800 Flashcards
Layer 1 of the OSI Model
Application
Layer 2 of the OSI Model
Presentation
Layer 3 of the OSI Model
Session
Layer 4 of the OSI Model
Transport
Layer 5 of the OSI Model
Network
Layer 6 of the OSI Model
Data Link
Layer 7 of the OSI Model
Physical
A network database that contains a listing of all network resources - such as users - printers - groups - and so on.
directory
A network service that provides access to a central database of information - which contains detailed information about the resources available on a network.
directory service
A method of communication between wireless receivers.
direct-sequence (DS)
A communications technology that is used to communicate in the 802.11 standard. It accomplishes communication by adding the data that is to be transmitted to a higher-speed transmission
direct-sequence spread spectrum (DSSS)
The act of recovering data following a disaster that has destroyed the data.
disaster recovery
The procedure by which data is recovered after a disaster.
disaster recovery plan
A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.
Discretionary Access Control (DAC)
Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk faults.
disk mirroring
Technology that enables writing data to multiple disks simultaneously in small portions called stripes.
disk striping
A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails - the data on it can be recreated by looking at the remaining data and computing parity to figure out the missing data.
disk striping with parity
A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target.
Distributed Denial of Service (DDoS) attack
Any server that performs host name-to-IP address resolution.
DNS server
An area in the DNS hierarchy that is managed as a single unit.
DNS zone
Within the Internet - this is a group of computers with shared traits and a common IP address set.
domain
The network service used in TCP/IP networks that translates host names to IP addresses.
Domain Name Service (DNS)
A host that resides on more than one network and posses more than one physical network card.
dual-homed host
A keyboard and monitor that send keystrokes to a central processing computer (typically a mainframe or minicomputer) that returns screen displays to the monitor. The unit has no processing power of its own.
dumb terminal
Looking through trash for clues–often in the form of paper scraps–to users’ passwords and other pertinent information.
dumpster diving
Two hard drives to which identical information is written simultaneously. A dedicated controller card controls each drive. Used for fault tolerance.
duplexed hard drives
Two servers that are identical - for use in clustering.
duplicate servers
A protocol used on a TCP/IP network to send client configuration data - including TCP/IP address - default gateway - subnet mask - and DNS configuration - to clients.
Dynamic Host Configuration Protocol (DHCP)
A type of firewall used to accept or reject packets based on their contents.
dynamic packet filtering
The use of route-discovery protocols to talk to other routers and find out what networks they are attached to. Routers that use dynamic routing send out special packets to request updates from the other routers on the network as well as to send their own updates.
dynamic routing
A TCP/IP port used by an application when needed. The port isn’t constantly used.
dynamically allocated port
Any type of passive attack that intercepts data in an unauthorized manner–usually in order to find passwords.
eavesdropping
The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable. The result is degradation of the signal.
electromagnetic interference (EMI)
A type of public key cryptosystem that requires a shorter key length than many other cryptosystems (including the de facto industry standard - RSA).
Elliptic Curve Cryptosystem (ECC)
A header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).
Encapsulating Security Payload (ESP)
The process of translating data into signals that can be transmitted on a transmission medium.
encoding
The process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can’t decrypt it.
encryption
A string of alphanumeric characters used to decrypt encrypted data.
encryption key
The process of luring someone.
enticement
The process of encouraging an attacker to perform an act - even if they don’t want to do it.
entrapment
An attempt to gain information about a network by specifically targeting network resources - users and groups - and applications running on the system.
enumeration
The act of moving something up in priority. Often - when an incident is escalated - it’s brought to the attention of the next highest supervisor.
escalation
A shared-media network architecture. It operates at the Physical and Data Link layers of the OSI model.
Ethernet
A level of assurance - expressed as a numeric value - based on standards set by the CCRA (Common Criteria Recognition Agreement).
