CHAPTER 1-4 Flashcards
OSI Reference model
Application, Presentation, Session,Transport, Network, Data Link,Physical
TCP/IP Stack
Application,Transport,Internet,Network Access
Risk Management
Identifying organisational assets, threats to those assets and asset vulnerabilities, allowing the company to explore which countermeasures security personnel could put in place to minimize risks as much as possible (Identification,Assessment, Treatment, Tracking and Review)
Business impact Analysis
BIA - Effort to identify the systems and processes that are critical for operation.
Maxmium Tolerable Downtime
Provides a mean to prirotize the recovery of assets
IRT
Incident Response Team
ALE
Annualised loss expectancy - ARO (annual rate of occurrence) x SLE (single loss expectancy).
Single loss expectancy
Exposure factor x Value of Asset
Security Triad
Confidentiality (secrecy and privacy of information), Integrity (methods and actions taken to protect the information) and availability (communication systems and data being ready for use when legitimate user needs it)
Three main phases in a pen test
Preparation, Assessment and Conclusion
Five main phases of hacking
Reconnaissance, Scanning and Enumeration, Gaining Access, Maintaining Access and Covering Tracks
TOE
Target of evaluation
FISMA
Federal Information Security Modernization Act
HIPAA
Health Insurance Portability and Accountability Act
SOX
The Sarbanes-Oxley Act - Created to make corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior.
PCI-DSS
Payment Card Industry Data Security Standards - Security standard for organisations handling credit cards (consists of 12 requirements)
COBIT
Control Objects for Information and Related Technology created by Information System Audit and Control Association (ISACA) and IT Governance Institute (ITGI)
ISO/IEC 27001:2013
for creating, maintaining and improving organisations IS (Information Security)
OSSTMM
Open Source Security Testing Methodology Manual
Internet DMZ
Controlled buffer network between you and the uncontrolled chaos of the Internet
Internet
Outside the boundary and controlled
Production Network Zone
Restricted zone that strictly controls direct access from uncontrolled zones.
Intranet
Controlled zone that has little to no heavy restrictions
Management Network Zone
Highly secured zone with very strict policies
Anonymous Footprinting
Obscure source of all this information gathering
Pseudonymous Footprinting
Making someone else take the blame for actions
Benefits of Footprinting
Know the Security Posture
Reduce Focus Area
Identify vulnerabilities
Draw a network map
Active Footprinting
Requires attacker to touch the device network or resources
Passive Footprinting
Measures to collect information from publicly accessible sources (dumpster diving = passive)
Competitive Intelligence
Information gathered by a business entity about its competitors customers products and marketing
Website watchers
can be used to check web pages for changes, automatically notifying you when there is an update
DNSSEC
Domain Name System Security Extension - suite of IETF specifications for securing certain kinds of information provided by DNS
IANA
Internet Assigned Number Authority - Where IP management started
ICANN
Internet Corporation for Assigned Names and Numbers - Manages IP address allocation and a host of other things
whois
tool that queries registries and returns information, including domain ownership, addresses, locations and phone numbers.
nslookup
Tool used to query DNS servers for informations
dig
Dig is used to test a DNS query and report its results 1
Traceroute
Command line tool which tracks a packets across the internet (linux) UDP
Tracecert
Command line tool which tracks a packet across the internet (windows) ICMP
OSRFramework
Open Source Research Framework in python that helps you in the task of user profiling by making use of different OSINT tools
RIR
Regional Internet Registry
ARIN - American Registry of Internet Numbers
APNIC - Asian Pacific Network Information Centre
LACNIC - Latin America and Caribbean Network Information Centre
AfriNIC - African Network Information Centre
RIPE NCC - Europe, West Asia and former USSR
A Record
Maps host name to IPv4 Address
CNAME
Maps multiple names (alias) to A record
Canonical Name
MX
Mail Exchange - Maps a domain to a mail server
NS
Name Server - Assigns a DNS zone to access the give authoritative name servers
PTR
Pointer - Maps IP addresses to the host names for reverse look ups
SOA
Start of Authority - Specifies authoritative info for a DNS zone.
SRV
Service Locator - Specifies a generic service location record for newer protocols
HINFO
Host Information Resource Record - Provide OS and platform info
Scanning
Process of discovering systems on the network and taking a look at what open ports and applications may be running
Frame
When a recipient system gets a frame, it checks the physical address to see who the message is intended for
XOR
XOR compares two binary inputs and creates and output: if the two inputs are the same, the output is 0 if different the output is 1
255.255.255.255 (Destination MAC FF:FF:FF:FF:FF:FF)
Limited broadcast addresses are delivered to every system inside the broadcast domain
Scanning Methodology
Check for live system Check for open ports Scan beyond IDS Perform Banner Grabbing Scan for Vulnerabilities Draw Network Diagram Prepare Proxies
netstat -an
Displays all connections and listening ports with addresses and port numbers in numerical form.
HPING
tool for both ping sweeps and port and linux versions and runs nearly any scan nmap can put out.
Arp -a
will display current ARP cache ( -d will delete cache)
CAM
Content Addressable memory
NIC
Network Interface Card
protocols vulnerable to sniffing
SMTP v1 (plain text) FTP, TFTP NNTP IMAP POP3
Span port (port mirroring)
Is one in which the switch configurations has been altered to send a copy all frames from one port or successions of ports to another.
DHCP Starvation
Malicious agaent exhausts all available addresses from the server
DHCP
DORA - Discover Offer Request Acknowledge
Port Security
Security Feature on switches that allows admin to manually assign AMC addresses to specific ports
IRDP
ICMP Router Discovery Protocol - Advertises whatever gateway he wants all the systems to start routing messages to
TCPDUMP
Command line tool that simply prints out a description of the content of a packet on a network interface that match a given filter.
IDS
Intrusion Detection System are hardware or software devices that examine streams of packets for unusual or malicious behavior
Falso Positive
Alarm shows intrusion when in reality, no intrusion has occured
False Negative
Report that the stream is fine but there is actually is an intrusion
SNORT
Most widely deployed IDS in the work - Open SourceI
Network tap
Any kind of connection that allows you to see all traffic passing by
OINKMASTER
Used to manage and update signatures for IDS
Explicit Firewall
Stating what is allowed to pass from one side of the firewall to the other
Implicit Firewall
Deny Principle, which if there is not a rule defined to allow the pack to pass, it is blocked
Firewalking
Walking through every port against a firewall to determine what is open is known as firewalking
