Chapter 19: Protecting Your Network

Question 1

Spoofing

Answer 1

The process of pretending to be someone or something you are not by placing false information into your packets.

Question 2

Protocol Abuse

Answer 2

Doing things with a protocol that it wasn’t meant to do, usually to carry out an attack.

Question 3

Malformed packets

Answer 3

Packets with unwanted information in an attempt to break another system.

Question 4

Attack Surface

Answer 4

The way that an exploit takes advantage of a vulnerability.

Question 5

Attack Window

Answer 5

The time frame in which a bad guy can apply an attack surface against a vulnerability before patches are applied to prevent the exploit.

Question 6

Zero-day Attacks

Answer 6

New attacks using vulnerabilities that haven’t yet been identified or fixed.

Question 7

ARP Cache Poisoning

Answer 7

Target the ARP caches (storing known IPs and MAC addresses) on hosts and switches

Question 8

ARP Request

Answer 8

A special broadcast that a sending device sends out if it doesn’t know the destination device’s MAC address.

Question 9

Dynamic ARP Inspection (DAI)

Answer 9

Tool to prevent ARP poisoning.

Question 10

DHCP Snooping

Answer 10

Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources.
Typically used to block attacks that use a rogue DHCP server.

Question 11

Denial of Service (DoS) attack

Answer 11

A targeted attack on a server that provides some form of service on the Internet, with the goal of making that site unable to process any incoming server requests.

Question 12

Amplification

Answer 12

The aspect of a DoS attack that makes a server do a lot of processing and responding.

Question 13

Jamming

Answer 13

The process of sending artificial jam signals that effectively prevent any other station on the collision domain from transmitting its data onto the network. (Fixed by switches!)

Question 14

Distributed DoS (DDoS)

Answer 14

Uses many many computers under the control of a single operator to launch a coordinated attack.

Question 15

Zombie

Answer 15

A single computer under the control of an operator

Question 16

Botnet

Answer 16

A group of computers under the control of one operator

Question 17

Reflection

Answer 17

Requests are sent to normal servers as if they had come from the target server and the responses from the normal servers are reflected to the target server, overwhelming it.

Question 18

Smurf Attack

Answer 18

A form of DoS attack that sends broadcast pings to the victim

Question 19

Friendly/Unintentional DoS

Answer 19

Caused by too much legitimate traffic on a server that is too weak to handle it.

Question 20

Permanent DoS

Answer 20

An attack that damages the targeted machine and renders that machine inoperable. (Also known as phlashing)

Question 21

Man-in-the-middle

Answer 21

An attacker taps into communications between two systems, intercepting traffic, reading or manipulating it, then sending it on.

Question 22

Session Hijacking

Answer 22

Tries to intercept a valid computer session to get authentication information.

Question 23

Packet Sniffing

Answer 23

Intercepting packets

Question 24

Banner Grabbing

Answer 24

When a malicious user probes a host’s open ports to learn details about running services.

Question 25

VLAN Hopping

Answer 25

Older technique to hack a switch to change a normal switch port from an access port to a trunk port, the hacker to access different VLANs.

Question 26

Virus

Answer 26

A program that can make a copy of itself without your necessarily being aware of it.
All viruses carry some payload that may or may not do something malicious.

Question 27

Worm

Answer 27

A form of virus that doesn’t infect other files on the computer, but replicates by making copies of itself on other systems on a network.

Question 28

Macro

Answer 28

A type of virus that exploits application macros to replicate and activate.

Question 29

Trojan Horse

Answer 29

A piece of malware that pretends to do one thing, but actually does something evil.
They don’t replicate

Question 30

Rootkit

Answer 30

A Trojan horse that takes advantage of very low level operating system functions to hide itself from all but the most aggressive of anti-malware tools

Question 31

Adware

Answer 31

A program that monitors the types of Web sites you frequent and uses that info to generate targeted advertisements.

Question 32

Spyware

Answer 32

A function of any program that sends info about your system or your actions over the Internet

Question 33

Social Engineering

Answer 33

The process of using or manipulating people inside the networking environment to gain access to that network from the outside.

Question 34

Phishing

Answer 34

The attacker poses as some sort of trusted site in an attempt to get you to reveal sensitive information.

Question 35

Services

Answer 35

Background programs in an operating system that do behind-the-scenes grunt work that users don’t need to interact with on a regular basis.

Question 36

What can you do if you really want to use insecure protocols?

Answer 36

Run them through a VPN

Question 37

RF Emanation Vulnerability

Answer 37

Radio waves can penetrate walls to a certain extent, and accidentally spill into other areas.

Question 38

TEMPEST

Answer 38

The NSA’s security standard that is used to combat RF emanation by using enclosures, shielding, and even paint.

Question 39

Tailgating

Answer 39

When a locked door is opened by an authorized person and an unauthorized person tries to sneak in behind them

Question 40

IP Camera

Answer 40

Still-frame or video camera with a network interface and TCP/IP protocols to send output to a network resource or destination

Question 41

Closed-Circuit Televisions (CCTVs)

Answer 41

A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices.

Question 42

Principal of Least Privilege

Answer 42

Promotes minimal user profile privileges on computers, based on users’ job necessities.

Question 43

Unauthorized Access v. Improper Access

Answer 43

Unauthorized access is when a person does something out of the scope of his authority, and improper access occurs when a user who shouldn’t have access gains access through some means

Question 44

Network Access Control (NAC)

Answer 44

A standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network.

Question 45

Posture Assessment

Answer 45

Process by which a client presents its security characteristics to an access control server.

Question 46

Agent

Answer 46

A process or program running within the computer that scans the computer to create an inventory of configuration info, resources, and assets

Question 47

Persistent Agent

Answer 47

An agent that once installed stays installed and runs every time the computer boots up.

Question 48

Non-persistent Agent

Answer 48

Downloaded and run when needed, then released when the connection ends

Question 49

Guest Network

Answer 49

A network separate from your main network that you intend for visitors and clients to use.

Question 50

Quarantine Network

Answer 50

Where a node may be sent when it is denied connection to the production network.

Question 51

Rogue Anti-Malware

Answer 51

A malware program that poses as anti-malware.

Question 52

Top-talkers

Answer 52

Systems with very high network output

Question 53

Signature

Answer 53

Code pattern of a known virus

Question 54

Firewall

Answer 54

Blocks or allows traffic to move through based on a set of rules

Question 55

Stateful Inspection

Answer 55

Component of firewalls giving the capability to tell if a packet is part of an existing connection by looking at its relation to other packets

Question 56

Deep Packet Inspection (DPI)

Answer 56

Firewalls with DPI filter based on the application or service that originated the traffic.

Question 57

Content Filtering

Answer 57

Enables admins to filter traffic based on specific signatures or keywords.

Question 58

Demilitarized Zone (DMZ)

Answer 58

A lightly protected or unprotected subnet network positioned between an outer firewall and an organization’s highly protected internal network.
Used mainly to host public address servers such as Web servers.

Question 59

Bastion Host

Answer 59

A machine that is fully exposed to the Internet.

Question 60

Honeypot

Answer 60

A computer that presents itself as a tempting target to a hacker, but is a decoy.

Question 61

Honeynet

Answer 61

A honeypot made to look like a whole network.