Flashcards in Chapter 19: Protecting Your Network Deck (61):
The process of pretending to be someone or something you are not by placing false information into your packets.
Doing things with a protocol that it wasn't meant to do, usually to carry out an attack.
Packets with unwanted information in an attempt to break another system.
The way that an exploit takes advantage of a vulnerability.
The time frame in which a bad guy can apply an attack surface against a vulnerability before patches are applied to prevent the exploit.
New attacks using vulnerabilities that haven't yet been identified or fixed.
ARP Cache Poisoning
Target the ARP caches (storing known IPs and MAC addresses) on hosts and switches
A special broadcast that a sending device sends out if it doesn't know the destination device's MAC address.
Dynamic ARP Inspection (DAI)
Tool to prevent ARP poisoning.
Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources.
Typically used to block attacks that use a rogue DHCP server.
Denial of Service (DoS) attack
A targeted attack on a server that provides some form of service on the Internet, with the goal of making that site unable to process any incoming server requests.
The aspect of a DoS attack that makes a server do a lot of processing and responding.
The process of sending artificial jam signals that effectively prevent any other station on the collision domain from transmitting its data onto the network. (Fixed by switches!)
Distributed DoS (DDoS)
Uses many many computers under the control of a single operator to launch a coordinated attack.
A single computer under the control of an operator
A group of computers under the control of one operator
Requests are sent to normal servers as if they had come from the target server and the responses from the normal servers are reflected to the target server, overwhelming it.
A form of DoS attack that sends broadcast pings to the victim
Caused by too much legitimate traffic on a server that is too weak to handle it.
An attack that damages the targeted machine and renders that machine inoperable. (Also known as phlashing)
An attacker taps into communications between two systems, intercepting traffic, reading or manipulating it, then sending it on.
Tries to intercept a valid computer session to get authentication information.
When a malicious user probes a host's open ports to learn details about running services.
Older technique to hack a switch to change a normal switch port from an access port to a trunk port, the hacker to access different VLANs.
A program that can make a copy of itself without your necessarily being aware of it.
All viruses carry some payload that may or may not do something malicious.
A form of virus that doesn't infect other files on the computer, but replicates by making copies of itself on other systems on a network.
A type of virus that exploits application macros to replicate and activate.
A piece of malware that pretends to do one thing, but actually does something evil.
They don't replicate
A Trojan horse that takes advantage of very low level operating system functions to hide itself from all but the most aggressive of anti-malware tools
A program that monitors the types of Web sites you frequent and uses that info to generate targeted advertisements.
A function of any program that sends info about your system or your actions over the Internet
The process of using or manipulating people inside the networking environment to gain access to that network from the outside.
The attacker poses as some sort of trusted site in an attempt to get you to reveal sensitive information.
Background programs in an operating system that do behind-the-scenes grunt work that users don't need to interact with on a regular basis.
What can you do if you really want to use insecure protocols?
Run them through a VPN
RF Emanation Vulnerability
Radio waves can penetrate walls to a certain extent, and accidentally spill into other areas.
The NSA's security standard that is used to combat RF emanation by using enclosures, shielding, and even paint.
When a locked door is opened by an authorized person and an unauthorized person tries to sneak in behind them
Still-frame or video camera with a network interface and TCP/IP protocols to send output to a network resource or destination
Closed-Circuit Televisions (CCTVs)
A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices.
Principal of Least Privilege
Promotes minimal user profile privileges on computers, based on users' job necessities.
Unauthorized Access v. Improper Access
Unauthorized access is when a person does something out of the scope of his authority, and improper access occurs when a user who shouldn't have access gains access through some means
Network Access Control (NAC)
A standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network.
Process by which a client presents its security characteristics to an access control server.
A process or program running within the computer that scans the computer to create an inventory of configuration info, resources, and assets
An agent that once installed stays installed and runs every time the computer boots up.
Downloaded and run when needed, then released when the connection ends
A network separate from your main network that you intend for visitors and clients to use.
Where a node may be sent when it is denied connection to the production network.
A malware program that poses as anti-malware.
Systems with very high network output
Code pattern of a known virus
Blocks or allows traffic to move through based on a set of rules
Component of firewalls giving the capability to tell if a packet is part of an existing connection by looking at its relation to other packets
Deep Packet Inspection (DPI)
Firewalls with DPI filter based on the application or service that originated the traffic.
Enables admins to filter traffic based on specific signatures or keywords.
Demilitarized Zone (DMZ)
A lightly protected or unprotected subnet network positioned between an outer firewall and an organization's highly protected internal network.
Used mainly to host public address servers such as Web servers.
A machine that is fully exposed to the Internet.
A computer that presents itself as a tempting target to a hacker, but is a decoy.