CEH Deck 4 Flashcards
continue with glossary definitions
replay attack
An attack where the hacker repeats a portion of a cryptographic cryptographic exchange in hopes of fooling the system into setting up a communications channel.
request for comments (RFC)
A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
reverse lookup; reverse DNS lookup
Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
reverse social engineering
A social engineering attack that manipulates the victim into calling the attacker for help.
script kiddie
A derogatory term used to describe an attacker, usually new to the field, who uses simple, easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
secure channel
A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder, delete, insert, or read information.
Secure Multipurpose Mail Extension (S/MIME)
A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Secure Sockets Layer (SSL)
A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce, banking, and other sites requiring privacy.
Temporal Key Integrity Protocol (TKIP)
A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
third party
A person or entity indirectly involved in a relationship between two principals.
threat
Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
three-way (TCP) handshake
A three-step process computers execute to negotiate a connection with one another. The three steps are SYN, SYN/ACK, and ACK.
tiger team
A group of people, gathered together by a business entity, working to address a specific problem or goal.
time bomb
A program designed to execute at a specific time to release malicious code onto the computer system or network.
time to live (TTL)
A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
virtual local area network (VLAN)
Devices, connected to one or more switches, grouped logically into a single broadcast domain.
Administrators can divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
virtual private network (VPN)
A technology that establishes a tunnel to create a private, dedicated, leased-line network over the Internet.
The data is encrypted so it’s readable only by the sender and receiver.
Companies commonly use VPNs to allow employees to connect securely to the company network from remote locations.
virtualization
A practice whereby the physical aspects of the hardware are virtually presented to operating systems in a way that allows one or more virtual machines (with their own operating systems) to run simultaneously on the same physical box.
virus
A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
virus hoax
An e-mail message that warns users of a nonexistent virus and encourages them to pass on the message to other users.
white-box testing
A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator or similar level.
Whois
A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address, or an autonomous system.
wide area network (WAN)
Two or more LANs connected by a high-speed line across a large geographical area.
