Introduction to Ethical Hacking Flashcards
APT
advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.
Authentication Header(AH)
Which will digitally sign the packets. That will allow the company to guarantee integrity, authenticity, and non-repudiation.
Shrink-wrap code attack
Using default or off the shelf components, it happens if the code/script is not fine-tuned.
Electronic warfare
Uses radio electronic and cryptographic techniques to degrade communication. Radio electronic techniques attack the physical means of sending information, whereas cryptographic techniques use bits and bytes to disrupt the means of sending information.
Intelligence-based warfare
Sensor-based technology that directly corrupts technological systems. Intelligence-based warfare is a warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battlespace.
Command and control warfare (C2 warfare)
In the computer security industry, C2 warfare refers to the impact an attacker possesses over a compromised system or network that they control.
Economic warfare
Warfare can affect the economy of a business or nation by blocking the flow of information. This could be especially devastating to organizations that do a lot of business in the digital world.
OWASP
Open Web Application Security Project, which is an open-source application security project that assists the organizations to purchase, develop and maintain software tools, software applications, and knowledge-based documentation for Web application security. It provides a set of tools and a knowledge base, which help in protecting Web applications and services. It is beneficial for system architects, developers, vendors, consumers, and security professionals who might work on designing, developing, deploying, and testing the security of Web applications and Web services.
OSSTMM
Open-Source Security Testing Methodology Manual, compiled by Pete Herzog. It is a peer-reviewed methodology for performing high-quality security tests such as methodology tests: data controls, fraud and social engineering control levels, computer networks, wireless devices, mobile devices, physical security access controls, and various security processes. OSSTMM is a standard set of penetration tests to achieve security metrics. It is considered to be a de facto standard for the highest level of testing, and it ensures high consistency and remarkable accuracy.
Host-based assessment
looks at the vulnerabilities of the devices.
Active assessment
means we are using a network scanner to look for hosts.
Passive assessment
means we are sniffing packets in a network
Wireless network assessment
looks for vulnerabilities in the wireless network
