Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
187 Cards in this Set
- Front
- Back
|
What are the five different approaches to risk?
|
Avoidance (Don't engage in that activity)
Transference (Share the risk, think insurance) Mitigation (Take steps to reduce the risk) Deterrence (Warn of harm to others if they affect you) Acceptance (Be willing to live with the risks) |
|
|
What is a:
Recovery Point Objective (RPO) |
Defines the point at which the system needs to be restored.
|
|
|
Define:
RAID |
Redundant Array of Independent Disks
|
|
|
What is
RAID 5 |
Disk striping with parity information spread over all disks.
|
|
|
What is:
Single Loss Expectancy (SLE) |
How much loss is expected at one time.
|
|
|
What are the three types of controls that can be administered?
|
Technical
Management Operational |
|
|
What is:
Quantitative Loss |
Loss that is cost–based and objective.
|
|
|
What is:
RAID 3 |
Disk striping with a parity disk.
|
|
|
What are:
Standards |
Deals with specific issues or aspects of a business, and is derived from a policy. Standards should provide enough detail to audit.
|
|
|
What is:
RAID 1 |
Disk mirroring
|
|
|
What is:
Mean Time Between Failures (MTBF) |
The measure of the anticipated incidence of failure for a system or component.
|
|
|
What is:
Recovery Time Objective (RTO) |
The maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable.
|
|
|
What is:
Qualitative Loss |
Loss that is opinion–based and subjective.
|
|
|
What is the formula to calculate risk?
|
SLE x ARO = ALE
|
|
|
What is:
Annual Loss Expectancy (ALE) |
The monetary measure of how much loss you could expect in a year.
|
|
|
What is:
Mean Time To Resolution (MTTR) |
The measurement of how long it takes to repair a system or component once a failure occurs.
|
|
|
What is:
Annualized Rate of Occurrence (ARO) |
The likelihood (based on historical data) of an event (x number of times) in a year.
|
|
|
What is:
RAID 0 |
Disk striping using multiple drives and mapping them together as a single drive.
|
|
|
What are:
Policies |
Provides the people in an organization with guidance about their expected behavior.
|
|
|
What are:
Threat Vectors |
The ways in which an attacker poses a threat (i.e. vulnerability scanner, phishing email, unsecured hotspot, etc.)
|
|
|
What is:
Mean Time To Failure (MTTF) |
The average time for failure for a non–repairable system.
|
|
|
Define:
BIA |
Business Impact Analysis
|
|
|
What are:
Guidelines |
Help an organization implement or maintain standards by providing information on how to accomplish the policies and maintain the standards. Guidelines are less formal than policies or standards.
|
|
|
What is:
Platform as a Service (PaaS) |
Platform as a Service:
Also known as cloud platform services. Vendors allow apps to be created an run on their infrastructure (i.e. Amazon Web Services and Google code). |
|
|
What is:
Software as a Service (Saas) |
Is most often thought of by users as "the cloud". Applications are remotely run over the Web (i.e. Salesforce.com).
|
|
|
What is:
Infrastructure as a Service (IaaS) |
Utilizes virtualization and clients pay an outsourcer for resources.
|
|
|
What is:
Fault Tolerance |
The ability of a system to sustain operations in event of component failure.
2 key components: Spare parts Electrical power |
|
|
What is:
Redundancy |
Duplicate or Failover
|
|
|
Define:
AUP |
Acceptable Use Policies
|
|
|
What is:
High Availability (HA) |
Keep services operational during an outage. 99.999%
|
|
|
What is:
Maximum Tolerable Downtime (MTD) |
The Maximum length of time a business function can be inoperable without causing irreparable harm to the business.
|
|
|
What are the three types of patches?
|
Service Pack – Periodic update, corrects known problems.
