Implementation Flashcards
WPS
WPS was created to ease the setup and configuration of new wireless devices by allowing the router to automatically configure them after a short 8-digit pin was entered.
WPS is vulnerable to a brute-force attack and is easily compromised. WPS should be disabled on all wireless networks
EAP
Extensible Authentication Protocol
A framework in a series of protocols that allows for numerous diferent mechanisms of authentication, including things like simple passwords, digital certificates, and public key infastructure
Kerberos
Remember! Kerberos is all about ‘tickets’!
Kerberos uses a system of tickets to allow nodes to communicate over a non-secure network and scurely prove their identity
Kerberos is a computer network authentication protocol that works based on tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
What provides the best protection against both SQL injection and cross-site scripting attacks?
Input Validation
MECM
Microsoft Endpoint Configuration Manager
provides remote control, patch management, software distribution, operating system deployment, network access protection and hardware and software inventory
Wild Card Certificate
Is a public-key certificate that can be used with multiple subdomains of a domain
this saves money and reduces the management burden of managing multiple certificates, one for each subdomain
Which access control models is the most flexible and allows the resource owner to control the access permission?
Discretionary access control (DAC)
- stresses the importance of the owner
- the original creator of the resource is considered the owner an can then assign permission and ownership to others
- the owner has full control over the resource and can modify its ACL to grant rights to others
Hardening
the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle, a single-function system is more secure than a multipurpose one
Aircrack-ng
Aircrack-ng is a complete suite of wireless security assessment and exploitation tools that inclues monitoring, attacking, testing, and cracking of wireless networks
includes packet capture and export of the data collected as a text file or pcap file
Jumpbox
a system on a network used to access and manage devices in a separate security zone
it is a hardened and monitored device that spans two dissimiliar security zones and provides a controlled means of access between them
WEP, WPA, WPA2, WPA3
Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection
Least secure to most secure:
WEP < WPA < WPA2 <WPA3
LDAP
Lightweight Directory Access Control
uses a client-server model for mutual authentication
used to enable access to a directory of resources
SAML
Security Assertions Markup Language
an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes
often used in conjunction with SOAP
solution for providing SSO
CE
Cryptographic Erase
in CE, the storage media is encrypted by default
the encryption key itself is destroyed during the erasing operation
Zero-fill
a prcoess that fills the entire storage device with zeroes
