Day 11 - Network Security Concepts Flashcards
Solve for the security term based on the description:
A weakness in a system or its design that could be exploited by a threat
Vulnerability
Solve for the security term based on the description:
Anything of value to the organization, including people, equipment, resources and data
Assets
Solve for the security term based on the description:
A potential danger to a company’s assets, data or network functionality
Threat
Solve for the security term based on the description:
A mechanism that takes advantage of a vulnerability
Exploit
Solve for the security term based on the description:
The process of taking countermeasures to reduce the likelihood or severity of a potential threat or risk
Mitigation
Solve for the security term based on the description:
The likelihood of a threat exploiting the vulnerability of an asset, with the aim of negatively affecting an organization
Risk
An __________ vector is a path by which a threat actor can gain access to a server, host, or network
Attack (vector)
Data loss or data __________ occurs when data is intentionally or unintentionally lost, stolen or leaked to the outside world
Exfiltration
Solve for the data loss vector term based on the description:
Intercepted email or IM messages could be captured and reveal confidential information
Email/Social networking
Solve for the data loss vector term based on the description:
If data is not stored using encryption algorithm, the thief may be able to retrieve valuable confidential information
Unencrypted devices
Solve for the data loss vector term based on the description:
Sensitive data can be lost if access to the cloud is compromised due to weak security settings
Cloud storage devices
Solve for the data loss vector term based on the description:
An employee could perform an unauthorized transfer of data to a USB drive or a USB drive containing valuable data could be lost
Removable media
Solve for the data loss vector term based on the description:
Confidential data should be shredded when no longer required
Hard copy
Solve for the data loss vector term based on the description:
Passwords or weak passwords that have been compromised can provide a threat actor with easy access to corporate data
Improper access control
Solve for the pen testing tool term based on the description:
These types of tools are often referred to as password recovery tools and can be used to crack or recover a password. These tools repeatedly make guesses in order to crack a password
Password crackers
Solve for the pen testing tool term based on the description:
These types of tools are used to intentionally hack into a wireless network to detect security vulnerabilities
Wireless hacking tools
Solve for the pen testing tool term based on the description:
These types of tools are used to probe network devices, servers and hosts for open TCP and UDP ports
Networking scanning and hacking tools
Solve for the pen testing tool term based on the description:
These tools are used to probe and test a firewall’s robustness using specially forged packets
Packet crafting tools
Solve for the pen testing tool term based on the description:
These tools are used to capture and analyze packets in traditional Ethernet LAN or WANs
Packet sniffers
Solve for the pen testing tool term based on the description:
This is a directory and file integrity checker used by white hats to detected installed rootkits
Rootkit detectors
Solve for the pen testing tool term based on the description:
These tools are used by white hat hackers to sniff out any trace of evidence existing in a computer
Forensic tools
Solve for the pen testing tool term based on the description:
These tools are used by black hats to reverse engineer binary files when writing exploits. They are also used by white hats when analyzing malware
Debuggers
Solve for the pen testing tool term based on the description:
These are specially design operating systems preloaded with tools optimized for hacking
Hacking operating systems
Solve for the pen testing tool term based on the description:
These tools use algorithms schemes to encode data to prevent unauthorized access to the encrypted file
Encryption tools
Solve for the pen testing tool term based on the description:
These tools identify whether a remote host is vulnerable to security attacks
Vulnerability exploitation tools
Solve for the pen testing tool term based on the description:
These tools scan a network or system to identify open ports
Vulnerability scanners
Solve for the attack type term based on the description:
A threat actor captures and listens to network traffic. This attack is also referred to as sniffing or snooping
Eavesdropping attack
Solve for the attack type term based on the description:
If threat actors have captured enterprise traffic, they can alter the data in the packet without the knowledge of the sender or receiver
Data modification attack
Solve for the attack type term based on the description:
A threat actor constructs an IP packet that appears to originate from a valid address inside the corporate intranet
IP address spoofing attack
Solve for the attack type term based on the description:
A threat actor who discovers a valid user account has the same rights as a real user. A threat actor can use a valid account obtain lists of other users or network information, change server and network configurations and modify, reroute or delete data
Password-based attacks
Solve for the attack type term based on the description:
This type of attack prevents normal use of a computer or network by valid users. It floods a computer or an entire network with traffic until a shutdown occurs because of the overload
Denial of service attack
Solve for the attack type term based on the description:
This attack occurs when threat actors have positioned themselves between a source and destination and actively monitor, capture and control the communications transparently
Man in the middle attack
Solve for the attack type term based on the description:
If a threat actor obtains a secret key, that key is referred to as this…
Compromised-key attack
Solve for the attack type term based on the description:
This is an application or device that can read, monitor and capture network data exchanges and read network packets. If packets are not encrypted, this type of attack provides a full view of the data inside a packet
Sniffer attack
Solve for the type of malware based on the definition:
Executes arbitrary code and installs copies of itself in the memory of the infected computer
Worm
Solve for the type of malware based on the definition:
Malicious software that executes a specific, unwanted, often harmful function on a computer
Virus
Solve for the type of malware based on the definition:
Non self replicating type of malware. If often contains malicious code that is designed to look like something else, such as a legitimate file or application
Trojan horse
What are some other types of malware other than worms, viruses or trojan horses?
Adware
Ransomware
Rootkits
Spyware
What are 5 types of common network attacks?
reconnaissance attacks
access attacks
DoS attacks
Social engineering attacks
Attacks on the TCP/IP suite
Solve for the reconnaissance attack technique based on the description:
The threat actor looks for initial information about a target. Various tools can be used such as a google search, organization’s website and WHOIS
Information query of a target
Solve for the reconnaissance attack technique based on the description:
An information query usually reveals the target’s network address. The threat actor can then initiate this to determine which IP addresses are active
Ping sweep
Solve for the reconnaissance attack technique based on the description:
This can be used to determine which ports or services are available
Port scans
Solve for the reconnaissance attack technique based on the description:
This can query the identified ports to determine the type and version of the application and OS running on the host
Vulnerability scanner
Solve for the reconnaissance attack technique based on the description:
Threat actor attempts to discover vulnerable services that can be exploited. These tools include Metasploit, Core Impact, sqlmap, Social-engineering toolkit and Netsparker
Exploitation Tools
Solve for the access attack based on the description:
The threat actor attempts to discover critical system passwords using various methods
Password attack
Solve for the access attack based on the description:
The threat actor has a device pose as another device by falsifying data
Spoofing attack
Solve for the access attack based on the description:
The threat actor uses unauthorized privileges to gain access to a system
Trust exploitation
Solve for the access attack based on the description:
The threat actor uses a compromised system as a base for attacks against other targets
Port redirection
Solve for the access attack based on the description:
The threat actor is positioned between two legitimate entities in order to read or modify data that passes between the two
Man in the middle attack
Solve for the access attack based on the description:
The threat actor exploits the buffer memory and overwhelms it with unexpected values. This usually leads to a DoS attack
Buffer overflow attack
Solve for the type of attack based on the definition below:
Threat actors attempt to manipulate individuals into performing actions or divulging confidential information
Social engineering attacks
Solve for the social engineering attack based on the description:
An attack in which a threat actor creates a targeted phishing attack tailored for a specific individual or organization
Spear phishing attack
Solve for the social engineering attack based on the description:
An attack in which a threat actor sends a fraudulent email that is disguised as being from a legitimate, trusted source
Phishing
Solve for the social engineering attack based on the description:
Unsolicited email
Spam
What kind of attack creates some sort of interruption of network services to users, devices or applications
DoS Attack
DoS attacks are created in what two ways?
Overwhelming quantity of traffic
Maliciously formatted packets
A threat actor may build a network of infected hosts called __________
Zombies
A network of “zombies” is known a what?
Botnet
What does uRPF stand for and what it is used to guard against?
Unicast Reverse Path Forwarding
Used to guard against spoofed IP Addresses
What are the 4 transport layer attacks?
TCP Syn Flood Attack
TCP reset attack
TCP session hijacking
UDP flood attack