Updates – Fixes for individual customers Security updates – Address security vulnerabilities |
|
|
What is hardening?
|
The process of securing a system by reducing its surface of vulnerability. (i.e. removing unwanted software, disabling unneeded services, etc)
|
|
|
What are alerts?
|
Issues you need to pay attention to, but are not immediately critical.
|
|
|
What are alarms?
|
Indications of ongoing, current problems.
|
|
|
Define:
EAPOL |
Extensible Authentication Protocol Over LAN
|
|
|
What is a:
Network Monitor |
Also known as sniffers, they were originally introduced to help troubleshoot network problems.
|
|
|
What is:
Promiscuous mode |
A mode in which the network card looks at any packet that it sees on the network, even if that packet is not addressed to that network card
|
|
|
What are:
Event Logs |
System logs that record various events that occur
|
|
|
What is the:
Windows Application Log |
Contains various events logged by applications or programs
|
|
|
What is the:
Windows Security Log |
Logs successful and unsuccessful logon attempts , events related to resource use (such as creating, opening, or deleting files or other objects)
|
|
|
What is:
Performance Monitor |
A utility that can be used to examine activity on any counter (i.e. processor or RAM usage)
|
|
|
What are four aspects of a security audit?
|
Review of security logs
Review of policies and compliance with policies A check of security device configuration Review of incident response reports |
|
|
What are the three classifications of security gaps?
|
Minor – This is a deviation from the security baseline that does not pose an immediate threat
Serious – This is a deviation that could pose an immediate threat, but is unlikely or difficult Critical – This is a deviation that poses an immediate threat that must be addressed ASAP |
|
|
Define (include definition, port, and use):
POP3 |
Definition: Post Office Protocol v3
Port: TCP Port 110 Use: For sending and receiving email between a client machine and a server. Messages are typically deleted from the server after the messages are downloaded |
|
|
Define (include definition, port, and use):
NetBIOS (session service) |
Definition: Network Basic Input/Output System
Port: TCP & UDP 139 Use: Lets two computers establish a connection and allows messages to span multiple packets. Provides error detection and recovery. |
|
|
Define:
Router |
A device used for connectivity between two or more networks by providing a path between the networks. Routes based on IP address.
|
|
|
What is a:
Packet Filter Firewall |
Filters traffic based on basic identification items found in a network packet's header. This includes source and destination address, port numbers, and protocols used. They operate at the Network layer (layer 3) and the Transport layer (layer 4) of the OSI model. They can also be called common routers.
|
|
|
What is:
Network Address Translation (NAT) |
Effectively hides your network by translating internal IP addresses to a single (external) IP address.
|
|
|
What is:
Virtual Local Area Network (VLANs) |
Allow you to create groups of users and systems, and segment them on the network.
|
|
|
What is a:
Demilitarized Zone (DMZ) |
An area where you can place a public server for access by people you might not trust otherwise. Also used to hide or remove access to other areas of your network.
|
|
|
What is an:
Application Programming Interface (API) |
Allows programmers to create interfaces to the protocol suite.
|
|
|
What is a:
Network Access Control (NAC) |
A set of standards defined by the network for clients attempting to access it. Similar to an ACL.
|
|
|
What is:
Subnetting |
Using the subnet mask value to divide a network into smaller components. Gives you more networks, but a smaller number of hosts per network.
|
|
|
What is the:
User Datagram Protocol (UDP) |
Provides an unreliable connectionless communication method between hosts. Best effort, but faster than TCP.
|
|
|
Define (include definition, port, and use):
HTTP |
Definition: Hyper Text Transfer Protocol
Port: TCP and UDP 80 Use: To exchange or transfer hypertext (web pages) |
|
|
What is a:
Intrusion Detection System (IDS) |
Software that runs on individual workstations or on network devices to monitor and track network activity.
|
|
|
What is a:
Network Intrusion Detection System (NIDS) |
Attaches the system to a point in the network where it can monitor and report on all network traffic.
|
|
|
What is the:
Application Layer |
The highest layer. Allows applications to access services or protocols to exchange data.
|
|
|
How many bits are used for IPv4 addressing?
|
32 bits
|
|
|
How many bits are used for IPv6 addressing?
|
128 bits
|
|
|
Define:
Proxy Firewall |
Used to process request from an outside network. Makes rule–based decisions on whether the request should be forwarded or refused. Intercepts all packets and reprocesses. It also hides IP addresses.
