Security + Terminology Flashcards
Ensures that resources are only granted to those users who are entitled to them
Access Control
A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource
Access Control List (ACL)
A security service that provides protection of a system resource against unauthorized access. The two basic mechanisms for implementing this service are ACLs and tickets
Access Control Service
Management is the maintenance of access information which consists of four: account, administration, maintenance, monitoring, and revocation
Access Management Access
Is the process of collecting all the legitimate account names on a system
Account Harvesting
Is that practice of sending an ACK inside another packet going to the same destination
ACK Piggybacking
Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user’s workstation. Ex. Java, ActiveX
Active Content
A standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm
Advanced Encryption Standard (AES)
A finite step-by-step instructions for a problem-solving or computation procedure, especially on that can be implemented by a computer
Algorithm
A pioneer packet-switched network that was built in the early 1970’s under contract to the US government
APRANET - Advanced Research Projects Agency Network
Is the process of confirming the correctness of the claimed identity
Authentication
Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second
Bandwidth
Is the simplest web-based authentication scheme that works by sending the username and password with each request
Basic Authentication
Use physical characteristics of the users to determine access
Biometrics
The smallest unit of information stronger; a contraction of the term “binary digit’ on of the two symbols
Bit
Encrypts one block of data at a time
Block Cipher
The people who perform defensive cybersecurity tasks, including placing and configuring firewalls, implementing patching programs, enforcing strong authentication, ensuring physical security measures are adequate and a long list of similar undertakings
Blue Team
Is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack
Botnet
A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one
Brute Force
Occurs when a program tries to store more data in a buffer than it was intended to hold
Buffer Overflow
A fundamental unit of computer storage; the smallest addressable unit in a computer’s architecture. Usually holds one character of information and usually means eight bits
Byte
A special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device
Cache
Is a unit of data transmitted over an ATM network
Cell
Is the use of SSL and certificates to authenticate and encrypt HTTP traffic
Certificate-Based Authentication
Uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks
Challenge-Handshake Authentication Protocol (CHAP)
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data
Checksum
A cryptographic algorithm for encryption and decryption
Cipher
Is the encrypted form of the message being sent
Ciphertext
A system entity that requests and uses a service provided by another system entity, called a “server.” In some cases, the server may itself be a client of some other server
Client
Utilization of remote servers in the data-center of cloud provider to store, manage, and process your data instead of using local computer systems
Cloud Computing
Contains fully redundant hardware and software, with telecommunications, telephone and utility connectivity
Hot Site
It contains partially redundant hardware and software, with telecommunications and telephone but not all primary site operations
Warm
Hardware is ordered, shipped and installed, and software is loaded
Cold Site
Occurs when multiple systems transmit simultaneously on the same wire
Collision
A collection of host computers together with the sub-network or inter-network through which they can exchange data
Computer Network
Is the need to ensure that information is disclosed only to those who are authorized to view it
Confidentiality
Is the ability to get a more complete picture of the information by analyzing several different types of records at once
Data Aggregation
Is the entity currently using or manipulating the data, and therefore temporarily taking responsibility for the data
Data Custodian
A widely-used method of data encryption using a private key
Data Encryption Standard (DES)
Is the process of stripping off one layer’s headers and passing the rest of the packet up to the next higher layer on the protocol stack
Decapsulation
The prevention of authorized access to a system resource or the delaying of system operations and functions
Denial of Service
A key agreement algorithm published in 1976, does key establishment, not encryption
Diffie-Hellman
Is an electronic “credit card” that establishes your credentials when doing business or other transactions on the web
Digital Certificate
Is a hash of a message that uniquely identifies the sender of the message and proves the message hasn’t changed since transmission
Digital Signature
An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers
Digital Signature Algorithm (DSA)
Is the process of recovery of IT systems in the event of a disruption or disaster
Disaster Recovery Plan (DRP)
A sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, etc.
