300 Flashcards
A message and management protocol for TCP/IP
Internet Control Message Protocol (ICMP)
An international organization that works under the Internet Architecture Board to establish standards and protocols relatings to the Internet
Internet Engineering Task Force (IETF)
The network layer responsible for routing - IP addressing - and packaging
Internet layer
A protocol with a store-and-forward capability
Internet Message Access Protocol (IMAP)
The protocol in the TCP/IP suite responsible for network addressing
Internet Protocol (IP)
A set of protocols that enable encryption - authentication - and integrity over IP
Internet Protocol Security (IPSec)
A professional membership group composed primarily of Internet experts
Internet Society (ISOC)
The act of entering a system without authorization to do so
intrusion
Tools that identify and respond to attacks using defined rules or logic
intrusion detection system (IDS)
Penetration-type testing that involves trying to break into the network
intrusive tests
Making the data look as if it came from a trusted host when it didn’t (thus spoofing the IP address of the sending host)
IP spoofing
A protocol that enables the creation of storage area networks (SANs) and is used in sending storage-related commands over IP networks
iSCSI (Internet Small Computer Systems Interface)
An attack that involves looking at repeated results in order to crack the WEP secret key
IV attack
Purposely obstructing or interfering with a signal
jamming
A policy of rotating employees through various jobs
job rotation policy
The ability of a filesystem to use a log file of all changes and transactions that have occurred within a set period of time (for example - the last few houres) If a crash occurrs - the operating system can look at the log files to see what transactions have been committed and which ones have not
journaling
An authentication scheme that uses tickets (unique keys) embedded within messages
Kerberos
A principle that states that the security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself
Kerckhoffs’s principle
An organization or facility that generates keys for users and is a part of Kerberos
key distribution center (KDC)
An agency that stores keys for the purpose of law-enforcement access
key escrow agency
A method of offering mutual authentication and establishing data encryption keys
Key Exchange Algorithm (KEA)
The act of creating keys for use by users
key generation
The temporary deferment of a key for a period of time (such as for a leave of absence
key suspension
The wait time between the call for an action or activity and the actual execution of that action
latency
The concept that access differs at different levels
lattice-based control
A tunneling protocol often used with virtual private networks (VPNs) L2F was developed by Cisco
Layer 2 Forwarding (L2F)
A tunneling protocol that adds functionality to the Point-to-Point (PPP) This protocol was created by Microsoft and Cisco - and it is often used with virtual private networkds (VPNs)
Layer 2 Tunneling Protocol (L2TP)
Exploiting weaknesses in LDAP (Lightweight Directory Access Protocol) Implementations by not properly filtering input
LDAP injection attack
A permission method in which users are granted only the privileges necessary to perform their job function
least privilege
The policy of giving a user only the minimum permissions needed to do the work that must be done
least privilege policy
A set of protocols that was derived from x
Lightweight Directory Access Protocol (LDAP)
An authentication protocol created by Cisco as an extension to EAP
Lightweight Extensible Authentication Protocol (LEAP
Assigning a quantitative number to the chance that something will occur
likelihood
Limiting network access to a list of the MAC addresses associated with known users computers
MAC filtering
A software exploitation virus that works by using the macro feature included in many applications - such as Microsoft Office
macro virus
Any code that is meant to do harm
malicious code
A threat from someone inside the organization intent on doing harm
malicious insider threat
A security policy in which labels are used to identify the sensitivity of objects
Mandatory Access Control
A policy requiring earned vacation time be used or lost
mandatory vacation policy
An attack that occurs when someone/something that is trusted intercepts packets and retransmits them to another party
man-in-the-middle
A device - such as a small room - that limits access to one or a few individuals
mantrap
The measurement of the anticipated incidence of failure of a system or component
mean time between failures (MTBF)
The measurement of the average of how long it takes a system or compnent to fail
mean time to failure (MTTF)
The measurement of how long it takes to repair a system or component once a failure occurs
mean time to restore (MTTR)
A sublayer of the Data Link layer of the Open Systems Interconection (OSI) model that controls the way multiple devices use the same media channel
Media Access Control (MAC)
A trust model that expands the concepts of the bridge model by supporting multiple paths and multiple root certificate authorities
mesh trust model
A common method of verifying integrity
Message Authentication Code (MAC)
The cryptographic hash containing a string of digits within a message
message digest
In a three-tier database model - this server accepts requests from clients - evaluates them - and then sends them on to the database server for processing
