Security Concepts Flashcards
Intended to delay or deter entrance into a facility
Perimeter Security
Used for mid-layer access control to prevent tailgating
Mantraps
Used for mid- and inner-layer access control
Multifactor Authentication
Strong Passwords
Uses the inherent trust in the human species, as opposed to technology, to gain access to your environment.
Social Engineering
Network based systems that detect intrusions
IDS systems
Specifically intended to prevent access to network resources by flooding a service or network. Used to disrupt legitimate request from being answered.
DoS (denial-of-service)
Reproduces and move throughout the network to infect other systems. Does not rely on a host application to be transported.
Worm
Software programs that have the ability to hide themselves from the operating system
Rootkits
Attack that uses multiple computer systems to attack a server or host in the network
DDoS (distributed denial-of-service)
Intercepts data and then sends it to the server as if nothing is wrong while collecting the information.
man-in-the-middle attacks
Attacks in which the developer has not patched a hole yet and is unaware of the hole.
Zero-day attacks
A type of DDoS in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.
Smurf attack
An attempt by someone or something to masquerade as someone else (IP address) and is often used to disrupt access.
Spoofing
A type of social engineering where someone is trying to con your organization into revealing account and password information by pretending to be a high level person.
Spear Phishing
Programs that enter a system or network under the guise of another program.
Trojan Horse