|
|
|
Define:
Switch |
A device that routes based on MAC address and is used internally. Improves network efficiency because of its virtual circuit capability.
|
|
|
What is the:
Internet Control Management Protocol (ICMP) |
Provides maintenance and reporting functions (i.e. ping).
|
|
|
What is a:
Stateful Packet Inspection (SPI) Firewall |
Records are kept using a state table that tracks every communication channel. Tracks the whole conversation not just the current packet and may also perform deep packet inspection and analyzes the payload of a packet.
|
|
|
What is the:
Address Resolution Protocol (ARP) |
Is responsible for IP address to Network layer address translation, including hardware addresses. Can resolve IP addresses to MAC addresses.
|
|
|
What is a:
Host–based Intrusion Detection System (HIDS) |
Designed to run as software on a host computer. Can be run as a service or as a background process.
|
|
|
Define (include definition, port, and use):
DNS |
Definition: Domain Name System
Port: UDP 53 Use: Allows host to resolve hostnames to IP addresses |
|
|
Define:
Load Balancer |
A device that shifts a load from one device to another, most often a server.
|
|
|
What is the difference between:
IPS and IDS? |
IPS reacts to the intrusion whereas IDS only reports on the intrusion.
|
|
|
What are the:
Four primary IDS approaches |
Behavior–Based: Looks for variations in behavior.
Signature–Based: Evaluates based on attack signatures and audit trails. Anomaly: Looks for anomalies. Heuristic: Uses algorithms to analyze network traffic. |
|
|
Define:
Encapsulation |
Allows a transport protocol to be sent across the network and be used by the equivalent service or protocol at the receiving end.
|
|
|
What are the:
Four layers of the TCP/IP Suite |
Application
Transport (or Host to Host) Internet Network Access (or Link, or Network Interface) |
|
|
What is the:
Transport Layer |
Provides the application layer with datagram services. TCP & UDP operate at this level.
|
|
|
What is the:
Internet Layer |
Is responsible for routing, IP addressing and packaging.
|
|
|
Define:
Proxy |
A device that acts on behalf of others.
|
|
|
What is the:
Three–way Handshake |
How a session is established. It starts with the client.
SYN –> SYN/ACK –> ACK |
|
|
What is a:
Virtual Private Network (VPN) |
Creates a private network connection that occurs though a public network.
|
|
|
Define (include definition, port, and use):
SMTP |
Definition: Simple Mail Transfer Protocol
Port: TCP 25 Use: Allows email servers to communicate with each other for message delivery. |
|
|
What is the:
Link Layer (or Network Access, or Network Interface) |
The lowest layer for the TCP/IP suite and is responsible for placing and removing packets on the physical network through communication with the network adapter(s) on the host.
|
|
|
Define:
Internet Protocol (IP) |
A routable protocol that is responsible for IP addressing. Also fragments and reassembles message package. It does not verify accuracy.
|
|
|
Define (include definition, port, and use):
FTP |
Definition: File Transfer Protocol
Port: TCP 20 (data) and TCP 21 (control) Use: Transfer of files |
|
|
What is the:
Transfer Control Protocol (TCP) |
Responsible for providing a reliable, one–to–one, connection–oriented session.
|
|
|
What is:
Layer 2 Forwarding (L2F) |
A method of creating tunnels primarily for dial–up. Similar to PPP and shouldn't be used over a WAN. Provides authentication but not encryption. Uses TCP port 1701
|
|
|
What is the:
Point–to–Point Tunneling Protocol (PPTP) |
Supports encapsulation in a single point–to–pint environment. Negotiation is done in the clear. Uses TCP port 1723.
|
|
|
Define (include definition, port, and use):
SSH & SCP |
Definition: SSH = Secure Shell
SCP = Secure Copy Port: TCP & UDP 22 Use: SSH is a tunneling protocol that uses encryption to establish a secure connection between systems. SCP is a way to securely copy files and uses SSH. |
|
|
What is:
Internet Protocol Security (IPSec) |
Used in conjunction with tunneling protocols, and is oriented primarily towards LAN–to–LAN connections. Provides secure authentication and encryption of data and headers. In tunneling mode the data/payload and headers are encrypted. In transport mode only the payload is encrypted.
