Chapter 19: Protecting Your Network Flashcards Preview

Network+ > Chapter 19: Protecting Your Network > Flashcards

Flashcards in Chapter 19: Protecting Your Network Deck (61):
1

Spoofing

The process of pretending to be someone or something you are not by placing false information into your packets.

2

Protocol Abuse

Doing things with a protocol that it wasn't meant to do, usually to carry out an attack.

3

Malformed packets

Packets with unwanted information in an attempt to break another system.

4

Attack Surface

The way that an exploit takes advantage of a vulnerability.

5

Attack Window

The time frame in which a bad guy can apply an attack surface against a vulnerability before patches are applied to prevent the exploit.

6

Zero-day Attacks

New attacks using vulnerabilities that haven't yet been identified or fixed.

7

ARP Cache Poisoning

Target the ARP caches (storing known IPs and MAC addresses) on hosts and switches

8

ARP Request

A special broadcast that a sending device sends out if it doesn't know the destination device's MAC address.

9

Dynamic ARP Inspection (DAI)

Tool to prevent ARP poisoning.

10

DHCP Snooping

Switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources.
Typically used to block attacks that use a rogue DHCP server.

11

Denial of Service (DoS) attack

A targeted attack on a server that provides some form of service on the Internet, with the goal of making that site unable to process any incoming server requests.

12

Amplification

The aspect of a DoS attack that makes a server do a lot of processing and responding.

13

Jamming

The process of sending artificial jam signals that effectively prevent any other station on the collision domain from transmitting its data onto the network. (Fixed by switches!)

14

Distributed DoS (DDoS)

Uses many many computers under the control of a single operator to launch a coordinated attack.

15

Zombie

A single computer under the control of an operator

16

Botnet

A group of computers under the control of one operator

17

Reflection

Requests are sent to normal servers as if they had come from the target server and the responses from the normal servers are reflected to the target server, overwhelming it.

18

Smurf Attack

A form of DoS attack that sends broadcast pings to the victim

19

Friendly/Unintentional DoS

Caused by too much legitimate traffic on a server that is too weak to handle it.

20

Permanent DoS

An attack that damages the targeted machine and renders that machine inoperable. (Also known as phlashing)

21

Man-in-the-middle

An attacker taps into communications between two systems, intercepting traffic, reading or manipulating it, then sending it on.

22

Session Hijacking

Tries to intercept a valid computer session to get authentication information.

23

Packet Sniffing

Intercepting packets

24

Banner Grabbing

When a malicious user probes a host's open ports to learn details about running services.

25

VLAN Hopping

Older technique to hack a switch to change a normal switch port from an access port to a trunk port, the hacker to access different VLANs.

26

Virus

A program that can make a copy of itself without your necessarily being aware of it.
All viruses carry some payload that may or may not do something malicious.

27

Worm

A form of virus that doesn't infect other files on the computer, but replicates by making copies of itself on other systems on a network.

28

Macro

A type of virus that exploits application macros to replicate and activate.

29

Trojan Horse

A piece of malware that pretends to do one thing, but actually does something evil.
They don't replicate

30

Rootkit

A Trojan horse that takes advantage of very low level operating system functions to hide itself from all but the most aggressive of anti-malware tools

31

Adware

A program that monitors the types of Web sites you frequent and uses that info to generate targeted advertisements.

32

Spyware

A function of any program that sends info about your system or your actions over the Internet

33

Social Engineering

The process of using or manipulating people inside the networking environment to gain access to that network from the outside.

34

Phishing

The attacker poses as some sort of trusted site in an attempt to get you to reveal sensitive information.

35

Services

Background programs in an operating system that do behind-the-scenes grunt work that users don't need to interact with on a regular basis.

36

What can you do if you really want to use insecure protocols?

Run them through a VPN

37

RF Emanation Vulnerability

Radio waves can penetrate walls to a certain extent, and accidentally spill into other areas.

38

TEMPEST

The NSA's security standard that is used to combat RF emanation by using enclosures, shielding, and even paint.

39

Tailgating

When a locked door is opened by an authorized person and an unauthorized person tries to sneak in behind them

40

IP Camera

Still-frame or video camera with a network interface and TCP/IP protocols to send output to a network resource or destination

41

Closed-Circuit Televisions (CCTVs)

A self-contained, closed system in which video cameras feed their signal to specific, dedicated monitors and storage devices.

42

Principal of Least Privilege

Promotes minimal user profile privileges on computers, based on users' job necessities.

43

Unauthorized Access v. Improper Access

Unauthorized access is when a person does something out of the scope of his authority, and improper access occurs when a user who shouldn't have access gains access through some means

44

Network Access Control (NAC)

A standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network.

45

Posture Assessment

Process by which a client presents its security characteristics to an access control server.

46

Agent

A process or program running within the computer that scans the computer to create an inventory of configuration info, resources, and assets

47

Persistent Agent

An agent that once installed stays installed and runs every time the computer boots up.

48

Non-persistent Agent

Downloaded and run when needed, then released when the connection ends

49

Guest Network

A network separate from your main network that you intend for visitors and clients to use.

50

Quarantine Network

Where a node may be sent when it is denied connection to the production network.

51

Rogue Anti-Malware

A malware program that poses as anti-malware.

52

Top-talkers

Systems with very high network output

53

Signature

Code pattern of a known virus

54

Firewall

Blocks or allows traffic to move through based on a set of rules

55

Stateful Inspection

Component of firewalls giving the capability to tell if a packet is part of an existing connection by looking at its relation to other packets

56

Deep Packet Inspection (DPI)

Firewalls with DPI filter based on the application or service that originated the traffic.

57

Content Filtering

Enables admins to filter traffic based on specific signatures or keywords.

58

Demilitarized Zone (DMZ)

A lightly protected or unprotected subnet network positioned between an outer firewall and an organization's highly protected internal network.
Used mainly to host public address servers such as Web servers.

59

Bastion Host

A machine that is fully exposed to the Internet.

60

Honeypot

A computer that presents itself as a tempting target to a hacker, but is a decoy.

61

Honeynet

A honeypot made to look like a whole network.