Lecture 2 Flashcards
Open Design
Security should not rely on secrecy; source code can be public without reducing security.
Least Privilege
Grant only the permissions necessary to perform tasks.
OSI Model
A 7-layer model for network communication that serves as a reference.
TCP/IP Model
A 4-layer model for internet communication, emphasizing practical implementation.
Ethernet
A common data link protocol, vulnerable to eavesdropping and spoofing.
Packet Encapsulation
The process of embedding one protocol’s packet into another.
ARP Spoofing
A technique where an attacker sends fake ARP messages to associate their MAC address with another IP address.
IP Spoofing
The creation of IP packets with a false source IP address to masquerade as another entity.
TearDrop Attack
An attack exploiting packet fragmentation to crash systems by overlapping fragments.
Man-in-the-Middle Attack
An attacker intercepts and possibly alters communication between two parties.
Fraggle Attack
An attack that uses spoofed UDP packets to amplify traffic and overwhelm a target.
UDP Ping-Pong
A packet storm caused by two hosts endlessly replying to each other’s spoofed packets.
Port 80
The default port for HTTP traffic.
Port 443
The default port for HTTPS traffic.
UDP
A connectionless protocol, used for fast but unreliable transmissions.
TCP
A reliable, connection-oriented protocol ensuring packet delivery.
IPv4 Address
A 32-bit address used to identify devices on a network.
IPv6 Address
A 128-bit address designed to replace IPv4, offering a larger address space.
Checksum
A value used for error detection in network packets.
Separation of Privilege
Access to resources should require multiple conditions to be met.
