500 Flashcards
Filters that try to eliminate unwanted - unsolicited email sent in bulk
spam filters
A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party
spear phishing
An attempt by someone or something to masquerade as someone/something else
spoofing
Software programs that work—often actively—on behalf of a third party
spyware
A replacement for FTP that allows secure copying of files from one host to another
SSH File Transfer Protocol (SFTP)
An access point’s broadcasting of the network name
SSID broadcast
Derived from policies - a standard deals with specific issues or aspects of a business
standard
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel
stateful inspection
A virus that attempts to avoid detection by masking itself from applications
stealth virus
The science of hiding information within other information - such as a picture
steganography
A method of encryption that encrypts streams of data rather than blocks
stream cipher
A database language that allows queries to be configured in real time and passed to database servers
Structured Query Language (SQL)
Using subnet values to divide a network into smaller segments
subnetting
A method of encryption in which one letter or item is substituted for another
substitution cipher
An outline of those internal to the organization who have the ability to step into positions when they open
succession planning
A network device that can replace a router or hub in a local network and get data from a source to a destination
switches
The keys used when the same key encrypts and decrypts data
symmetrical keys
A snapshot of what exists
system image
An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them
tabletop exercise
Following someone through an entry point
tailgating
Controls that rely on technology
technical controls
A protocol that functions at the Application layer of the OSI model - providing terminal emulation capabilities
Telnet
A wrapper that works with wireless encryption to strengthen WEP implementations
Temporal Key Integrity Protocol (TKIP)
An authentication system that allows credentials to be accepted from multiple methods - including Kerberos
Terminal Access Controller Access-Control System (TACACS)
Any perceivable risk’s area of attack
threat vector
A database model that effectively isolates the end user from the database by introducing a middle server
three-tier model
A form of trust relationship often used between domains
transitive access
Trust gained because one party (A) trusts another party (B) - which then trusts another party ( C ) Since (B) trusts ( C ) then a relationship can exist where the first party (A) also may trust the third (c )
transitive trusts
The protocol found at the Host-to-Host layer of the Department of Defense (DoD) model
Transmission Control Protocol (TCP)
A protocol whose purpose is to verify that secure communications between a server and a client remain secure
Transport Layer Security (TLS)
An encryption method that involves transposing or scrambling the letters in a certain manner
transposition cipher
A symmetric block cipher algorithm used for encryption
Triple-DES (3DES)
A UDP-based protocol similar to FTP that doesn’t provide the security or error-checking features of FTP
Trivial File Transfer Protocol (TFTP)
Any application that masquerades as one thing in order to get past scrutiny and then does something malicious
Trojan horse
Any operating system that meets the government’s requirement for security
trusted operating system (TOS)
A method of using encryption and storing the passwords on a chip
Trusted Platform Module (TPM)
The act of sending data across a public network by encapsulating it into other packets
tunneling
Using two access methods as a part of the authentication process
two-factor authentication
A database model in which the client workstation or system runs an application that communicates with the database that is running on a different server
two-tier model
Virtualization method that is independent of the operating system and boots before the OS
Type I hypervisor
Virtualization method that is dependent on the operating system
Type II hypervisor
Creating domains that are based on the misspelling of another
typo squatting
A device that can provide short-term power - usually by using batteries
uninterruptible power supply (UPS)
Registering domains that are similar to those for a known entity but based on a misspelling or typographical error
URL hijacking
The protocol at the Host-to-Host layer of the TCP/IP Department of Defense (DoD)model - which corresponds to the Transport layer of the OSI model
User Datagram Protocol (UDP)
Eavesdropping on CRT and LCD displays by detecting their electromagnetic emissions
Van Eck phreaking
A multialphabet substitution cipher
Vigenère cipher
A local area network (LAN) that allows users on different switch ports to participate in their own network - separate from but still connected to the other stations on the same or a connected switch
virtual local area network (VLAN)
A system that uses the public Internet as a backbone for a private interconnection (network) between locations
virtual private network (VPN)
Emulating one or more physical computers on the same host
virtualization
A program intended to damage a computer system
virus
Combining phishing with Voice over IP (VoIP)
vishing
The amount of time that you have to collect certain data before a window of opportunity is gone
volatility
Identifying specific vulnerabilities in your network
vulnerability scanning
Markings left - often written in chalk - by those who discover a vulnerability that provides a way into the wireless network
war chalking
Driving around with a laptop looking for open wireless access points with which to communicate
war driving
A site that provides some capabilities in the event of a disaster
warm site
Identifying a site that is visited by those that they are targeting -
watering hole attack
A firewall that can look at every request between a web client and a web server and identify possible attacks
web application firewall (WAF)
Another term for social engineering
wetware
Phishing only large accounts
whaling
A wireless network operating in the 2.4 GHz or 5 GHz range
Wi-Fi
The second version of WPA
Wi-Fi Protected Access 2 (WPA2)
An authentication process that requires the user to do something in order to complete the enrollment process
Wi-Fi Protected Setup (WPS)
A Microsoft API used to interact with TCP/IP
Windows Sockets (Winsock) API
A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network
Wired Equivalent Privacy (WEP)
A connection device used for clients in a radio frequency (RF) network
wireless access point
Technology designed for use with wireless devices
Wireless Application Protocol (WAP)
Language used for Internet displays WAP-enabled devices can also respond to script
Wireless Markup Language (WML)
The security layer of the Wireless Applications Protocol (WAP) WTLS provides authentication - encryption - and data integrity for wireless devices
Wireless Transport Layer Security (WTLS)
The copy of the data currently in use on a network
working copy backup
An association concerned with interoperability - growth - and standardization of the World Wide Web (WWW) This group is the primary sponsor of XM: and other web-enabled technologies
World Wide Web Consortium (W3C)
The working group formed by the IETF to develop standards and models for the PKI environment
X.509
An advanced attack that tries to get around detection and send a packet with every single option enabled
Xmas attack
A specification designed to allow XMLbased programs access to PKI services
XML Key Management Specification (XKMS)
An attack that begins the very day an exploit is discovered
zero-day exploit
Any system taking directions from a master control computer
zombie
Port 23
Telnet
Port: 20 - 21
FTP – File Transport Protocol
Port: 22
SSH – Secure Shell
Port: 23
Telnet
Port: 25
SMTP – Simple Mail Transport Protocol
Port: 53
DNS – Domain Name System
Port: 67 - 68
DHCP – Dynamic Host Configuration Protocol
Port: 69
TFTP – Trivial File Transport Protocol
Port: 80
HTTP – Hypertext Transfer Protocol
Port: 443
HTTPS – Hypertext Transfer Protocol Secure
Port: 443
SSL VPN – Secure Sockets Layer virtual private network
Port: 110
POP3 – Post Office Protocol version 3
Port: 123
NTP – Network Time Protocol
Port: 143
IMAP4 – Internet message access protocol version 4
Port: 161
SNMP – Simple Network Management Protocol
Port: 500
IPsec – Internet Protocol security (through the use of ISAKMP – Internet Security Association and Key Management Protocol)
Port: 3389
RDP – Remote Desktop Protocol
Secure file transfers via SSL?
FTPS (via 990)
Backdoor port
1337
Port 88
kerberos
Name 3 block cipher algorithms
3des - aes - blowfish
Use low bandwidth connections to direct botnets to DDoS users
Smurf
Uses the Diffie-Hellman algorithm as its required (and currently - its only defined) key-exchange method.
SSH-2
