Security (V) Flashcards
VLAN Hopping
*Ability to send traffic from one VLAN into another, bypassing VLAN segmentation
*Sending packets to a port not usually accessible from an end system
ARP Spoofing
Sending falsified ARP Messages over a local area network
Spoofing
Occurs when an attacker masquerades as another person by falsifying their identity
On-Path/Man-in-the-Middle (MITM) Attack
Occurs when an attacker puts themselves between the victim and the intended destination.
Session Hijacking
Attacker guesses the session ID in use between a client and server and takes over the authenticated session.
DNS Poisoning
An attacker manipulates known vulnerabilities within DNS to reroute traffic to a fake version of a site.
Rogue DHCP Server
A DHCP server on a network which is not under the administrative control of the network admins
TCP SYN Flood
Occurs when an attacker initiates multiple TCP sessions, but never completes them.
Smurf Attack (ICMP Flood)
An attacker sends a ping to a subnet broadcast address with the source IP spoofed to that of the victim server.
Purging/Sanitizing
Removes data which cannot be reconstructed using any known forensic techniques
Clearing Technique
Removes data with a certain amount of assurance that it can’t be reconstructed.
Access Control Vestibule (Mantrap)
An area between two doorways that holds people until they are identified and authenticated.
Network Access Control (NAC)
Ensures a device is scanned to determine its current state of security prior to being allowed network access.
Persistent Agent
A piece of software installed on a device requesting access to the network
Non-Persistent Agent
Requires the users to connect to the network and go to a web-based captive portal to download an agent onto their devices.
Zero-Day Vulnerability
A new vulnerability that no one knows about yet.
Common Vulnerabilities and Exposures (CVE)
List of known vulnerabilities
Posture Assessment
Assesses cyber risk posture and exposure to threats cause by misconfigurations and patching delays.
Business Risk Assessment
Used to identify, understand, and evaluate potential hazards in the workplace
Mandatory Access Control (MAC)
Access control policy where the computer system gets to decide who gets access to what objects
Zero-Trust
A security framework that requires users to be authenticated and authorized before being granted access to applications and data.
DMZ
A perimeter network that protects an organization’s internal local area network from untrusted traffic
Screen Subnet
Subnet int the network architecture that uses a single firewall with three interfaces to connect three dissimilar networks
Dual Control
Two people have to be present at the same time to do something
Wireless Analyzer
Ensures you have the proper coverage and helps prevent overlap between wireless access point coverage zones and channels
Protocol Analyzer
Used to capture and analyze signals and data traffic over a communication channel
Logic Bomb
A specific type of malware that is tied to either a logical event or a specific time
Firewall Zone
Firewall interface in which you can set up rules
Inside
Outside
DMZ
Unified Threat Management (UTM) Device
Combines firewall, router, intrusion d/p system, anti-malware, and other features into a single device
Three methods of intrusion detection
Signature-based
Policy-based
Anomaly-based
Least Functionality
Configuring a device, server, or workstation to only provide essential services required by the user
Dynamic ARP Inspection (DAI)
*Validates Address Resolution Protocol (ARP) packets
*Helps against ARP Poisoning
Stateless Firewall/Packet-Filtering Firewall
*L3
*Does not preserve information about the connection
*Each packet is analyzed independently with no record of previously processed packets.
*Requires the least processing effort
*Can be vulnerable to attacks spread over a sequence of packets
*Filter on
-IP (source/dest)
-Protocol ID/type
-Port Number
Stateful Inspection Firewalls
*L5
*Maintain stateful information about session
*Information is stored in a dynamically updated state table
*Once the connection has been allowed, the firewall allows traffic to pass unmonitored, in order to conserve processing effort.
Stateful Firewall
Inspects traffic as part of a session and recognizes where the traffic originated
NextGen Firewall (NGFW)
Third-generation firewall that conducts deep packet inspection and packet filtering
What happens when IDS inspects a packet
- Evaluate the entire packet
- Check all the alert rules
- Log any matches it finds
- Allow it to continue onward to its destination.
Aplication-aware Firewall
- Make decisions about what applications are allowed or blocked
- Inspecting the data contained within the packets
Kerberos
- Authentication protocol
- Send data over insecure networks while using strong encryption
Network-based anti-malware
- Can be installed as a rack-mounted, in-line network appliance
- Don’t have to install software on each client.
- Often come as part of a UTM
WAF (Web Application Firewall)
Protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
