FBLA Practice Flashcards
IBM, Microsoft, and Novell universal biometric standard
Bio API
Attack type that relies on trust and deception
Social Engineering
How can you prevent intruders from accessing your wireless network?
Restrict to known MAC addresses
Microsoft Passport is what?
Single Sign-On
Computer system designed to trap intruders
Honeypot
Stateful Inspection
Compares parts of a packet to trusted information
TCP
Internet protocol to get data from one device to another (Transmission Control Protocol)
UDP
Protocol for information without a response, like streaming (User Datagram Protocol)
ICMP
Router to Router Protocol (Internet Control Message Protocol)
SMTP
Email or text transfer protocol (Simple Mail Transfer Protocol)
SNMP
Used to collect system info from a remote computer (Simple Network Management Protocol)
Telnet
Used to preform commands on a remote machine (often insecure)
Application Backdoor
Hidden access coded in by developer
SMTP Session Hijacking
Allows access to email addresses and therefore spam
Email Bomb
Large quantity of email to overwhelm server, prevents access
Redirect bomb
Attack using ICMP to change the path of information
Source Routing
Controlling the path of a packet from the source
Proxy Server
Server that local packets go through before internet
Adware
Malware the displays ads, often collecting personal info
Attack
Bypassing security
Audit trail
Recording showing who and what a user did on a computer
Authentication
Verifying a user’s identity
Blended threat
Combining types of malware to inflict maximum damage, such a trojan horse worm
Dictionary Attack
Using a list of words to try and find a password
Brute-force attack
Using every possible possible password combination
EULA
End User License Agreement
Flooding
Denial of Service through sending large amounts of data
Pharming
Like Phishing, except done through DNS poisoning (redirecting a user through false information put into a DNS server)
RADIUS
Authentication service used by ISPs to manage access to the ISP system
Retro-Virus
Infects all backup media to ensure you cannot restore system
Rootkit
Allows complete access to a system with a hidden presence
Smurfing
Denial of service attack using ICMP and a Smurfed IP address, exploits Echo requests
Spyware
Hidden components of software that harvest personal information
Threat
Anything that has the potential to attack or threaten a system
Vulnerability
Something that a threat can exploit to carry out an attack
Worm
Self Replicating program, often used to clog networks through its spread
Worm
Self Replicating program, often used to clog networks through its spread
APT
Advanced Persistent Threat, coordinated, complex, and long term threat
Air Gap
Physically Isolation of a network
Asymmetric Cryptography
Private/Public Key Cryptography, Must use both keys, allows no shared secrets
Botnet
Multiple computers AKA zombies, controlled by single entity, used for DDoS,
CERT
Computer Emergency Response Team, often government or corporate run teams of cybersec. expertise
Conflicker
2008 Computer Worm, noteworthy for large size of botnet and international response
DNS
Domain Name System, translates IP addresses into words
FedRAMP
Federal Risk and Authorization Management Program, 2012 Program that allowed 1 certification for all US Civilian Government Work
FedRAMP
Federal Risk and Authorization Management Program, 2012 Program that allowed 1 certification for all US Civilian Government Work
GhostNet
1295 computer botnet, spread over 103 countries, discovered 2004, most likely used by China to target the West
ICS
Industrial Control System, runs large scale industry, such as factories, to pipelines
ISAC
Information Sharing and Analysis Center, Hub to share information with an industry for critical infrastructure
Integrity Attack
An attack for changing data, rather than extracting it
ICANN
Internet Corporation for Assigned Names and Numbers, 1998 Nonprofit took over US Gov. control of DNS and Internet Policy
ITU
1865 Founded UN Agency in charge of Telecommunications (International Telecommunications Union)
IETF
Internet Engineering Task Force, developed standards and protocols, part of ISOC
ISOC
Internet Society, group of agencies in charge of developing internet policy
NIST
US Commerce Department, develops industry standards
Operation Orchard
2007 Israeli strike on Syrian Nuclear Research
Operation Shady RAT
2006 Series of Cyber attacks, comprised confidential information of 70+ major firms and agencies
Red team
Simulated attack group of white hat hackers
Root access
Ability to change every file on a system
SIPRNet
Secure Internet Protocol Router Network, US Military Classified INTRAnet, uses common Internet Protocol
SCADA
Supervisory Control and Data Acquisition, Industrial Control System to manage sensors and control large facilities
TOR
The Onion Router, used to provide online anonymity, developed by US Gov. now volunteer run
SQL
Structured Query Language, used to access and manage databases in servers
SQL Injection
Using a website to pass SQL code to gain access to a database and the information within
typosquatting
registering domain names that may be close to the original (fisney instead of disney)
Watering Hole
Attack on a specific group by compromising website used frequently by members of that group
Zero Day
Exploits a previously unknown vulnerability, “zeroth day of awareness”