|
|
|
What is the:
Layer 2 Tunneling Protocol (L2TP) |
A hybrid of PPTP and L2F. Doesn't provide data security or encryption. Uses UDP port 1701.
|
|
|
Define (include definition, port, and use):
ISCSI |
Definition: Internet Small Computer System Interface
Port: TCP 860 and 3260 Use: Data storage & transfers across a network |
|
|
What is:
Fibre Channel Over Ethernet (FCoE) |
Used for data storage and transfers, but is not routable
|
|
|
What are the:
7 Factors of Security Topology |
DMZ
Subnetting VLANS Remote Access NAT Telephony NACs |
|
|
What is a:
Remote Access Service (RAS) |
Any server service that offers the ability to connect remote systems such as VPN, ISDN, DSL. The connection may be encrypted.
|
|
|
What are the:
4 Basic Types of Firewalls |
Packet Filter
Circuit–Level Firewall SPI Firewall Application–Level Firewall |
|
|
What is a:
VPN Concentrator |
A hardware device used to create remote access VPNs. The concentrator creates encrypted tunnel sessions between hosts, and many use two–factor authentication for additional security.
|
|
|
What is a:
Network Intrusion Prevention System (NIPS) |
Monitors network traffic with a focus on preventing attacks rather than just monitoring.
|
|
|
What are some:
IDS Active Responses |
Terminate Process or session (kill TCP connections)
Network Configuration Change (Block IP or port) Deception (Fool the attacker into thinking the attack was successful by redirecting to a honeypot) |
|
|
What are some:
IDS Passive Responses |
Logging – Record the event
Notification – Communicate the event Shunning – Ignore the event |
|
|
What is the:
Internet Security Association and Key Management Protocol (ISAKMP) |
Provides a framework for authentication and key exchange within IPSEC.
|
|
|
What is a:
Application–Level Firewall |
Filters traffic based on user access, group membership, the application or service used, or the type of resources being transmitted. It operates at the Application layer (Layer 7) of the OSI model. It can be called a proxy, and is focused on the aspects of a specific appliance and protocol combination as well as the actual content of the conversation.
|
|
|
What is a:
Circuit–Level Firewall |
Filters traffic by filtering the connection between an internal trusted host and an external untrusted host. This monitoring occurs at either the Network layer (layer 3) or the Session layer (layer 5) of the OSI model. It ensures that the packets involved in establishing and maintaining a circuit are valid and used in the proper manner. Once it allows a connection, no further filtering on that communication is performed.
|
|
|
What is:
Identification |
Finding out who someone is
|
|
|
What is:
Authentication |
A mechanism of verifying identification
|
|
|
What are the:
Five factors of authentication: |
Something you know (i.e. a password or pin)
Something you have (i.e. a smart card, token, or identification device) Something you are (i.e. biometrics) Something you do (such as an action you must take to complete authentication) Somewhere you are (geolocation) |
|
|
What is:
Single–Factor Authentication (SFA) |
Only one type of authentication is checked
|
|
|
What is:
Multi–Factor Authentication |
When two or more access methods are included as part of the authentication process. (Access methods should not be from the same categories, i.e. don’t use a PIN and password as these are both “something you know”)
|
|
|
What is a:
Federation |
A collection of computer networks that agree on standards of operation, such as security.
|
|
|
What is the:
Password Authentication Protocol (PAP) |
An old system that is no longer used. Sends username and password in plaintext
|
|
|
What is the:
Shiva Password Authentication Protocol (SPAP) |
Replaced PAP. Encrypts username and password
|
|
|
What is the:
Challenge Handshake Authentication Protocol (CHAP) |
Was designed to stop man–in–the–middle attacks. During the initial authentication, the connecting machine is asked to generate a random number (usually a hash) and send it to the server. Periodically the server will challenge the client machine, demanding to see that number again.
|
|
|
What is a:
Time–Based One–Time Password (TOTP) |
A unique password that is created by an algorithm that uses a time–based factor.
