunnels
    • Primarily used for remote sccess VPN's
    • Usually two flavors; SSL or IPSec (some can do both, ie. CISCO)
    •   Examples:  Cisco
    •                   Netgear
    •                   Juniper
  111. AAA
    • Authentication
    • Authorization
    • Accounting
  112. Idenification
    • Process of identifying an entity for authentication
    • User Identification Guidelines
    • Uniqueness -   User ID must be unique identifier to provide positive id
    • Non-descriptive -  Usre Id should not expose the associated role or job function
    • Issuance  - The process od issuing id's must be secure and documented.
    • Most common forms:
    •    User Name
    •    User ID
    •    Account Number
  113. Authentication Types Access Control and Identity Management
    • Something you know -  Password or PIN
    • Something you have  - Smart Card, Token, or Device
    • Something you are   -  Fingerprints or retinal Patten
    • Something you do  -  Keystroke Auth
    • Somewhere you are   -  Location
  114. Biometic Examples
    • Fingerprints   Easy to use    Assoiciated with criminlals
    • Iris               High Accuracy & non-intrusive   Expensive
    • Retina           High Accuracy      Intrusive and Expensive
    • Face             Easy to use         Accuracy issues
    • Hand            Easy to use          Accuracy issues     Accuracy issues
    • Voice            Inexpensive and non-intrusive
    • Signature      Inexpensive and non-intrusive
  115. Biometric Error Rates
    • Type 1 Error : False Reject Rate (FRR)
    • Type 2 Error : False Accept Rate (FAR)
    • Crossover Error rate (CER)
  116. Federation
    A collection of computer networks that agree on standards of operation such a security standards
  117. Federated Identity
    Means of liknking a user's identiy with their privileges
  118. PAP
    Password Authentication Protocol - sends the username and password to all appliications and systems they need when they log on
  119. SPAP
    • (Shiva Password Authentication Protocol)
    • Encrypts the username and password
  120. CHAP
    • Challenge Handshake Authentication protocol
    • Encrypts passwords during logon
    • Challenges/response method of authenitication
    • Re-authentication to protect against man-in-the middle attacks
    • Credentials are hashed using MD5
  121. TOTP
    • Time-Based One-Time Password
    • Algorithm uses a time-based fact to create unique passwords
  122. HMAC
    • HMAC-Based One-Time Password
    • Algorithm is based on using HMAC algorithm
  123. SSO
    • Single Sign-On -
    • Provides access to all authorized resources with single instance of authentication (authenticates only once)
    • Uses centralized authentication servers: Once authenticated, subjects can use the network/resources without being challenged again.
    • If account is compromised, malicious subject has unrestricted access
  124. NTLM
    • New Technology LANMAN
    • Challenge-Response Auth replacement for older LANMAM protocol used to auth when Kerberos is not applicable/available Both versions lack mutual auth
  125. NTLM v1
    • First available to NT OS before NT4 service pack 4
    • Uses DES for enciphering
  126. NTLM v2
    • First available to NT OS before NT4 service pack 4
    • Uses MD5 for enciphering
  127. LDAP
    • Lightweight Directory Access protocol
    • Folloes X.500 standard
    • Directory uses a hierachical design with a root object at the top followed by organization and OU containers for logical organization
    • Port 389  (standard)
    • Port 636 LDAP over TLS/SSL (secure)
  128. SASL
    • Simple Authentication and Sercurity Layer
    • Can use Kerberos, MD5, S/Key, IPSec, TLS
  129. RADIUS
    • Remote Authentication Dail-In User Service
    • Centralized system for auth, auth and accounting (AAA)
    • Supports PAP, CHAP and EAP
    • Authentication and Authorization (Only Password is encypted
    • Uses UDP port 1812 for auth
    • Uses UDP port 1813 for accounting
  130. RADIUS Client
    tpically a network access server such as Dial-up Server, VPN srever, or Wireless AP
  131. RADIUS Server
    • Stores all user auth and network service access information
    • Ability to implement auditng and accounting
  132. SAML
    • Security Assertion Markup Language (SAML)
    • An openstandard based on XML that is used for auth and auth data
    • Service providers often use SAML to prove the ID od someone connecting to the service
  133. Transitive Trusts
    The trusts between (A) and (C) the relationship flows
  134. Access Control Best Practice
    • Explicit Deny - You specifically deny a subject (person, IP address, etc.)