Domain
Is an attack by which an attacker takes over a domain by first blocking access to a domain’s DNS server and then putting his own server up in its place
Domain Hijacking
Is the way that Internet domain names are located and translated into Internet Protocol addresses
Domain Name System (DNS)
Listening to a private conversation which may reveal information which can provide access to a facility or network
Eavesdropping
Is the response a machine that has received an echo request sends over ICMP
Echo Replay
The inclusion of one data structure within another structure so that the first data structure is hidden for the time being
Encapsulation
Cryptographic transformation of data (plaintext) into a form (cipher text) that conceals the data’s original meaning to prevent it from being known or used
Encryption
The most widely-installed LAN technology. Specified in a standard, IEEE 802.3
Ethernet
A framework that supports multiple, optional authentication mechanisms for PPP, including clear text passwords, challenge-response, and arbitrary dialog sequences
Extensible Authentication Protocol (EAP)
A protocol which distributes routing information to the routers which connect autonomous systems
Exterior Gateway Protocol (EGP)
A TCP/IP protocol specifying the transfer of text or binary files across the network
File Transfer Protocol (FTP)
A logical or physical discontinuity in a network to prevent unauthorized access to data or resources
Firewall
Set in the Active Directory domains that replicate their databases with each other
Forest
The process of storing a data file in several “chunks” or fragments rather than in a single contiguous sequence of bits in one place on the storage medium
Fragmentation
The use of special regression testing tools to generate out-of-spec input for an application in order to find security vulnerabilities. Also “regression testing”
Fuzzing
A network point that acts as an entrance to another network
Gateway
Is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed
GNU
The process of identifying and fixing vulnerabilities on a system
Hardening
Are used to generate a one way “check sum” for a larger text, which is not trivially reversed
Hash Functions
Is the extra information in a packet that is needed for the protocol stack to process the packet
Header
A form of active wiretapping in which the attacker seizes control of a previously established communication association
Hijack Attack
Programs that simulate one or more network services that you designate on your computers ports
Honey Pot
Any computer that has full two-way access to other computers on the Internet. Or a computer with a web server that serves the pages for one or more web sites
Host
Systems use information from the operating system audit records to watch all operations occurring on the host that intrusion detection software has been installed upon
Host-Based Intrusion Detection
Is a server that acts as a middleman in the communication between HTTP clients and servers
HTTP Proxy
When used in the first part of a URL. This term specifies the use of HTTP enhanced by security mechanism, which is usually SSL
HTTPS
Is a network device that operates by repeating data that it receives on one port to all other ports. As a result, data transmitted by one host is retransmitted to all other hosts on the hub
Hub
Builds on the dictionary attack method by adding numerals and symbols to dictionary words
Hybrid Attach
An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption
Hybrid Encryption
In hypertext or hypermedia, an information object that points to related information that is located elsewhere and can be retrieved by activating a link
Hyperlink
The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page
Hypertext Markup Language (HTML)
The protocol in the Internet Protocol (IP) family used to transport hypertext documents across an internet
Hypertext Transfer Protocol (HTTP)
As an adverse network event in an information system or network or the threat of the occurrence of such an event
Incident
Rely on the user to make logical connections between seemingly unrelated pieces of information
Inference Attack
Is the competition between offensive and defensive players over information resources
Information Warfare
Are where an attacker intentionally send unusual input in the hopes of confusing an application
Input Validation Attacks
Is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete
Integrity
An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the stat of the IP network
Internet Control Message Protocol (ICMP)
A protocol that defines how a client should fetch mail from and return mail to a mail server.
Internet Message Access Protocol (IMAP)
The method or protocol by which data is sent from one computer to another on the Internet
Internet Protocol (IP)
A developing standard for security at the network or packet processing layer of network communication
Internet Protocol Security (IPsec)
A computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders
Intranet
A security management system for computers and networks. Gathers and analyzes information from various areas within a computer or a network identify possible security breaches, which include intrusions and misuse
Intrusion Detection
A computers inter-network address that is assigned for use by the Internet Protocol and other protocols.
IP Address
A denial of service attack that sends a host more echo request (“ping”) packets than the protocol implementation can handle
IP Flood
Is an Operating System option that allows a host to act as a router. A system that has more than 1 network interface
IP Forwarding
A voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations
ISO - International Organization for Standardization
A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, peer entity authentication service and access control service distributed in a client-server network environment
Kerberos
The essential center of a computer operating system, the core that provides basic services for all other parts of the operating system.
Kernel
An Internet Protocol (originally developed by Cisco) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network
Layer 2 Forwarding Protocol (L2F)
An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet
Layer 2 Tunneling Protocol (L2TP)
Is the principle of allowing users or applications the least amount of permissions necessary to perform their intended functions
Least Privilege
A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet
Lightweight Directory Access Protocol (LDAP)
Associates a list of users and their privileges with each other
List Based Access Control
Allow for the adding of additional functionality directly into the kernel while the system is running
Loadable Kernel Modules (LKM)
Are programs or snippets of code that execute when a certain predefined event occurs. May also be set to go off on a certain date or when a specified set of circumstances occur
Logic Bombs
Is an elementary building block of a digital circuit. Have two inputs and one output.
Logic Gate
A physical address; a numeric value that uniquely identifies that network device from every other device on the planet
MAC Address
Software that appears to perform a useful or desirable function; but actually gains authorized access to system resources or tricks a user into executing other malicious logic
Malicious Code
A generic term for a number of different type of malicious code
Malware
Is where the system controls access to resources based on classification levels assigned to both the objects and the users
Mandatory Access Control (MAC)
Type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other
Man-in-the-Middle Attack (MitM)
A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November 1988, causing problems for thousands of hosts
Morris Worm
Broadcasting from one host to a given set of hosts
Multi-Cast
To combine multiple signals from possibly disparate sources, in order to transmit them over a single path
Multiplexing
It is used to share one or a small number of publicly routable IP addresses among larger number of hosts
NAT - Network Address Translation
A unit of the US Commerce Department. Formerly known as the National Bureau of Standards
National Institute of Standards and Technology (NIST)
Any act of God that disables a system component
Natural Disaster
Translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside
Network Address Translation
To compile and electronic inventory of the systems and the services on your network
Network Mapping
Are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices
Network Taps
Monitors the traffic on its network segment as a data source. Generally accomplished by placing the network interface card in promiscuous mode to capture all network traffic that crosses its network segment
Network-Based IDS