|
|
|
What is a:
HMAC–Based One–Time Password (HOTP) |
A password that is created using a Hash Message Authentication Code (HMAC) algorithm
|
|
|
What is a:
Terminal Access Controller Access–Control System (TACACS) |
A client/server–oriented environment that operates in a manner similar to RADIUS
|
|
|
What is a:
Extended Terminal Access Controller Access–Control System (XTACACS) |
A client/server–oriented environment that operates in a manner similar to RADIUS, it replaced TACACS and combined authentication and authorization with logging to enable auditing
|
|
|
What is a:
Extended Terminal Access Controller Access–Control System+ (TACACS+) |
The most current method of TACACS. Allows credentials to be accepted from multiple methods, including Kerberos.
|
|
|
What is the:
Security Assertion Markup Language (SAML) |
An open standard based on XML that is used for authentication and authorization data
|
|
|
What is:
Kerberos |
An authentication protocol. Allows for single sign–on to a distributed network
|
|
|
What is a:
Key Distribution Center (KDC) |
Authenticates the principal (user, system, or program) and provides it with a ticket. The ticket can be used to authenticate against other principals
|
|
|
What is a:
Ticket Granting Ticket (TGT) |
Lists the privileges that a user has. Is encrypted and has a time limit of up to 10 hours
|
|
|
What is:
Single Sign–On (SSO) |
Gives users access to all application and systems they need when they log in instead of requiring a log in for each application or system
|
|
|
What are the:
Four Primary methods of access control |
MAC – Mandatory Access Control – All Access is predefined
DAC – Discretionary Access Control – Incorporates some flexibility RBAC – Role–Based Access Control – Allows the user’s role to dictate access capabilities RBAC – Rule–Based Access Control – Uses preconfigured policies |
|
|
What is:
Least Privilege |
A given user (or system) is given the minimum privileges necessary to accomplish his or her job.
|
|
|
What are:
Access Control Lists (ACLs) |
Enable devices in your network to ignore requested from specified users or systems, or to grant them access to certain network capabilities
|
|
|
What is:
Implicit Deny |
If the request in question has not been explicitly granted, then access is denied
|
|
|
What are the:
Three areas of port security |
MAC Limiting and Filtering – Limit access to the network to MAC address that are known, and filter out those that are not
802.1X – Port–based security for wireless network access control. Offers a means of authentication Unused Ports – All unused ports should be disabled |
|
|
What is a:
Trusted Operating System (TOS) |
Any operating system that meets the government’s requirements for security.
|
|
|
What are the:
Evaluation Assurance Levels (EALs) |
A comprehensive set of evaluation criteria (for operating systems) that is broken down into 7 levels. The levels are EAL 1 (least secure) to EAL 7 (most secure).
|
|
|
What is:
Mutual Authentication |
When two or more parties authenticate each other.
|
|
|
What is a:
Federated Identity |
A means of linking a user's identity with their privileges in a manner that can be used across business boundaries (i.e. Google checkout).
|
|
|
What is:
Transitive access |
One party (A) trusts another party (B). If the second party (B) trusts another party (C), then a relationship can exist where the first party (A) also may trust the third party (C).
|
|
|
What is a:
Remote Authentication Dial–In User Service (RADIUS) |
A mechanism that allows authentication of remote and other network connections.
|
|
|
What is a:
Common Access Card (CAC) |
A card that is issued by the DoD as a general identification/authentication card for military personnel, contractors, and non–DoD employees
|
|
|
What is a:
Personal Identity Verification Card (PIVC) |
A card that is issued to all U.S. government employees and contractors and will be required to can access (physical and logical) to government resources.
|
|
|
What is a
Token |
Similar to certificates, they are used to identify and authenticate the user. They contain the rights and access privileges of the token bearer as part of the token.
|
|
|
What is a
Flood Guard |
A protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks. Reducing this tolerance makes it possible to lessen the likelihood of a successful DoS attack.
|
|
|
What is
Loop Prevention |
Works in layer 2 switching configurations and is intended to prevent broadcast loops.
|
|
|
What is
Network Bridging |
When a device has more than one NIC and the opportunity presents itself for a user on one of the networks to jump to the other network.
