Implementation Flashcards
WPS
WPS was created to ease the setup and configuration of new wireless devices by allowing the router to automatically configure them after a short 8-digit pin was entered.
WPS is vulnerable to a brute-force attack and is easily compromised. WPS should be disabled on all wireless networks
EAP
Extensible Authentication Protocol
A framework in a series of protocols that allows for numerous diferent mechanisms of authentication, including things like simple passwords, digital certificates, and public key infastructure
Kerberos
Remember! Kerberos is all about ‘tickets’!
Kerberos uses a system of tickets to allow nodes to communicate over a non-secure network and scurely prove their identity
Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
What provides the best protection against both SQL injection and cross-site scripting attacks?
Input Validation
MECM
Microsoft Endpoint Configuration Manager
provides remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory
Wild Card Certificate
Is a public-key certificate that can be used with multiple subdomains of a domain
this saves money and reduces the management burden of managing multiple certificates, one for each subdomain
Which access control models is the most flexible and allows the resource owner to control the access permission?
Discretionary access control (DAC)
- stresses the importance of the owner
- the original creator of the resource is considered the owner an can then assign permission and ownership to others
- the owner has full control over the resource and can modify its ACL to grant rights to others
Hardening
the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle, a single-function system is more secure than a multipurpose one
Aircrack-ng
Aircrack-ng is a complete suite of wireless security assessment and exploitation tools that inclues monitoring, attacking, testing, and cracking of wireless networks
includes packet capture and export of the data collected as a text file or pcap file
Jumpbox
a system on a network used to access and manage devices in a separate security zone
it is a hardened and monitored device that spans two dissimiliar security zones and provides a controlled means of access between them
WEP, WPA, WPA2, WPA3
Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection
Least secure to most secure:
WEP < WPA < WPA2 <WPA3
LDAP
Lightweight Directory Access Control
uses a client-server model for mutual authentication
used to enable access to a directory of resources
SAML
Security Assertions Markup Language
an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes
often used in conjunction with SOAP
solution for providing SSO
CE
Cryptographic Erase
in CE, the storage media is encrypted by default
the encryption key itself is destroyed during the erasing operation
Zero-fill
a prcoess that fills the entire storage device with zeroes
Which port should you block at the firewall if you want to prevent a remote login to a server from occurring?
22 (SSH)
SSH is the protocol used for remote administration and file copying using TCP port 22
Which of the following ports should you block at the firewall if you to prevent a remote login to a server from occuring?
22 (SSH)
SSH is the protocol used for remote administration and file copying using TCP port 22
IPsec
IPsec is the most secure protocol that works with VPNs
John the Ripper
password cracking software tool
Nessus
vulnerability scanner
Netcat
used to create a reverse shell from a victimized machine back to an attacker
TPM
Trusted Platform Module
a hardware-based cryptographics processing component that is apart of the motherboard
HSM
Hardware Security Module
used for encryption during secure login and authentication processes
also used for digital signing of data and payment secruity systems
preferred when performance is a priority
Difference between:
HSM vs. TPM
HSM is an external or additional device added to the system
SNMP
Simple Network Management Protocol
a TCP/IP protocol that aids in monitoring network-attached devices and computers
SAN Certificate
Subject Alternte Name
allows multiple hostnames to be protected by the same certificate
Stateful Firewall
examines the content and context of each packet it encounters
a stateful packet inspection (SPI) firewall understands the preceding packets that came from the same IP address, and thus the context of the communications
Split Horizon DNS
uses different internal and external DNS servers to provide potentially different DNS responses to users of those networks
deploys distinct DNS servers for two or more environments, ensuring that those environments receive NDS information appropriate to the NDS view that their clients should receive
Tokenization
used to protect data by substituting tokens for sensitive data without changing the length or data type
FDE
Full-disk encryption
fully encrypts the hard drive on a computer
effective method for ensuring the security of data on a computer
Captive Portals
usually rely on 802.1x and 802.1x uses RADIUS for authentication
