Chapter 4: Network Flashcards
DoS/DDoS attacks
The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)
Fragment Attacks
In a fragment attack, an attacker fragments traffic in such a way that a system is unable to put data packets back together.
Oversized Packet Attacks
Purposely sending a network packet that is larger than expected or larger than can be handled by the receiving system, causing the receiving system to fail unexpectedly.
Spoofing
Faking the sending address of a transmission to gain illegal entry into a secure system.
Man in the Middle Attacks
An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.
Physical Ports
Physical ports are the ports on the routers, switches, servers, computers, etc. that you connect the wires, e.g., fiber optic cables, Cat5 cables, etc., to create a network.
Logical Ports
A logical port (also called a socket) is little more than an address number that both ends of the communication link agree to use when transferring data. Ports allow a single IP address to be able to support multiple simultaneous communications, each using a different port number. In the Application Layer of the TCP/IP model (which includes the Session, Presentation, and Application Layers of the OSI model) reside numerous application- or service-specific protocols. Data types are mapped using port numbers associated with services.
Three ways Handshake
SYN, SYN-ACK, ACK
TCP/IP
TCP/IP stands for Transmission Control Protocol/Internet Protocol.
TCP/IP is a set of standardized rules that allow computers to communicate on a network such as the internet.
5 layers:
- Physical Layer: The physical devices that connect computers
- Data Link Layer: Defines a common way of interpreting signals so that network devices can communicate (ex. ethernet).
- Network/Internet Layer: allows different networks to communicate with each other through devices known as routers (ex. IP).
- Transport layer: Sorts out which client and server programs are supposed to get that data. (ex. TCP, UDP)
- Application Layer: Browser, Email
VLAN
Virtual Local Area Network
A logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution.
VPN
Virtual Private Network
A virtual private network (VPN), built on top of existing networks, that can provide a secure communications mechanism for transmission between networks.
WLAN
Wireless Local Area Network
A group of computers and devices that are located in the same vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN.
Zenmap
The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans networks to determine everything that is connected as well as other information.
Zero Trust
Removing the design belief that the network has any trusted space. Security is managed at each possible level, representing the most granular asset. Microsegmentation of workloads is a tool of the model.
PCI DSS
Payment Card Industry Data Security Standard
An information security standard administered by the Payment Card Industry Security Standards Council that applies to merchants and service providers who process credit or debit card transactions.
SMTP
Simple Mail Transport Protocol
The standard communication protocol for sending and receiving emails between senders and receivers. The SMTP is an application layer protocol that operates at level 7.
Protocols
A set of rules (formats and procedures) to implement and control some type of association (that is, communication) between systems.
Payload
Packet
Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.
ICMP
Internet Control Message Protocol
An IP network protocol standardized by the Internet Engineering Task Force (IETF) through RFC 792 to determine if a particular service or host is available.
IPv4
Internal Protocol version 4
Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.
De-encapsulation
The opposite process of encapsulation, in which bundles of data are unpacked or revealed.
DNS
Domain Name Service
This acronym can be applied to three interrelated elements: a service, a physical server and a network protocol.
FTP
Port 21, File Transfer Protocol (FTP) sends the username and password using plaintext from the client to the server. This could be intercepted by an attacker and later used to retrieve confidential information from the server. The secure alternative, SFTP, on port 22 uses encryption to protect the user credentials and packets of data being transferred.
Encapsulation
Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption.
Phishing
An attack that attempts to misdirect legitimate users to malicious websites through the abuse of URLs or hyperlinks in emails could be considered phishing.
Trojan
Named after the ancient story of the Trojan horse, the Trojan is a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network. For example, ransomware often uses a Trojan to infect a target machine and then uses encryption technology to encrypt documents, spreadsheets and other files stored on the system with a key known only to the malware creator.
Malware
A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victim’s data, applications or operating system or otherwise annoying or disrupting the victim.
Ransomware
Malware used for the purpose of facilitating a ransom attack. Ransomware attacks often use cryptography to “lock” the files on an affected computer and require the payment of a ransom fee in return for the “unlock” code.
Insider Threat
Insider threats are threats that arise from individuals who are trusted by the organization. These could be disgruntled employees or employees involved in espionage. Insider threats are not always willing participants. A trusted user who falls victim to a scam could be an unwilling insider threat.