Deck D Prt. 2 Flashcards
Man In The Middle
In Order to mitigate, Man-In-The-Middle (MITM) Attack, Make sure that Legitimate Network Routers are Configured to run Routing Protocols with Authentication
Meet In The Middle Attack
Meet In the Middle Attack Is KNOWN Plaintext Attack Used Against DES Which Gives the Result that Encrypting Plaintext With ONE DES Key followed by Encrypting It with a Second DES Key is no more Secure THAN using a Single Key
Multi-Homed Firewall
The Minimum Number of Network Connections in a Multihomed Firewall is 3
NIDS
Is The (Network Intrusion Detection System) Best Applicable for Large Environments Where Critical Assets on the Network need Extra Scrutiny and is Ideal for Observing Sensitive Network Segments
Nmap -oX Flag
In an Nmap Scan the -oX flag outputs the results in XML format to a file
Nmap Command
nmap -sT -O -T0 is the Command that would Result in a Scan of Common Ports with the Least Amount of NOISE in Order to Evade IDS
Nmap Command
nmap -T4 -F 10.68.3.10/24 Command allows you to Enumerate all Machines in the IP Address of 10.68.3.10
OSINT
Is the Collection of Potentially Actionable, Overt, & Publicly Available Information
PCI Compliance
Is the Standard Set by the CREDIT CARD Companies. It does not Recommend Rotating Employees handling Credit Card Transactions on a yearly Basis to Different Departments
Penetration Test
A Penetration Test Actively Exploits Vulnerabilities in the Targeted Infrastructure, while a Vulnerability Scan Does Not Typically Involve Active Explication
Printer Ports
Port 515 Is where PRINTERS Listen for Connection, Port 631 is for the IPP i.e Internet Printing Protocol and port 9100 is used for Printing as well
RECON
Is the Time A Hacker Spends Performing Research to locate the Information about a Company
Risk Acceptance
Is a GOOD Strategy if the risk is only 10% and Risk Threshold is 20%
Rubber Hose Attack
A Rubber Hose Attack Allows Extraction of Cryptographic Secrets through coercion or torture such as beating that person with a rubber hose
Rules Of Engagement
The Rules Of Engagement Describe the specifics of the Penetration Testing, The Associated Violations, and Essentially protects both the Organization’s Interest and your liabilities as a Tester