middle-tier server
An intrusion detection system that works by detecting misuse
misuse-detection IDS (MD-IDS)
Residing on more than one network
multihomed
A virus that attacks a system in more than one way
multipartite virus
Whenever two or more parties authenticate each other
mutual authentication
An agency (formerly known as the National Bureau of Standards [NBS]) that has been involved in developing and supporting standards for the US government for over 100 years
National Institute of Standards and Technology (NIST)
The US government agency responsible for protecting US communications and producing foreign intelligence information
National Security Agency (NSA
An organization with the purpose of collecting “known - traceable software applications” through their hash values and storing them in a Reference Data Set (RDS) for law enforcement
National Software Reference Library (NSRL
Technology that requires a user to bring the client close to the AP in order to verify (often through the RFID or Wi-Fi) that the device is present
near field communication (NFC)
An early networking protocol from Microsoft
NetBIOS
The set of standards defined by the network for clients attempting to access it
network access control (NAC)
A server that acts as a go-between for clients accessing the Internet
Network Address Translation (NAT)
The protocol Point-to-Point Protocol (PPP) employs for encapsulating network traffic
Network Control Protocol (NCP)
An intrusion prevention system that is network based
network intrusion prevention system (NIPS)
Another term for MAC filtering
network lock
An approach to an intrusion detection system (IDS) - it attaches the system to a point in the network where it can monitor and report on all network traffic
network-based IDS (NIDS)
Penetration/vulnerability testing that takes a passive approach rather than actually trying to break into the network
nonintrusive tests
Making sure the sender can’t repudiate (dispute) sending the data
nonrepudiation
A database that is not a relational database and does not use SQL
NoSQL database
Storing data off the premise - usually in a secure location
offsite storage
An antenna type that receives a signal from all directions
omnidirectional
A database model in which the database and the application exist on a single system
one-tier model
A type of encryption in which plain text is paired with secret keys and then encrypted
one-time pad
A real-time protocol that replaces CRLs to immediately verify a certificate’s authenticity
Online Certificate Status Protocol (OCSP
Storing backup data at the same site as the servers on which the original data resides
onsite storage
A firewall technology that accepts or rejects packets based on their content
packet filtering
The process of looking through message packets to find data
packet sniffing
The computation of parity for a given set of data
parity information
The correct method of extinguishing a fire with an extinguisher: pull - aim - squeeze and sweep
PASS method
A nonactive response - such as logging
passive response
Attempting to ascertain a password that you should not know
password attacks
A fix for a known software problem
patch
Password-Based Key Derivation Function 2 applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key
PBKDF2
Security set up on the outside of the network or server to protect it
perimeter security
Card required of federal employees and contractors to gain access (physical and logical) to government resources
Personal Identity Verification (PIV)
Information that can be uniquely used to identify - contact - or locate a single person
personally identifiable information (PII)
A virus that modifies and alters other programs and databases
phage virus
A form of redirection in which traffic intended for one host is sent to another
pharming
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request
phishing
A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host’s bugger
ping of death
Standard telephone service - as opposed to other connection technologies like Digital Subscriber Line (DSL)
plain-old telephone service (POTS)
A cloud service model wherein the consumer can deploy but does not manage or control any of the underlying cloud infrastructure
Platform as a Service (PaaS)
When portable data storage devices (such as an iPod) are plugged directly into a machine and used to bypass the network security measures and illicitly download confidential information
pod slurping
A full-duplex line protocol that supersedes Serial Line Internet Protocol (SLIP) Its part of the standard TCP/IP suite and is often used in dial-up connections
Point-to-Point Protocol (PPP)
An extension to Point-to-Point Protocol (PPP) that is used in virtual private networks (VPNs) An Alternative to PPTP is L2TP
Point-to-Point Tunneling Protocol (PPTP)
Rules or standards governing usage
policies
An attribute of some viruses that allows them to mutate and appear differently each time they crop up
polymorphic
A means of translating between ports on a public and private network
Port Address Translation (PAT)
Scanning a server for open ports that can be taken advantage of by sending messages to ports to see which ones are available and which ones arent
port scanning
Connections available within TCP/IP
ports
An email access program that can be used to retrieve email from an email server
Post Office Protocol (POP)
The protocol used to download email from an SMTP email server to a network client
Post Office Protocol Version 3 (POP3)