Evaluation Assurance Level (EAL)
Any noticeable action or occurrence.
event
A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack - the exposure factor is 100 percent.
exposure factor
A threat that originates from outside the company.
external threat
Web (or similar) services set up in a private network to be accessed internally and by select external entities - such as vendors and suppliers.
extranet
Examining data leaving the network for signs of malicious traffic.
extrusion
Programs that provide additional functionality to Web browsers.
Add-ons
Part of the TCP/IP protocol for determining the MAC address based on the ip address.
Address Resolution Protocol (ARP)
An attack that corrupts the ARP cache.
ARP poisoning
Files that are coupled to e-mail messages.
Attachments
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Buffer Overflow
An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data.
Client-side Attack
A file on a local computer in which a server stores user-specific information.
Cookie
Injecting and executing commands to execute on a server.
Command Injection
An attack that injects scripts into a Web application server to direct attacks at clients.
Cross-site Scripting (XSS)
An attack that attempts to prevent a system from performing its normal functions.
Denial of Service (DoS)
An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.
Directory Traversal
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
Distributed Denial of Service (DDoS)
An attack that substitututes DNS addresses so that the computer is automatically redirected to another device.
DNS Poisoning
A hierarchical name system for matching computer names and numbers.
Domain Name System (DNS)
A cookie that is created from the Web site that currently is being viewed.
First-party Cookie
A cookie named after the Adobe Flash player.
Flash Cookie
A list of the mappings of names to computer numbers.
Host Table
Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.
HTTP Header
Modifying HTTP headers to create an attack.
HTTP header manipulaatioon
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
Man-in-the-Middle
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.
Persistent Cookie (tracking cookie)
A utility that sends an ICMP (Internet Control Message Protocol) echo request message to a host.
Ping
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
Ping Flood
An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
Privilege Escalation
An attack that makes a copy of the transmission before sending it to the recipient.
Replay
A cookie that is only used when a browser is visiting a server using a secure connection.
Secure Cookie
A cookie that is stored in Random Access Memory (RAM) - instead of on the hard drive - and only lasts for the duration of visiting a Web site.
Session Cookie
An attack in which an attacker attempts to impersonate the user by using his session token.
Session Hijacking
A form of verification used when accessing a secure Web application.
Session Token
An attack that broadcasts a ping request to all computers on the network yet changes the address from which the quest came to that of the target.
Smurf Attack
Impersonating another computer or device.
Spoofing
An attack that targets SQL servers by injecting commands to be manipulated by the database.
SQL Injection
An attack that takes advantage of the procedures for initiating a TCP session.
SYN Flood Attack
A cookie that was created by a third party that is different from the primary Web site.
Third-Party Cookies
An attack involving using a third party to gain access rights.
Transitive Access
A markup language that is designed to carry data instead of indicating how to display it.
XML (Extensible Markup Language)
An attack that injects XML tags and data into a database.
XML Injection
Attacks that exploit previously unknown vulnerabilities
Zero Day Attacks
What are the three vulnerability control types?
Technical - Management and Operational
What are the three primary functions of controls?
Preventative - detective and corrective
The National Institue of Standards and Technology
NIST
Information Technology Laboratory
ITL
Uses technology to reduce vulnerabilities.
Technical Control
Specifies that individuals or processes are granted only rights and permissions needed to perform their assigned tasks or functions - but no more
Least Privelege
Provides protection against infection from malicious software and viruses
Antivirus software
Monitors a network or host for intrusions and provides ongoing protection against various threats
Intrusion Detection Systems (IDSs)
Restricts network traffic going in and out of a network
Firewall
Use planning and assessment methods to provide an ongoing review of the organization’s ability to reduce and manage risk.
Management Controls
Helps quantify and qualify risks within an organization so that they can focus on serious risks.
Risk assessments
Attempts to discover current vulnerabilities
Vulnerability assessments
Helps ensure that day-to-day operations of an organization comply with their overall security plan
Operational Controls