|
|
|
What is
Spanning Tree Protocol (SPT) |
Intended to ensure loop–free bridged Ethernet LANs. It operates at the Data Link Layer and ensures only one active path exists between two stations.
|
|
|
What is:
802.11x |
A family of protocols that provides for wireless communications using radio frequency transmissions. It uses the 2.4 GHz and 5GHz frequency spectrum.
|
|
|
What is:
802.11 |
A standard that defines wireless LANs transmitting at 1 Mbps or 2Mbps bandwidth using the 2.4 GHz frequency.
|
|
|
What is:
802.11a |
A standard that provides wireless LAN bandwidth of up to 54 Mbps in the 5 GHZ frequency.
|
|
|
What is:
802.11b |
A standard that provides wireless bandwidth of up to 11 Mbps (with fallback rates of 5.5, 2, and 1 Mbps) on the 2.4 GHz frequency. It is also called Wi–Fi or 802.11 high rate.
|
|
|
What is:
802.11g |
A standard that provides for bandwidths of up to 54 Mbps in the 2.4 GHz frequency. Though able to obtain faster speeds, it suffers from the same interference problem of having to are the spectrum with other devices using that frequency.
|
|
|
What is:
802.11i |
A standard that provides for security enhancements to the wireless standard with particular focus on authentication. Often referenced as WPA2.
|
|
|
What is:
802.11n |
The most popular standard. It operates in both the 5 and 2.4 GHz ranges. Speeds can reach 600 Mbps. It offers higher speed and a frequency that does not have as much interference.
|
|
|
What is:
Wired Equivalent Privacy (WEP) |
A wireless protocol designed to provide a privacy equivalent to that of a wired network. Vulnerable because of a weak IV of only 24–Bits.
|
|
|
What is an:
Initialization vector (IV) |
An arbitrary number that can be used along with a secret key for data encryption
|
|
|
What is the:
Temporal Key Integrity Protocol (TKIP) |
A 128–bit wrapper around WEP encryption with a key that is based on things such as the MAC address of the destination device and the serial number of the packet.
|
|
|
What is the:
Wireless Application Protocol (WAP) |
A technology designed for use with wireless devices. Its functions are equivalent to TCP/IP functions in that they're attempting to serve the same purpose for wireless devices.
|
|
|
What is the:
Wireless Markup Language (WML) |
A smaller version of HTML, it is used for internet displays over wireless.
|
|
|
What is:
Wi–Fi Protected Access (WPA) |
A technology that was designed to address the core problems of WEP. It implements most, but not all, of 802.11i for backwards compatibility. It also uses TKIP.
|
|
|
What is:
Wi–Fi Protected Access 2 (WPA2) |
A technology that was designed to address the core problems of WEP. It implements the full 802.11i standard and is not compatible with older devices. It also uses CCMP.
|
|
|
What is the :
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (A.k.a. Counter Mode CBC–MAC Protocol or CCMP) |
An encryption protocol that uses a 128–bit AES encryption with a 48–bit IV.
|
|
|
What is:
Wireless Transport Layer Security (WTLS) |
The security layer of WAP. It provides authentication, encryption, and data integrity for wireless devices.
|
|
|
What are:
The 3 levels of security that exist in WAP |
Anonymous Authentication – Virtually anyone can connect.
Server Authentication – Requires the workstation to authenticate against the server. Two–Way Authentication – Requires both the client and server to authenticate. |
|
|
What is the:
Wireless Session Protocol (WSP) |
Manages the session information and connection between the devices.
|
|
|
What is the:
Wireless Transaction Protocol (WTP) |
Provides services similar to TCP and UDP for WAP.
|
|
|
What is the:
Wireless Datagram Protocol (WDP) |
Provides the common interface between devices.
|
|
|
What is a:
(Wireless) Access Point (AP) |
A low power transmitter/receiver which is strategically placed for access.d
|
|
|
What is a:
Captive portal |
Requires that users agree to some condition before they use the Wi–Fi hotspot.
|
|
|
What is the:
Extensible Authentication Protocol (EAP) |
Provides a framework for authentication that is often used with wireless network.
