Chapter 10 Key Terms Flashcards
Secure Sockets Layer
A protocol that secures messages being transmitted on the internet.
Transport Layer Security
A protocol that secures messages being transmitted on the internet. It is the successor to SSL 3.0.
Secure Shell
A protocol that allows for secure interactive control of remote systems.
Hyper Text Transfer Protocol Secure
A secure form of HTTP that uses either SSL or TLS to encrypt sensitive data before it is transmitted.
Secure Hypertext Transfer Protocol
An alternate protocol that is not widely used because it is not as secure as HTTPS.
Internet Protocol Security
A set of protocols that provides secure data transmission over unprotected TCP/IP networks.
Authentication Header
A protocol within IPsec that provides authenticity, non-repudiation, and integrity.
Encapsulating Security Payload
A protocol within IPsec that provides all the security of AH plus confidentiality.
Security Association
The establishment of shared security information between two network entities to support secure communications.
Data loss prevention (DLP)
A system that attempts to detect and stop breaches of sensitive data within an organization.
Network DLP
A software or hardware solution that is typically installed near the network perimeter that analyzes network traffic in an attempt to detect transmission of sensitive data in violation of an organization’s security policies.
Endpoint DLP
DLP Software that runs on end-user workstations and servers.
File-level DLP
DLP software that is used to identify sensitive files in a file system and then to embed the organization’s security policy within the file so that it travels with the a moved or copied file.
Cloud DLP
A software solution that analyzes traffic to and from cloud systems in an attempt to detect sensitive data that is being transmitted in violation of an organization’s security policies.
Masking
The process of replacing sensitive data with realistic fictional data.
Encryption
The process of changing plain text through an algorithm into unreadable ciphertext.
Tokenization
The process of replacing original data with a randomly generated alphanumeric character set called a token.
Rights management
A system of data protection at the file level that uses various forms of permissions, rules, and security policies.
Privilege escalation
The exploitation of a misconfiguration, a bug, or design flaw to gain unauthorized access to resources.
Pointer/object dereferencing
An attack that retrieves a value stored in memory that can be exploited through a NULL pointer dereference.
Buffer overflow
An attack that exploits an operating system or an application that does not properly enforce boundaries for inputting data such as the amount of data or the type of data.
Resource exhaustion
An attack that focuses on depleting the resources of a network to create a denial of service to legitimate users.
Memory Leak
A leak that happens when dynamic memory is allocated in a program, but no pointers are connected to it causing it to never be returned when requested.
Race conditions
A sequence of events with dependencies that a system is programmed to run in a certain order which can lead to a time-of-check to time-of-use bug vulnerability.
Error handling
The procedures in a program that respond to irregular input or conditions.
Improper input handling
The lack of validation, sanitization, filtering, decoding, or encoding of input data.
Replay attack
An attack that happens when network traffic is intercepted by an unauthorized person who then delays or replays the communication to its original receiver, acting as the original sender. The original sender is unaware of this occurrence.
Pass the hash
An attack in which an attacker obtains a hashed password and uses it to gain unauthorized access.
API attacks
A malicious use of an API (application programming interface).
SSL stripping
An attack that focuses on stripping the security from HTTPS-enabled websites.
Driver manipulation
An attack that focuses on device drivers. The attack uses refactoring or shimming.
Normalization
Data reorganized in a relational database to eliminate redundancy by having all data stored in one place and storing all related items together.
Stored procedures
One or more database statements stored as a group in a database’s data dictionary, which when called, executes all the statements in the collection.
Code obfuscation
The deliberate act of creating source or machine code that is difficult for humans to understand. In other words, the code is camouflaged.
Code reuse
Using the same code multiple times.
Dead code
Code that is non-executable at run-time, or source code in a program that is executed but is not used in any other computation.
Memory management
A resource management process applied to computer memory. It allows your computer system to assign portions of memory, called blocks, to various running programs to optimize overall system performance.
Third-party libraries
A library where the code is not maintained in-house.
Software Development Kits
A set of software development tools that can be installed as one unit.
Data exposure
Unintended exposure of personal and confidential data.
Fuzz testing
A software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application.
