600 Flashcards
92 - 128 - 256 bit bit/key strength
AES
168 bit/key strength
3DES
160 bit/key strength
SHA-1 bit/key strength
128 bit/key strength
MD5 bit/key strength
MSCHAPv2
Microsoft’s authentication protocol
a legacy suite of Microsoft security protocols that provides authentication - integrity - and confidentiality
NTLM
Stop gap replacement for WEP while hardware was upgraded to support full WPA
TKIP(Temporal Key Integrity Protocol)
Allows single file encryption
EFS
Social media sites fuel what type of attacks?
Cognitive password attacks
encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.
PEAP(Protected Extensible Authentication Protocol)
encrypts a chunk of bits at a time before sending them over the network.
Block cipher
a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others’ identity
mutual authentication
Strongest access control
MAC
limiting MAC addresses to a port prevents what?
Rogue access points
Where
Bitlocker
Plain text and cipher text are always the same size
block cipher
Secure a router in an unsecured closet?
disable the console port
a system that is designed to detect potential data breach
DLP(data loss prevention)
Personal Electronic Device
PED
Disable what to prevent a web server from being used as a mail relay?
SMTP
Mitigate ARP spoofing attacks?
Flood guards
Cisco: block tftp and record it?
deny udp any server eq 69 log
Protect from zero day attacks?
HIPS
Triple A Services
Authorization - Authentication - Accounting
Query packet for remote identification - lights up multiple flag fields?
XMAS
Username - password & PIN?
single factor authentication
Smartcards vs key punch?
eliminates shoulder surfing
Keys needed to decrypt encrypted data are held in escrow so that an authorized third party may gain access to those keys.
key escrow
A network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain - runs on each domain controller
Kerberos Key Distrobution Center
Deploys quickly and cleanly and won’t leave behind oily residue - particulate - or water.
FM-200
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
Changes to code and the ability to deploy
used to encrypt plaintext or to verify a digital signature
public key
the use of different keys to perform these opposite functions - each the inverse of the other
asymmetric
the same key to perform both encryption & decryption
symmetric cryptography
Provides centralized Authentication - Authorization - and Accounting (AAA). Layer 7 UDP -
radius
the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL)
rc4
Chap (challenge-handshake authentication protocol)
Server sends a challenge the host - who responds with a value obtained by using a one-way hash function. The server compares it to its own calculation of the expected hash value
Key length of 168 bits (three 56-bit DES keys) - but due to the meet-in-the-middle attack - the effective security it provides is only 112 bits.
3des
Configuring mode - encryption methods and security associations are part of?
IPSec
Authentication to TCP 49?
TACACS+
Enforces permissions based on data labeling?
Mandatory Access Control (Least Privilege)
Goal for acceptable downtime during a disaster or other contingency?
Recovery Time Objective
What are certificates for?
code signing - client authentication
What device potentially has a DMZ interface?
firewall
What should follow patch deployment?
Audit and verification
How to ensure users only have access during certain hours?
Time of day restrictions
What logs do you use when you need to know if people are trying to access a host?
Security Logs
What technologies could be used to provide remote access?
firewall & VPN
Smart cards for remote authentication are susceptible to what?
Malicious code on the local system
Best tool to check user password complexity?
password cracker
How to recover a forgotten password?
brute force
What is needed on a server that stores private keys?
hardware security module
A certificate authority takes what action in PKI?
issues and signs root certificates
Why is input validation important?
Mitigates buffer overflow
An inexpensive way to to deter physical intrutions?
fake cameras
3rd party access to data
Common security concern for cloud computing?
Counter measure for SQL injection?
input validation
Congestion on firewall and half-open connections?
DDoS
Employee badges?
Smartcard
Interferes with network-based detection techniques?
SSL
Random test data generated by an automated system?
Fuzzing
Analyze a malicious payload?
protocol analyzer
when a hash function produces the same hash value for two different sets of data
Collision
Unauthorized access via Bluetooth
Bluesnarfing
social engineering over telephone system
Vishing
Physical accquisition of discarded data
Dumpster diving
tbd
Cross-site scripting
Open Source on-the-fly encryption
TrueCrypt
Asset Value x Exposure Factor
SLE Single Loss Expectancy
VLAN Ethernet standard
802.1q
Users can grant other access
Discretionary Access Control
Supports VPNs - combined with IPsec to provide security
L2TP
Authenticates and/or encrypts each IP packet of a communication session.
IPsec
Predecessor or TLS - developed by Netscape. Asymmetric cryptography for authentication and confidentiality of the key exchange - symmetric encryption for data/message confidentiality - and message authentication codes for message integrity
SSL
TLS
Is initialized at layer 5 (the session layer) then works at layer 6 (the presentation layer)
Also known as Triple DES. A block cipher algorithm used for encryption.
3DES
The standard that provides for bandwidths of up to 54Mbps in the 5GHz frequency spectrum.
802.11a
The standard that provides for bandwidths of up to 11Mbps in the 2.4GHz frequency spectrum. This standard is also called WiFi or 802.11 high rate.
802.11b
The standard that provides for bandwidths of 20Mbps+ in the 2.4GHz frequency spectrum.
802.11g
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.
acceptable use policy
An attack aimed at gaining access to your resources
access attack
The meansof giving or restricting user access to network resources.
Access Control
List of rights that an object has - to resources on a network.
Access Control List (ACL)
The point at which access to a network is accomplished. This term is often used in relation to WAP (Wireless Access Point).
access point (AP)
The act of being responsible for an item. The administrator is often accountable for the network and the resources on it.
accountability
The act of keeping track of activity.
accounting
A message confirming that a data packet was received. This occurs at the Transport layer of the OSI model.
acknowledgment (ACK)
The replacement for NT Directory Service (NTDS) that is included with Windows 2000/2003.
Active Directory
A response generated in real time.
active response
Also known as TCP/IP hijacking. This involves an attacker gaining access to a host in the network and logically disconnecting it from the network.
active sniffing
A technology implemented by Microsoft that allows customized controls - icons - and other features to increase the usability of web-enabled systems.
ActiveX
Any action undertaken by a user.
activity
A network created when two RF-capable devices are brought within transmission range of each other. A common example is handheld PDAs beaming data to each other.
ad hoc RF network
Protocol used to map MAC (physical) addresses to IP addresses.
Address Resolution Protocol (ARP)
These work by looking for deviations from a pattern of normal network traffic.
AD-IDS
A set of rules that govern administrative usage of the system.
administrative policies
The user who is accountable and responsible for the network.
administrator
A FIPS publication that specifies a cryptographic algorithm for use by the U.S. government.
Advanced Encryption Standard (AES)
Software that gathers information to pass on to marketers - or intercepts personal data such as credit card numbers.
Adware
A header used to provide connectionless integrity and data origin authentication for IP datagrams - and used to provide protection against replays.
AH (Authentication Header)
