Flashcards in 600 Deck (100):
92 - 128 - 256 bit bit/key strength
168 bit/key strength
160 bit/key strength
SHA-1 bit/key strength
128 bit/key strength
MD5 bit/key strength
Microsoft's authentication protocol
a legacy suite of Microsoft security protocols that provides authentication - integrity - and confidentiality
Stop gap replacement for WEP while hardware was upgraded to support full WPA
TKIP(Temporal Key Integrity Protocol)
Allows single file encryption
Social media sites fuel what type of attacks?
Cognitive password attacks
encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.
PEAP(Protected Extensible Authentication Protocol)
encrypts a chunk of bits at a time before sending them over the network.
a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity
Strongest access control
limiting MAC addresses to a port prevents what?
Rogue access points
Plain text and cipher text are always the same size
Secure a router in an unsecured closet?
disable the console port
a system that is designed to detect potential data breach
DLP(data loss prevention)
Personal Electronic Device
Disable what to prevent a web server from being used as a mail relay?
Mitigate ARP spoofing attacks?
Cisco: block tftp and record it?
deny udp any server eq 69 log
Protect from zero day attacks?
Triple A Services
Authorization - Authentication - Accounting
Query packet for remote identification - lights up multiple flag fields?
Username - password & PIN?
single factor authentication
Smartcards vs key punch?
eliminates shoulder surfing
Keys needed to decrypt encrypted data are held in escrow so that an authorized third party may gain access to those keys.
A network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain - runs on each domain controller
Kerberos Key Distrobution Center
Deploys quickly and cleanly and won't leave behind oily residue - particulate - or water.
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
Changes to code and the ability to deploy
used to encrypt plaintext or to verify a digital signature
the use of different keys to perform these opposite functions - each the inverse of the other
the same key to perform both encryption & decryption
Provides centralized Authentication - Authorization - and Accounting (AAA). Layer 7 UDP -
the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL)
Chap (challenge-handshake authentication protocol)
Server sends a challenge the host - who responds with a value obtained by using a one-way hash function. The server compares it to its own calculation of the expected hash value
Key length of 168 bits (three 56-bit DES keys) - but due to the meet-in-the-middle attack - the effective security it provides is only 112 bits.
Configuring mode - encryption methods and security associations are part of?
Authentication to TCP 49?
Enforces permissions based on data labeling?
Mandatory Access Control (Least Privilege)
Goal for acceptable downtime during a disaster or other contingency?
Recovery Time Objective
What are certificates for?
code signing - client authentication
What device potentially has a DMZ interface?
What should follow patch deployment?
Audit and verification
How to ensure users only have access during certain hours?
Time of day restrictions
What logs do you use when you need to know if people are trying to access a host?
What technologies could be used to provide remote access?
firewall & VPN
Smart cards for remote authentication are susceptible to what?
Malicious code on the local system
Best tool to check user password complexity?
How to recover a forgotten password?
What is needed on a server that stores private keys?
hardware security module
A certificate authority takes what action in PKI?
issues and signs root certificates
Why is input validation important?
Mitigates buffer overflow
An inexpensive way to to deter physical intrutions?
3rd party access to data
Common security concern for cloud computing?
Counter measure for SQL injection?
Congestion on firewall and half-open connections?
Interferes with network-based detection techniques?
Random test data generated by an automated system?
Analyze a malicious payload?
when a hash function produces the same hash value for two different sets of data
Unauthorized access via Bluetooth
social engineering over telephone system
Physical accquisition of discarded data
Open Source on-the-fly encryption
Asset Value x Exposure Factor
SLE Single Loss Expectancy
VLAN Ethernet standard
Users can grant other access
Discretionary Access Control
Supports VPNs - combined with IPsec to provide security
Authenticates and/or encrypts each IP packet of a communication session.
Predecessor or TLS - developed by Netscape. Asymmetric cryptography for authentication and confidentiality of the key exchange - symmetric encryption for data/message confidentiality - and message authentication codes for message integrity
Is initialized at layer 5 (the session layer) then works at layer 6 (the presentation layer)
Also known as Triple DES. A block cipher algorithm used for encryption.
The standard that provides for bandwidths of up to 54Mbps in the 5GHz frequency spectrum.
The standard that provides for bandwidths of up to 11Mbps in the 2.4GHz frequency spectrum. This standard is also called WiFi or 802.11 high rate.
The standard that provides for bandwidths of 20Mbps+ in the 2.4GHz frequency spectrum.
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.
acceptable use policy
An attack aimed at gaining access to your resources
The meansof giving or restricting user access to network resources.
List of rights that an object has - to resources on a network.
Access Control List (ACL)
The point at which access to a network is accomplished. This term is often used in relation to WAP (Wireless Access Point).
access point (AP)
The act of being responsible for an item. The administrator is often accountable for the network and the resources on it.
The act of keeping track of activity.
A message confirming that a data packet was received. This occurs at the Transport layer of the OSI model.
The replacement for NT Directory Service (NTDS) that is included with Windows 2000/2003.
A response generated in real time.
Also known as TCP/IP hijacking. This involves an attacker gaining access to a host in the network and logically disconnecting it from the network.
A technology implemented by Microsoft that allows customized controls - icons - and other features to increase the usability of web-enabled systems.
Any action undertaken by a user.
A network created when two RF-capable devices are brought within transmission range of each other. A common example is handheld PDAs beaming data to each other.
ad hoc RF network
Protocol used to map MAC (physical) addresses to IP addresses.
Address Resolution Protocol (ARP)
These work by looking for deviations from a pattern of normal network traffic.
A set of rules that govern administrative usage of the system.
The user who is accountable and responsible for the network.
A FIPS publication that specifies a cryptographic algorithm for use by the U.S. government.
Advanced Encryption Standard (AES)
Software that gathers information to pass on to marketers - or intercepts personal data such as credit card numbers.