Chapter 11 Terms Flashcards
SSH
A connection utility that provides authentication and encryption while logging on to a host, executing commands on that host, and copying files to or from that host. Uses Port 22.
Honeypot
A decoy system isolated for legitimate systems and designed to be vulnerable to security exploits for the purpose of learning more about hacking techniques or nabbing a hacker in the act.
IPS
A dedicated device or software running on a host that automatically reacts to any unauthorized attempt to access an organization’s secured resources on a network or host. It is often combined with IDS.
IDS
A dedicated device or software running on a host that monitors, flags, and logs any unauthorized attempt to access an organization’s secured resources on a network or host.
ACL
A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria.
Kerberos
A network authentication protocol which works on the basis of “tickets” to allow nodes communicating over a non-secure network to prove their identity to one another. Its designers aimed primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other’s identity. Uses Port 88.
AES
A private key encryption algorithm that weaves keys of 128, 160, 192, or 256 bits through data multiple times.
DoS attack
A security attack in which a system becomes unable to function because it has been inundated with requests for services and can’t respond to any of them.
HTTP
A set of rules for transferring files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. Uses Port 80.
Asymmetric encryption
A type of encryption (such as public key encryption) that uses a different key for encoding data than is used for decoding the ciphertext.
brute force attack
An attempt to discover an encryption key or password by trying numerous possible character combinations.
CHAP
An authentication protocol that operates over PPP and requires the authenticator to take the first step by offering the other computer a challenge.
CA
An organization that issues and maintains digital certificates as part of the Public-key Infrastructure.
IPSec
Defines encryption, authentication, and key management for TCP/IP transmissions. It is an enhancement for IPv4 and is native to IPv6.
ESP
In IPSec, this is a type of encryption that provides authentication of the IP packet’s data payload through the public key technique. It also encrypts the entire IP packet for added security.
802.11i
The IEEE standard for wireless network encryption and authentication that uses the EAP authentication method, strong encryption, and dynamically assigned keys. This specifies AES encryption and weaves a key into each packet. Uses 802.1x and TKIP
3DES
The modern implementation of the data encryption standard which weaves a 56-bit key through data three times, each time using a different key.
DMZ
The perimeter of a protected internal network where users, both authorized and unauthorized, from external networks can attempt to access it.
HTTPS
The URL prefix that indicates that a Web page requires its data to be exchanged between client and server using SSL encryption. It uses TCP Port 443.
Encryption
The use of an algorithm to scramble data into a format that can be read only by reversing the algorithm to keep the information private.
EAP
This protocol specifies the dynamic distribution of encryption keys and a preauthorization process in which a client and server exchange data via an intermediate node. It can be used with multiple authentication and encryption schemes.
Zero-day exploit
This takes advantage of a software vulnerability that hasn’t yet become public and is known only to the hacker who discovered it, so the harm is inflicted before the software developer has the opportunity to provide a solution for it.
