Chapter 19: Protecting Your Network Flashcards
The three goals of security, the CIA triad, are:
- Confidentiality
- Integrity
- Availability
____ is the goal of keeping unauthorized people from accessing, seeing, reading, or interacting with systems and data.
Confidentiality
____ requires maintaining data and systems in a pristine, unaltered state when they are stored, transmitted, processed, and received, unless the alteration is intended due to normal processing.
Integrity
____ means ensuring that systems and data are available for authorized users to perform authorized tasks, whenever they need them.
Availability
____ is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.
Zero trust
____ acknowledges that you can’t build a completely secure perimeter, so you should design your security posture with the assumption that every single defense can be beaten.
Defense in depth
____ is about identifying how people could abuse or misuse a system, determining what access they’d need to do so, and then splitting up that access so that no individual has the ability to do it alone.
Separation of duties
In ____, an attacker alters a DNS server’s cache to point clients to an evil Web server instead of the correct one.
DNS poisoning
To prevent DNS cache poisoning, the typical use case scenario is to add ____ for domain name resolutions.
DNSSEC or DNS Security Extensions
____ is a switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically, it’s used to block attacks that use a rogue DHCP server.
DHCP snooping
In IPv6 networks, ____ enables the switch to block router advertisements and router redirect messages that are not sent from trusted ports or don’t match a policy.
RA-Guard or Router Advertisement Guard
____ attacks target ARP caches on hosts and MAC address tables on switches.
ARP cache poisoning
What tool uses the DHCP snooping binding database to prevent ARP cache poisoning?
DAI or Dynamic ARP Inspection (Cisco)
Implementing Dynamic ARP Inspection (DAI) and DHCP snooping enhances ____, a key network hardening technique.
switch port protection
A ____ attack is a targeted attack on a server (or servers) that provides some form of service on the Internet with the goal of making that service unable to process any incoming requests.
DoS or Denial of Service
Used in DDoS attacks, ____ is where the attacker sends requests to normal servers with the target’s IP address spoofed as the source. The normal servers respond to the spoofed IP address (the target system), overwhelming it with reflected traffic without identifying the true initiator.
reflection
A/An ____ DoS attack sends a small amount of traffic to a server, which produces a much larger response from the server that is sent to a spoofed IP address, overwhelming a victim machine.
amplified
A/An ____ is a form of DoS attack that targets 802.11 WiFi networks specifically by sending out a frame that kicks a wireless client off its current WAP connection. A rogue WAP nearby presents a stronger signal, which the client will prefer. The rogue WAP connects the client to the Internet and then proceeds to intercept communications to and from that client.
deauthentication (deauth) attack
A/An ____ attack is where an attacker takes advantage of DHCP scope exhaustion by spoofing packets to the DHCP server, tricking it into giving away all of its leases and therefore running out of open addresses. It is a technique used to encourage clients to switch to a rogue DHCP server that the attacker controls.
DHCP starvation
In an ____, an attacker taps into the communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on.
on-path attack (aka. man-in-the-middle)
____ tries to intercept a valid computer session to get authentication information.
Session hijacking
____ is an attack where a threat agent guesses every permutation of some part of data.
Brute force
A/An ____ uses a list of known words and partial words as the starting point for cracking passwords.
dictionary attack
____ is a Layer 2 attack that enables an attacker to access hosts on a VLAN the attacker is not a part of. The mechanism behind the attack is to take a system that’s connected to one VLAN and, by abusing VLAN commands to the switch, convince the switch to change your switch port connection to a trunk line.
VLAN hopping
The term ____ describes any program or code (macro, script, and so on) that’s designed to do something on a system or network that you don’t want to have happen.
malware
____ uses some form of encryption to lock a user out of a system, usually by encrypting the boot drive.
Crypto-malware
____ is any form of malware the makes you pay to get the malware to go away.
Ransomware
A ____ is a malware program that replicates and activates. It only replicates to other applications on a drive or to other drives and does not replicate across networks. It is not a stand-alone program, but rather something attached to a host file. They carry some payload that may or may not do something malicious when activated.
virus
A/An ____ replicates exclusively through networks by sending copies of itself to any other computers it can locate on the network. They can exploit inherent vulnerabilities in program code, attacking programs, operating systems, protocols, and more.
worm
A/An ____ is code written to execute when certain conditions are met, usually with malicious intent.
logic bomb
A/An ____ is a piece of malware that looks or pretends to do one thing while, at the same time, doing something evil. They do not replicate.
Trojan horse
A/An ____ is a type of malware that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools.
rootkit
____ is a program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements.
Adware
____ is a function of any program that sends information about your system or your actions over the Internet. The type of information sent depends on the program.
Spyware
____ is the process of using or manipulating people inside the networking environment to gain access to that network from the outside.
Social engineering
____ is a social engineering technique where the attacker poses as a trusted source and tries to inspire the victim to act based on a false premise (usually communicated via e-mail, phone, or SMS). A successful attack typically obtains confidential information or introduces malware into the network.
Phishing
To lock a Windows computer, press the ____ combination.
WINDOWS KEY-L
An unauthorized person attempting to follow an authorized person into a secure area without the authorized person’s consent or even realization is called ____.
tailgating
An authorized person helping an unauthorized person follow them into a secure area is called ____.
piggybacking
A/An ____, is an entryway with two successive locked doors and a small space between them providing one-way entry or exit.
access control vestibule (aka. mantrap)
A/An ____ is a sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token.
proximity reader
A device (such as a credit card) that you insert into your PC or use on a door pad for authentication is called a/an ____.
smart card
A/An ____ is a door unlocking system that uses a door handle, a latch, and a sequence of mechanical push buttons.
cipher lock
In all network operating systems, the permissions of the groups are combined, and the result is what is called the ____ the user has to access a given resource.
effective permissions
____ is a standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network.
NAC or Network Access Control
In terms of posture assessment, a/an ____ refers to software that runs within a client and reports the client’s security characteristics to an access control server to be approved or denied entry to a system.
agent
Attackers can use ____, excessive or malformed packets, to conduct DoS attacks on networks and hosts, targeting vulnerable switches through their switch ports.
traffic floods
Better switches today employ ____ to detect and block excessive traffic. This enhances switch port protection.
flood guards
A/An ____ is the code pattern of a known virus.
signature
____ are a network security device or software that restricts incoming and outgoing network traffic based on pre-defined rules.
Firewalls
A/An ____ is a network segment carved out by firewalls to provide a special place (a zone) on the network for any servers that need to be publicly accessible from the Internet.
screened subnet (aka. a DMZ or demilitarized zone)
A/An ____ is a resource that an administrator sets up for the express purpose of attracting a computer hacker, often using fake data and deliberate vulnerabilities as bait. If a hacker takes the bait, the network’s important resources are unharmed and the network personnel can analyze the attack to predict and protect against future attacks, making the network more secure.
honeypot
A/An ____ is a network containing one or more honeypots created to lure in hackers.
honeynet
A computer compromised with malware to support a botnet is called a ____.
zombie
Which Windows utility displays open ports on a host?
netstat
The NSA’s TEMPEST security standards are used to combat which risk?
RF emanation using enclosures, shielding, and even paint.
A DoS attacker using ____ would focus on sending the smallest amount of traffic possible.
amplification