    • Implicit - By not specifically allowing access
    • Least privilege - Give users omly the permissions they need to do their work
  135. MAC
    • Mandatory Access Control
    • Most secure
  136. RBAC
    Role-Based Access Contol

    Problem - Privilege creep
  137. Rule-Based Access Control
    • Limits the user to settings in preconfigured policies
    • Normally found in firewalls and routers (ACLs)
  138. DAC
    • Discretionary Access Control
    • Allows usres to share info dynamically with others
    • Ower establishes privileges
  139. Privileges
    Given to an individual because of where they work or the group they belong to
  140. Rights
    Assigned to an individual based upon their need-to-know
  141. Permissions
    • Based upon users need-to-know
    • File Controls
  142. Privilege Escalation
    The act of exploiting a bug or design flaw in a software application to gain access
  143. Vertical Privilege Escalation
    Lower privilege user accesses functions or content reserved for higher privilege users
  144. Horizonal Privilege Escalation
    Normal user accesses functions or content reserved for other uses
  145. Virus
    • Spam - Malwrae
    • Replicates inself on a system
    •    Goals:
    •              Renders your system inoperable
    •              Spreads to thers systems
    •    Symptoms:
    •              Programs on your system start to load more slowly
    •              Unusal files appear or disappear
    •              program sizes change from the installed versions
  146. Worm
    • Adware - Computer program that propagates on it's own
    • Does not need a host application to be transported
    • Self containied
  147. Trojan Horse
    • Ransonware - A program that is disguised as another program
    • May be included as an attachment or as part of an mail, website, DL's
  148. Logic Bomb
    Spyware - Malware inserted into a system which sets off an action when specific conditions are met
  149. Rootkits
    • Zombies - Malware that has the ability to hide spyware blockers, anti-virus program, and system utilities
    • Runs at the root level or admin access
  150. Polymorphic Malware
  151. Virus Types
    • Armored - Makes itself difficult to detect or analyze
    • Retrovirus -Designed to avoid discovery by actively attacking the anti-virus programs attempting to detect it.
    • Stealth - Hides itself by intercepting disk access requests
    • When an anti-virus prg tries to read files or boot sectors to find the virus, the stealth virus feeds the anti-virus prg a clean image of the file or boot sector
    • Boot Sector - Speads by infecting boot sector
    • File infector Virus (Parasitic Virus) - Copies themselves into other programs
    • When an infected file is executed, the virus is loaded into memory and tries to infect other executables
    • Macro Virus - Malware that is encoded as a macro embedded in a document
    • Programs such as word and Excell allow programmers to expand the capability of the application.
    • Multipartite - Propagates by using both sector and file infector methods
  152. Backdoors
    • Allows access to a computer (i.e server, workstation, network device)
    • Full access to every aspect of the device
    • Can be spread via malware
    • Example : Back Orfice or NetBus
  153. Mitigation
    • Up-to-date Anti-virus
    • IDS/IPS
  154. Adware
    • Frequently refers to any software which displays advertisements
    • Some are spyware or malware
  155. Denial of Service (DoS)
    • Denial of Service -
    • Prevents access to resources for authorized users
    • Common DoS attacks: - prevent access to resources bt users authorized to use those resources. Most simple DoS attack oocur from a single, and a specific server or organization is the target
    • Ping-of-Death
    • Land Attack
    • teardrop
    • SYN Flood
  156. TCP SYN or TCP ACK Attack
    • Attacker sends a succession of SYN requests to a target
    • Can be Mitigated on most modern networks
  157. DDoS
    • Amplifies a DoS by using multiple computers to conduct an attack against a single entity (Smurf Attack)
    • Compromised systems are referred to as Bots or Zombies
  158. MitM
    • Man-in-Middle Attacks
    • Occurs when someone/-thing intercepts data and retransmits to another entity
  159. Session Hijacking
    Information (credentials) captured over a network and replayed later
  160. Spoofing
    Spoofing is a situation in which one person or program successfully masquerades as another by falsifying data
  161. IP Address spoofing
    Is creation of TCP/IP packets using someones else IP Address
  162. MAC spoofing
    is a technique for changing a factory-assigned media Access Contol (MAC) address of a network interface on a networked device.
  163. ARP Poisoning
    An attacker (on the same switched network) forges ARP replies to a vitim system and device like the default gateway.
