Flashcards in 800 Deck (100):
Layer 1 of the OSI Model
Layer 2 of the OSI Model
Layer 3 of the OSI Model
Layer 4 of the OSI Model
Layer 5 of the OSI Model
Layer 6 of the OSI Model
Layer 7 of the OSI Model
A network database that contains a listing of all network resources - such as users - printers - groups - and so on.
A network service that provides access to a central database of information - which contains detailed information about the resources available on a network.
A method of communication between wireless receivers.
A communications technology that is used to communicate in the 802.11 standard. It accomplishes communication by adding the data that is to be transmitted to a higher-speed transmission
direct-sequence spread spectrum (DSSS)
The act of recovering data following a disaster that has destroyed the data.
The procedure by which data is recovered after a disaster.
disaster recovery plan
A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.
Discretionary Access Control (DAC)
Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk faults.
Technology that enables writing data to multiple disks simultaneously in small portions called stripes.
A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails - the data on it can be recreated by looking at the remaining data and computing parity to figure out the missing data.
disk striping with parity
A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target.
Distributed Denial of Service (DDoS) attack
Any server that performs host name-to-IP address resolution.
An area in the DNS hierarchy that is managed as a single unit.
Within the Internet - this is a group of computers with shared traits and a common IP address set.
The network service used in TCP/IP networks that translates host names to IP addresses.
Domain Name Service (DNS)
A host that resides on more than one network and posses more than one physical network card.
A keyboard and monitor that send keystrokes to a central processing computer (typically a mainframe or minicomputer) that returns screen displays to the monitor. The unit has no processing power of its own.
Looking through trash for clues--often in the form of paper scraps--to users' passwords and other pertinent information.
Two hard drives to which identical information is written simultaneously. A dedicated controller card controls each drive. Used for fault tolerance.
duplexed hard drives
Two servers that are identical - for use in clustering.
A protocol used on a TCP/IP network to send client configuration data - including TCP/IP address - default gateway - subnet mask - and DNS configuration - to clients.
Dynamic Host Configuration Protocol (DHCP)
A type of firewall used to accept or reject packets based on their contents.
dynamic packet filtering
The use of route-discovery protocols to talk to other routers and find out what networks they are attached to. Routers that use dynamic routing send out special packets to request updates from the other routers on the network as well as to send their own updates.
A TCP/IP port used by an application when needed. The port isn't constantly used.
dynamically allocated port
Any type of passive attack that intercepts data in an unauthorized manner--usually in order to find passwords.
The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable. The result is degradation of the signal.
electromagnetic interference (EMI)
A type of public key cryptosystem that requires a shorter key length than many other cryptosystems (including the de facto industry standard - RSA).
Elliptic Curve Cryptosystem (ECC)
A header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).
Encapsulating Security Payload (ESP)
The process of translating data into signals that can be transmitted on a transmission medium.
The process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can't decrypt it.
A string of alphanumeric characters used to decrypt encrypted data.
The process of luring someone.
The process of encouraging an attacker to perform an act - even if they don't want to do it.
An attempt to gain information about a network by specifically targeting network resources - users and groups - and applications running on the system.
The act of moving something up in priority. Often - when an incident is escalated - it's brought to the attention of the next highest supervisor.
A shared-media network architecture. It operates at the Physical and Data Link layers of the OSI model.
A level of assurance - expressed as a numeric value - based on standards set by the CCRA (Common Criteria Recognition Agreement).
Evaluation Assurance Level (EAL)
Any noticeable action or occurrence.
A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack - the exposure factor is 100 percent.
A threat that originates from outside the company.
Web (or similar) services set up in a private network to be accessed internally and by select external entities - such as vendors and suppliers.
Examining data leaving the network for signs of malicious traffic.
Programs that provide additional functionality to Web browsers.
Part of the TCP/IP protocol for determining the MAC address based on the ip address.
Address Resolution Protocol (ARP)
An attack that corrupts the ARP cache.
Files that are coupled to e-mail messages.
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data.
A file on a local computer in which a server stores user-specific information.
Injecting and executing commands to execute on a server.
An attack that injects scripts into a Web application server to direct attacks at clients.
Cross-site Scripting (XSS)
An attack that attempts to prevent a system from performing its normal functions.
Denial of Service (DoS)
An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
Distributed Denial of Service (DDoS)
An attack that substitututes DNS addresses so that the computer is automatically redirected to another device.
A hierarchical name system for matching computer names and numbers.
Domain Name System (DNS)
A cookie that is created from the Web site that currently is being viewed.
A cookie named after the Adobe Flash player.
A list of the mappings of names to computer numbers.
Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.
Modifying HTTP headers to create an attack.
HTTP header manipulaatioon
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.
Persistent Cookie (tracking cookie)
A utility that sends an ICMP (Internet Control Message Protocol) echo request message to a host.
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
An attack that makes a copy of the transmission before sending it to the recipient.
A cookie that is only used when a browser is visiting a server using a secure connection.
A cookie that is stored in Random Access Memory (RAM) - instead of on the hard drive - and only lasts for the duration of visiting a Web site.
An attack in which an attacker attempts to impersonate the user by using his session token.
A form of verification used when accessing a secure Web application.
An attack that broadcasts a ping request to all computers on the network yet changes the address from which the quest came to that of the target.
Impersonating another computer or device.
An attack that targets SQL servers by injecting commands to be manipulated by the database.
An attack that takes advantage of the procedures for initiating a TCP session.
SYN Flood Attack
A cookie that was created by a third party that is different from the primary Web site.
An attack involving using a third party to gain access rights.
A markup language that is designed to carry data instead of indicating how to display it.
XML (Extensible Markup Language)
An attack that injects XML tags and data into a database.
Attacks that exploit previously unknown vulnerabilities
Zero Day Attacks
What are the three vulnerability control types?
Technical - Management and Operational
What are the three primary functions of controls?
Preventative - detective and corrective
The National Institue of Standards and Technology
Information Technology Laboratory
Uses technology to reduce vulnerabilities.
Specifies that individuals or processes are granted only rights and permissions needed to perform their assigned tasks or functions - but no more
Provides protection against infection from malicious software and viruses
Monitors a network or host for intrusions and provides ongoing protection against various threats
Intrusion Detection Systems (IDSs)
Restricts network traffic going in and out of a network
Use planning and assessment methods to provide an ongoing review of the organization's ability to reduce and manage risk.
Helps quantify and qualify risks within an organization so that they can focus on serious risks.
Attempts to discover current vulnerabilities