|
|
|
What are:
The 5 EAP types adopted by the WPA/WPA2 standard |
EAP–TLS
EAP–PSK EAP–MD5 LEAP PEAP |
|
|
What is:
Extensible Authentication Protocol Tunneled Transport Layer Security (EAP–TTLS) |
Adds one more layer of security against man–in–the–middles attacks and ease–dropping by adding tunneling.
|
|
|
What is:
Wi–Fi Protected Setup (WPS) |
Used to simplify network setup, it often requires users to do something in order to complete enrollment (i.e. press a button on the router, enter a PIN, etc). The technology is susceptible to brute–force attacks.
|
|
|
What is the:
Lightweight Extensible Authentication Protocol (LEAP) |
Created by Cisco as an extension to EPA. It is being phased out as it is a proprietary protocol to Cisco and lacks native Windows support. LEAP requires mutual authentication, but is susceptible to dictionary attacks.
|
|
|
What is the:
Protected Extensible Authentication Protocol (PEAP) |
Replaces LEAP and has native support for Windows. It is more secure than EAP–TTLS as it establishes an encrypted channel between the client and server.
|
|
|
What is a:
Site Survey |
Used by admins to determine if a proposed location is free of interference. When used by an attacker a site survey can determine what types of systems are in use, the protocols used, and other critical information about a network.
|
|
|
What is:
Jamming |
Intentional interference meant to jam a signal and keep legitimate devices from communicating.
|
|
|
Define:
War Driving |
Driving around, with a wireless device, looking for APs to communicate with.
|
|
|
Define:
Warchalking |
A way to notify others that a wireless vulnerability exists here. Can be on the sidewalk, the side of the building, etc.
|
|
|
What is a:
Rogue Access Point |
Any wireless access point added to the network that is not authorized.
|
|
|
What is an:
Evil Twin Attack |
An attack in which a rogue access point poses as a legitimate wireless access point in the hopes of intercepting information that users transmit.
|
|
|
What is:
Bluejacking |
The sending of unsolicited messages over a Bluetooth connection (spam).
|
|
|
What is:
Bluesnarfing |
The gaining of unauthorized access through a bluetooth connection.
|
|
|
Define:
Private Cloud |
A cloud infrastructure that is provisioned for exclusive use by a single organization. It may be owned, managed, and operated by the organization, a third party, or any combination thereof, and may exist on or off premises.
|
|
|
Define:
Public Cloud |
A cloud infrastructure that is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or any combination thereof. It exists on the premises of the cloud provider.
|
|
|
Define:
Community Cloud |
A cloud infrastructure that is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or any combination thereof and it may exist on or off premises.
|
|
|
Define:
Hybrid Cloud |
A cloud infrastructure that is a composition of two or more distinct cloud infrastructures that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability.
|
|
|
Define:
Hypervisor |
Software/hardware that makes visualization possible.
|
|
|
What is a:
Type I Hypervisor |
A hypervisor that is independent of the operating system and boots before the OS. Also known as bare metal.
|
|
|
What is a:
Type II Hypervisor |
A hypervisor that is dependent on the operation system and cannot boot until the OS is up and running. It needs the OS to stay up so that it can boot. Also known as hosted.
|
|
|
What are:
Snapshots |
An image of a system at a particular point in time. Can be used for virtual machine cloning.
|
|
|
What is the:
Industry standard for host availability |
5 9s or 99.999% uptime
|
|
|
What is:
Rapid elasticity |
Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
|
|
|
What is:
Security Control Testing (SCT) |
Similar to PEN testing for the cloud, it often includes interviews, examinations, and testing of systems to look for weaknesses. It should also include contract reviews of SLAs, a look at the history of prior breaches that the provider has had, a focus on shared resources as well as dedicated servers, etc.
|
|
|
What is:
Sandboxing |
Running apps in restricted memory to limit the possibility of an app's crash, allowing a user to access another app or the data associated with it..
|
|
|
What is:
Anything as a service (XaaS) |
A hybrid of Paas, Saas, and/or IaaS
|
|
|
What is:
Cloud Bursting |
Offloading traffic to resources to a cloud provider when your servers become too busy.
|
