01- Intro to Ethical Hacking Flashcards
Active Directory
Windows based central domain controller that grants access to authorized users, storing credentials in a centralized database.
Workgroup
Contrary to Active Directory, workgroup user maintain security principals on their own systems.
LDAP
standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network, Lightweight Directory Access Protocol
SIDs
Security Identifiers: Unique ID numbers that identify security principle objects
Attack
occurs when a system is compromised based on a vulnerability by an unknown exploit
Availability
authorized personnel accessing the data at appointed times. Involves a comprehensive planning of hardware, software, facility, people, and connectivity.
Black hat
malicious hackers that try to hack systems with malicious intent
CIA Triad
a model promoted to define and practice policies related to information security; uses confidentiality, integrity, and availability
Confidentiality
keeping access to the information only to the intended audience; does two things: ensures that the right people get the intended information and prevents sensitive information from reaching the wrong people
Defense
In-depth the use of layered security mechanisms; the layers could be data, applications, host levels, Internet networks, perimeter levels, physical securities, etc.
Ethical Hacking
testing the resources for a good cause and for the betterment of technology; another term for “penetration testing.”
Exploit
written to take advantage of a vulnerability
External Testing
focused on the server’s infrastructure and underlying software pertaining to the target
Gray hat
hackers that can aid companies in informing them about any vulnerabilities they have found, but are not hired by the companies to perform such tests
Hacking
the skill of exploring various security breaches and posting unwanted content on websites, stealing data, etc.; concentrates on exploits and vulnerabilities
Human threats
insiders who have authorization to access systems, and hackers who use exploits to attack
Integrity
maintaining the sanctity of information and keeping the data accurate throughout its life, whether it is on the same computer or shared over a network
Malware
any type of program that is created with the intent to cause damage, steal data, or abuse computer system resources; includes computer viruses, worms, and Trojan horses
Natural threats
can be a flood causing areas to be waterlogged, or a hurricane or a tornado causing a lot of damage.; often impact the availability of systems
Patch
a fix to a vulnerability
Penetration Testing
uses the same methods a hacker uses to gain unauthorized access to a network or system with a view to compromise them, but uses the methods to help companies
Script Kiddies
naïve hackers try hard to get their hands on such zero day attacks, instead of writing their own
Technology threats
caused by malware, zero-day attacks, exploits, or web attacks
Vulnerability
a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage
White hat
gets permission from the data owner before any hacking and use their hacking skills for defensive purposes only. They use their knowledge and skills to locate weaknesses and implement countermeasures and for defense purposes and preventing losses.
Zero day Attack
exploits that have not been published
