Protecting Your Network Flashcards
when an attacker targets a DNS server with a bad one, sending spoofed DNS info, which will be cached and spread to other devices
DNS cache poisoning
extensions added for domain name resolution to prevent DNS cache poisoning, used by all the DNS root and top-level domains
Domain Name System Security Extensions (DNSSEC)
whenever one does something with a protocol that it was never meant to do and results in a threat
protocol abuse
the insertion of unwanted information into a packet using special software with the aim of breaking another system
malformed packets
the way and attack takes advantage of a vulnerability
attack surface
the process of attacking the ARP caches on hosts and switches, such as by sending false information
ARP cache poisoning
Cisco technology for avoiding ARP cache poisoning by keeping track of known good IP addresses and MAC addresses, in switches
Dynamic ARP Inispection (DAI)
technology that creates a list of MAC addresses for known DHCP servers and clients, used to prevent someone unknown (MAC address) sending DHCP server messages; sends an alarm to the appropriate person
DHCP snooping
a key network hardening technique, enchanced by adding DAI or DHCP snooping
switch port protection
single computer under the control of an operator in a DDoS attack
zombie/bot
a group of computers under the control of an operator in a DDoS atatck
botnet
attack that sends a large amount of packets to a server with that server’s IP address set as the source
reflection/reflective DDoS
form of DoS attack with the aim of kicking a client off of its WAP; a rogue AP nearaby acts as an alternative
deauthentication (deauth) attack
DoS attack lacking any malice from the attacker, such as when a site/server cannot handle the legitimate load it is under
friendly/unintentional DoS
unintentional DoS attack where a popular sites references a smaller site, resulting in a massive amount of traffice to that smaller site
slashdotting/Reddit hug of death
attack where the culprit tries to intercept a valid computer session to get authentication data
session hijacking
the addition of redundancy to a system to prevent loss?
fault tolerance
an attack where a malicious user probes an open port to gain information about the running services
banner grabbing
attack that takes a system connected to one VLAN and use switch commands to change the switch port connection to a trunk link
VLAN hopping
list on many devices that defines what a user can do with that device’s shared resources
access control list (ACL)
attack that uses encryption to lock a user out of a system, such as encrypting the hard drive; usually used to force users to pay money to get the device decrypted - crypto-ransomware
crypto-malware
program (not stand-alone) that is designed to replicate and activate (by user action); often replicates as code added to boot sector or extra code added to the end of executables; only replicates to other applications on a drive or to other drives; needs a host file to infect
virus
program that replicates exclusively through a network, replicating itself to any computer it sees on the network; can exploit vulnerabilities in program code, attack program code, programs, OS’s, protocols, etc.; does not need host files to infect
worm
virus that uses application macros to replicate and activate
macro (virus)
code that is written to execute when certain conditions are met, usually malicious
logic bomb
malware that pretends to be one things while instead doing something bad; can be used to capture keystrokes, files, credit card info, etc.
trojan horse
malware that takes advantage of low-level operating system functions to hide itself; it also gains privileged access to the computer; attacks OS’s, hypervisors, and even firmware
rootkit
a program that monitors the sites you visit to send you advertisements, usually via pop-up windows; the ads can install viruses or contain sypware
adware
process of manipulating the people inside the organization to gain access to the network; includes spam calls and pretending to be someone legit to get information or examine workstations
social engineering
social engineering attack where the attacker poses as a legit site, requesting that a person update their information (like financial info)
phishing
the accidental spilling of radio waves outside of their intended area, where people can intercept them; address this by adding filtering between the system and where malicious people might try to access it
RF emanation
series of standards for addressing RF emanation, found in US Government agencies
TEMPEST
feature of many chassis, including all modern servers, that records onto NVRAM when the chassis was opened; more basic items like stickers or zip ties can create this feature
tamper detection
small device, as might be used to open a car, that contains RFID circuitry to open doors
key fob
unlocking system that consists of a latch, door handle, and series of mechanical push buttons, where a person must press the buttons in a certain pattern to gain entry; turning the handle open the latch if the pattern is correct or clears the entry
cipher lock
self-contained, closed system in which camera feeds go to specific dedicated monitors and storage devices
closed-circuit televisions (CCTV)
approach to network security where each user has a single user account and they only have permission to access the resources they need for the job; the most common approach to network security
principle of least privilege
the combined permissions for a user that is a part of multiple groups; Deny always trumps other permissions
effective permissions
piece of hardware optimized to perform a certain task; multiple of these work in conjuection with a central controller rather than have one controller do everything
edge device
standardized approach to network security in which devices much meet a certain criteria before being allowed to connect to a network
network access control (NAC)
tools used by Cisco to implement NAC; a switch or router which this enabled will query devices (the agent program on the device containing node info, resources, assets) to make sure they meet certain criteria, such as anti-malware, QoS, OS version; if they pass, the device connects to the network; if a node does not pass, it either doesn’t connect or is connected to a different network until it reaches the criteria
posture assessment
program that runs every time the host boots up, storing system information for posture assessment querying
persistent agent
program that runs whenever a client needs to connect to a secure network through a web portal; the program only checks those components that will reach the criteria of the posture assessment
non-persistent agent
Cisco program, process, or server that is responsible for admitting or denying a connection for a node to a network; it directs an edge device to deny or allow
Access Control Server (ACS)
excessive or malformed packets sent by attackers to a network/switch (DoS attack)
traffic flood
employed by modern switches to detect and block excess traffic, enhancing switch port protection
flood guard
system with a very high network output, likely the result of malware
top talker
capability of some anti-malware programs to passively monitor a computer’s activities and check for malware only at certain events, like downloading a file or executing a program
virus shield
anti-malware setup where a single server runs on a number of systems (systems may have a small client); easier to update and administer, and responsibility falls to the provider
network-based anti-malware
anti-malware program that is stored on a server in a remote location; nothing is stored on the host, but the host is responsible for accessing the software
cloud/server-based anti-malware
capability in a firewall to tell if a packet is part of an existing connection
stateful inspection
firewall capability where the firewall looks at each packet fresh with no regard for the state of the packet’s relation to another packet
stateless inspection
capability of firewalls to filter based on the application or service that originated the packet; operates at OSI layer 7
application/context aware
the marriage of firewalls with other security services, such as network-based IPS, load balancing, etc.
unified threat management (UTM)
organized, ongoing attack against the same entity
advanced persistent threats (APTs)
a feature the enables networks to block access to certain Web sites; for firewalls and others advanced networking devices
web filtering
a networking features that enables the network to block traffic based on specific signatures or keywords (like profane language)
content filtering
any machine that is fully exposed to the Internet, like a firewall
bastion host
a machine, program, or VM that acts as a decoy within a network for the purpose of attracting attention to hackers and wasting their time and resources; can also monitor and reports on any attacks; must be segmented from trusted network
honeypot