  164. Xmas Attack
    • Scans/attack conducted with Xmas packets
    • Packet with every single option set for whatever protocol is in use
    • By oberving how a host responds to the packet, assumptions can be made regarding the host's operating system
  165. Transitive Access
    • A service that involvs another service to satisfy an initial request
    • Problem arises from a poor choice of access control mechanism, one that uses auth to make access secisions
  166. SPIM
    SPAM over Instant Messaging
  167. SPIT
    SPAM ocer Internet telephony
  168. Phishing Attacks
    Uses social engineering (Emails) to steal personal identity data and financial account credentials
  169. Spear Phishing
    Email/IM scam to a particular target, some inside information about the organization or individual is needed
  170. SHE
    Structured Exception Handler
  171. Cross-Site Scripting (XSS)
    • Vulnerability where an attacker can add comments/code to web pages which allows code injection
    • Code could redirect valid data to the attacker
    • Typically found in web pages

    • Safeguards- Input validation
    • Disable the running of scripts
    • Keep browser and apps updated
    • Keep web server app updated
  172. XSRF
    • Cross-site Request Forgery - Session Riding
    • One-Click attack
  173. SQL Injection
    Code injected into a database via a web form
  174. LDAP Injection
    Can occur anywhere that underlying code use some type of input for LDAP searches, queries or any other LDAP function
  175. XML Injection
    • Attack technique used to manipulate or compromise the logic of an XML app or service
    • Injection can cause the insertion of malicious content into the resulting messgae/document
  176. Cookies
    • Text file associated with your current web session and/or user information for a site
    • Save your internet activity locally (not data)
    • Browsers offer setting to help control vulnerabilities from cookies
    • Transient vs Persistant cookies
  177. Authenticode
    Code signing mechanism, identifying the publisher
  178. Zero Day Attacks
    • Thrat that exploits vulnerabilities thst are unknown to others or the software developer
    • Occur during the vulnerabilities window

    Defense - Firewall (Comptia) No defense, until sig comes out
  179. Port 22
    SSH Secure Shell
  180. Port 115
    SFTP - Simple File Transfer Potocol
  181. Port 119
    NNTP - Network News Transfer Potocol
  182. Phyiscal Security
    Which shields the organizaton from attackes attempting to gain access to it's premises; examples includes sensors, alarms, cameras, and motion detectors.
  183. EF
    Exposure Factor
  184. SLE
    Single Loss Expectancy
  185. ARO
    Annualized Rate of Occurrence
  186. ALE
    Annualized Loss Expectancy
  187. RAID Level 0
    • Striping
    • Highest Performance
    • No Redundancy 1 fall = all fail
    • Minimal of 2 Disks
  188. RAID Level 1
    • Mirroring
    • Duplicates data on the disks
    • Expensive; double cost of storage
  189. RAID Level 0+1
    • Striping with dedicated parity
    • Excellent Performance; fault tolerance
    • Write requests suffer from same single parity-drive
  190. RAID Level 3/4
    • Striped with dedicated parity
    • Excellellent performance; fault
    • Writes request suffer from same single parity-drive
  191. RAID Level 5
    • Clock-level striping with distributed parity
    • Best cost/performance for networks; high performance; high data protection
    • Write performance is slower than RAID 0 or RAID 1
    • RAID 5 uses Databases, Min 3 Disks
    • RAID 6 needs 4 or more disks
  192. ISA
    Interconnection Security Agreement
  193. MOU
    Memorandum of Understanding
  194. SLA
    Service Level Agreement

    • MTBF - Mean Time Between Failures
    • MTTR - Mean Time to  Repair
    • MTD   - Maximum Tolerable Downtime 
  195. Fuzzing
    • Used to test for security problems in software or computer systems
    • Used in large software development projects that employ black-box testing
    • An assurance of overall quality rather than a bug-finding tool
    • Often finds odd oversights and defects which human tersters would fail to find
  196. CB
    • Configuration Baseline -
    • Establishes the mandatory settings that systems must have in place to be accepted for use in the network
  197. Application Hardening
    Aplication headening is the process to address aplication security weakness by implementing ther latest software patches. The three main areas requiring hardening are operating system, network and applications
  198. WSUS
    • Windows Server Update Services
    • Keep application patches current
    • Vendors post patches on regular basis
    • Large numbers of attacks today targets client systems
  199. Data in Transit
    Data moving between devices across an internal or external network
  200. TPM
    • Trusted Plaform Module - Bitlocker
    • A microcontoller that stores keys, passwords, and digital certificates
    • Typically affixed to the motherboard of a PC
    • More secure from extermal software attack and phyical theft
Card Set
Show Answers