Misc Vocabulary Flashcards
Zigbee
communication technology often found in a home automation system
Collision attack
This happens when a hacker discovers an input that generates the same hash value as a legitimate input. The attacker can then replace the legitimate content with the altered content and the digital signature will still say it’s good. This similar to how a rainbow table works, although in that case the hacker finds the hash of a lot of common passwords then looks for those hashes in the database table containing hashed passwords.
Flood guard
technology used to block DoS attacks. Does not help prevent routing loops.
eDiscovery
reference model. Phases include identification, collection, processing, review, and production. Attorney review of collected material takes place in the Review phase.
Mnemonic: I collect peer review processes.
Nessus
vulnerability scanner that can also perform compliance auditing such as PCI DSS audit scans.
Lockheed Martin cyber kill chain
Analysis framework that implicitly assumes that adversaries never retreat during an attack. Compare to AlienVault, MITRE ATT&CK, and Diamond Model of Intrusion Analysis, each of which allow for a broader range of adversary behaviors.
Iris recognition tech
Biometric auth technique. Nonintrusive, low false positive rate. Iris patterns remain stable throughout a person’s life and may be scanned from a distance. Unfortunately the scanners can be fooled by an image of a person’s face.
Purple team
In a pen test, the purple team includes all participants: red, blue and white team.
Man-in-the-browser attack
Attack made on a web application, typically by exploiting a browser extension. This gives the attacker access to all the information accessed by the browser. Best defense is to disable browser extensions, but that has to be done on the client, not the web server. This is a type of proxy Trojan.
DOM-based XSS attack
Type of cross site scripting attack where the attack code is hidden within a Document Object Model. Viewing the HTML on the page would not show this attack code.
Identity provider
In Federated authentication, the identity provider (IdP) is the organization where the user logs in. this organization then asserts to the other members of the federation that the user is valid.
Digital signature
The sender of the email encrypts a message digest (usually a hash of the email message) using the sender’s private key. This has to be decrypted using the sender’s public key, which verifies that the sender is the one who sent it.
Contrast that to sending an encrypted email: there the message itself is encrypted using the recipient’s public key, and the recipient decrypts it using the recipient’s private key.
Confusion, diffusion
In the context of encryption algorithms, “confusion” ensures that any relationship between the algorithm and the key is extremely complex. Diffusion is another property, that takes any statistical patterns in the plaintext and prevents them from appearing in the ciphertext.
Vendor diversity
Having similar components in the same network but coming from different vendors. This reduces risk - if an attack works against one of them, the second is unlikely to have the same vulnerability so it prevents the attacker from getting further into the network. CompTIA really likes vendor diversity.
Embedded system constraints
NOT a constraint: physical form factors, heat.
Common constraints: power, compute, network, crypto, inability to patch, authentication, range, cost, implied trust.
Restoration Order Documentation
Used when restoring operations after a disaster. Specifies the order for restoring systems and services to insure that dependencies are available before those that depend on them, and that mission-critical services are restored first.
Vertical Scaling
Adding additional capacity to an existing server, such as more hard drive space or another CPU. Compare to horizontal scaling which adds an additional server of the same type.
Incident Response Process
Cycle steps are preparation, identification, containment, eradication, recovery, lessons learned. It’s a cycle so it continues back at preparation.
Mnemomic: Perhaps I Can Eat Rice Later
Walkthrough
Typical part of yearly incident response preparations. The team goes through a sample incident step by step, making sure each person knows what they would need to do. Compare to a tabletop exercise, which has each person being asked what they would do at each step and has more flexibility.
Cyber Kill Chain
Attack model created by Lockheed Martin. Phases are: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control, Actions on Objective.
Mnemonic: Real Women Date Engineers In Commando Armor
NOTE: this model never has the attacker retreating. Several other popular models are more flexible.
pathping
Windows command line tool that shows network latency and loss at each step along a route. Tracert gives the route but not the extra information.
Out-of-band management
Security technique that places the administration interface of a switch, router, or other device on a separate network, or else requires direct connectivity to the device to access and manage it. This prevents an attacker that gains access to the organization’s network from making changes to the network devices.
Jailbreaking
For a mobile device, jailbreaking allows enhanced third-party operating systems or applications to be used. This can be considered a privilege escalation attack.