Unit 3 - Module 3 Flashcards
```
What’s the difference between DDoS and DoS?
A denial-of-service (DoS) attack floods a server with traffic, making a website or resource unavailable, with just one machine. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
What is TCP? (Transmisson Control Protocol)
A communication standard that **enables ** application program and computing devices to exchange messages over a network.
What do you call the DoS attack that simulates a TCP connection and floods a server with SYN packets?
A SYN ( Synchronzie ) Flood Attack
What protocol informs data transmissions across the network?
Internet Control Message Protocol (ICMP)
What do you call the DoS attack that sends ICMP packets repeatedly to a network server?
Internet Control Message Protocol (ICMP) Flood
What do you call the type of DoS attack that a hacker pings a system by sending it oversized ICMP packets that are bigger than 64KB?
Ping of Death
What is a network protocol analyzer also known as?
A Packet Sniffer
What is a tcpdump and what does it display?
A tcpdump is a command-line network protocol analyzer. ( Think of a commandline like using “run” on windows)
It displays timestamp, IP address, destination IP addresses, and port numbers ( source and destination ) being used in the communications.
What is passive packet sniffing?
A type of attack where data packets are in transit
ie) Think of the mailman reading someones mail before handing it off.
What is active packet sniffing?
A type of attack where data packets are manipulated in transit
What are 2 ways to prevent packet sniffing from threat actors?
Using a VPN and making sure your website is using HTTPS
What are the 3 common IP spoofing attacks?
On-Path attack
Replay Attack
Smurf Attack
What is an on-path attack?
Where malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit.
What is a replay attack?
A network attack performed when a malicious actor intercepts a data packet in transit and delays it or reapets it at another time.
This can cause connection issues.
What is a smurf attack?
A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets.
What do you call the process of strengthening a system to reduce it’s vulnerability and attack surface area?
Security hardening
What do you call potential vulnerabilities that a threat actor could exploit?
Attack Surface
What are 5 things Security Hardening looks at?
Hardware
Operating Systems
Applications
Computer Networks
Databases
What do you call a simulated attack that help identify vulnerabilities in systems, networks, websites, applications, and processes.
Penetration Test
What do you call the interface between compter hardware and the user?
Operating System (OS)
What do you call a software and operating system update that addresses security vulnerabilities within a program or product?
Patch Update
What is a security measure which requires a user to verify their identity in two or more ways to access a system or network?
Muti-factor authentication (MFA)
What is a Baseline Configuration? (Baseline image)
A documented set of specifications with a system that is used as a basis for future builds, realeases, and updates.
What is a trail-and-error process of discovering private information?
Brute Force Attack
What are 2 kinds of a Brute Force Attacks?
Simple Brute Force Attack - Guessing a user’s login credentials.
Dictionary Attacks - Using commonly used passwords and stolen credentials from previous breaches.
What are software versions of physical computers?
Virtual Machines (VMs)
What do you call a testing enviroment that allows you to execute software of programs separate from your network?
A Sandbox Environment
What do you call encrypting original text making it impossible for a threat actor can packet sniff data?
Salting and Hashing
What are 4 prevention measure used to protect from brute force attacks?
Salting and Hashing
Multi-factor authentication (MFA) and two factor authentication (2FA)
CAPTCHA and reCAPTCHA
Password policies
What’s the difference between MFA and 2FA?
2FA only needs 2 forms of verification.
While MFA uses more.
What are 3 network security hardening tasks?
Port Filtering
Network access privilege
Encryption
What do you call an application that monitors system activity, data packet sniffs and alerts on possible intrustions?
An Intrustion Detection System ( IDS )
What do you call an application that monitors system activity and stop possible intrusions?
Intrusion Prevention System (IPS)
What do you call on-demand network access to a share pool of configurable comptung resourses?
Cloud Computing
What is the processes and technologies that helps organizations manage digital identities in their enviroment?
Identity Access Management (IAM)
What is a zero day attack?
An exploit that was previously unknown
Bascially, a organization goes under attack and how the attack happens has never been seen before. Therefore the engineers have zero days worked on a patch for this attack.
What is the shared responsibility model in regards to CSP’s?
Where CSP’s are responsible for cloud infrastructure, including physical data center, hypervisors, and host operating system.
While the company is responsible for the assests and processes that they store or operate in the cloud.
