Things I had to improve on Flashcards
DEP
Data execution protection - stops data from executing from memory. Only data can be stored read/write, no exe.Built into windows, useful for buffer overflow attacks etc.
What is the history of firewalls specifically that leading up to next-gen?
1st gen stateless, 2nd gen stateful, 3rd gen, both with added OSI model benefits, deep packet filtering, application firewalls, etc.
What can be used to segment a network?
A switch, router,SDN, VLAN, Firewall can all segment a network. Hubs cannot.
MAC filtering occurs on which layer of the OSI model?
The data link layer (layer 2) deals with MAC addresses, whereas layer 3 (network layer) deals with IP addresses.
Port scanning, what best describes this type of penetration testing?
Active reconnaissance as it can be invasive - because it is engaging with the system (not that it is invading)
What is the hallmark of an APT?
Advanced persistant threat - to stay in a system as long as possible unnoticed
White vs Grey vs Black box
White - Full knowledge of internal systems
Grey - Some knowledge, possibly an employee
Black - unethical hacker no knowledge at allo information at all, not even OS etc.
CSS vs CSRF vs SQL Injection
CSS uses script embedded into the webpage which the user then trusts and loads. It can be reflected or stored.
CSRF - code is created to perform a request on behalf of the user, user’s trust with website is taken advantage of, their session can be used to authenticate. Link is sent. A link is usually crafted to look genuine “Wow I found this picture of you”
SQL injection - injection based on an SQL database to achieve a goal.
What does amplification refer to? (as an attack)
DDoS attack that uses public DNS servers to flood target servers with DNS response traffic
What are the different hypervisors and their security?
Type 1 - firmware based, relies on the physical hardware, is far more secure. Not OS dependant
Type 2 - Software based, goes ontop of the OS, less secure, more for end users.
What are the five developmental environments?
Dev, test, staging, prod, QA
What is EAP? and list a few
Extensible authentication protocol, used for authentication networks and internet connections.
EAP-LEAP (can catch, not that secure, uses MSCHAP)
EAP-FAST (faster than leap, more secure)
EAP-PEAP protected EAP
EAP-TTLS (Tunneled TLS - JUSTSERVER)
EAP-TLS (more secure, sever+client certificates)
RADIUS vs TACACS+ (what are they how are they different)
Authentication protocols. Remote auth. dial-in user service (RADIUS) mainly for network access protocol for user auth..
Only really encrypts passwords.
TACACS - authenticates network devices not just user accounts. Administers network devices like routers and switches. Fully encrypts packets.
What is OPENID?
OpenID is built on Oauth to help with SSO
Order of data volitility?
Data in memory always most volatile. Such as CPU registers, caches, & system RAM. In that order. Then disks, tapes, remote logs.
