Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
313 Cards in this Set
- Front
- Back
|
What are the five different approaches to risk?
|
Avoidance (Don't engage in that activity)
Transference (Share the risk, think insurance) Mitigation (Take steps to reduce the risk) Deterrence (Warn of harm to others if they affect you) Acceptance (Be willing to live with the risks) |
|
|
What is a:
Recovery Point Objective (RPO) |
Defines the point at which the system needs to be restored.
|
|
|
Define:
RAID |
Redundant Array of Independent Disks
|
|
|
What is
RAID 5 |
Disk striping with parity information spread over all disks.
|
|
|
What is:
Single Loss Expectancy (SLE) |
How much loss is expected at one time.
|
|
|
What are the three types of controls that can be administered?
|
Technical
Management Operational |
|
|
What is:
Quantitative Loss |
Loss that is cost–based and objective.
|
|
|
What is:
RAID 3 |
Disk striping with a parity disk.
|
|
|
What are:
Standards |
Deals with specific issues or aspects of a business, and is derived from a policy. Standards should provide enough detail to audit.
|
|
|
What is:
RAID 1 |
Disk mirroring
|
|
|
What is:
Mean Time Between Failures (MTBF) |
The measure of the anticipated incidence of failure for a system or component.
|
|
|
What is:
Recovery Time Objective (RTO) |
The maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable.
|
|
|
What is:
Qualitative Loss |
Loss that is opinion–based and subjective.
|
|
|
What is the formula to calculate risk?
|
SLE x ARO = ALE
|
|
|
What is:
Annual Loss Expectancy (ALE) |
The monetary measure of how much loss you could expect in a year.
|
|
|
What is:
Mean Time To Resolution (MTTR) |
The measurement of how long it takes to repair a system or component once a failure occurs.
|
|
|
What is:
Annualized Rate of Occurrence (ARO) |
The likelihood (based on historical data) of an event (x number of times) in a year.
|
|
|
What is:
RAID 0 |
Disk striping using multiple drives and mapping them together as a single drive.
|
|
|
What are:
Policies |
Provides the people in an organization with guidance about their expected behavior.
|
|
|
What are:
Threat Vectors |
The ways in which an attacker poses a threat (i.e. vulnerability scanner, phishing email, unsecured hotspot, etc.)
|
|
|
What is:
Mean Time To Failure (MTTF) |
The average time for failure for a non–repairable system.
|
|
|
Define:
BIA |
Business Impact Analysis
|
|
|
What are:
Guidelines |
Help an organization implement or maintain standards by providing information on how to accomplish the policies and maintain the standards. Guidelines are less formal than policies or standards.
|
|
|
What is:
Platform as a Service (PaaS) |
Platform as a Service:
Also known as cloud platform services. Vendors allow apps to be created an run on their infrastructure (i.e. Amazon Web Services and Google code). |
|
|
What is:
Software as a Service (Saas) |
Is most often thought of by users as "the cloud". Applications are remotely run over the Web (i.e. Salesforce.com).
|
|
|
What is:
Infrastructure as a Service (IaaS) |
Utilizes virtualization and clients pay an outsourcer for resources.
|
|
|
What is:
Fault Tolerance |
The ability of a system to sustain operations in event of component failure.
2 key components: Spare parts Electrical power |
|
|
What is:
Redundancy |
Duplicate or Failover
|
|
|
Define:
AUP |
Acceptable Use Policies
|
|
|
What is:
High Availability (HA) |
Keep services operational during an outage. 99.999%
|
|
|
What is:
Maximum Tolerable Downtime (MTD) |
The Maximum length of time a business function can be inoperable without causing irreparable harm to the business.
|
|
|
What are the three types of patches?
|
Service Pack – Periodic update, corrects known problems.
Updates – Fixes for individual customers Security updates – Address security vulnerabilities |
|
|
What is hardening?
|
The process of securing a system by reducing its surface of vulnerability. (i.e. removing unwanted software, disabling unneeded services, etc)
|
|
|
What are alerts?
|
Issues you need to pay attention to, but are not immediately critical.
|
|
|
What are alarms?
|
Indications of ongoing, current problems.
|
|
|
Define:
EAPOL |
Extensible Authentication Protocol Over LAN
|
|
|
What is a:
Network Monitor |
Also known as sniffers, they were originally introduced to help troubleshoot network problems.
|
|
|
What is:
Promiscuous mode |
A mode in which the network card looks at any packet that it sees on the network, even if that packet is not addressed to that network card
|
|
|
What are:
Event Logs |
System logs that record various events that occur
|
|
|
What is the:
Windows Application Log |
Contains various events logged by applications or programs
|
|
|
What is the:
Windows Security Log |
Logs successful and unsuccessful logon attempts , events related to resource use (such as creating, opening, or deleting files or other objects)
|
|
|
What is:
Performance Monitor |
A utility that can be used to examine activity on any counter (i.e. processor or RAM usage)
|
|
|
What are four aspects of a security audit?
|
Review of security logs
Review of policies and compliance with policies A check of security device configuration Review of incident response reports |
|
|
What are the three classifications of security gaps?
|
Minor – This is a deviation from the security baseline that does not pose an immediate threat
Serious – This is a deviation that could pose an immediate threat, but is unlikely or difficult Critical – This is a deviation that poses an immediate threat that must be addressed ASAP |
|
|
Define (include definition, port, and use):
POP3 |
Definition: Post Office Protocol v3
Port: TCP Port 110 Use: For sending and receiving email between a client machine and a server. Messages are typically deleted from the server after the messages are downloaded |
|
|
Define (include definition, port, and use):
NetBIOS (session service) |
Definition: Network Basic Input/Output System
Port: TCP & UDP 139 Use: Lets two computers establish a connection and allows messages to span multiple packets. Provides error detection and recovery. |
|
|
Define:
Router |
A device used for connectivity between two or more networks by providing a path between the networks. Routes based on IP address.
|
|
|
What is a:
Packet Filter Firewall |
Filters traffic based on basic identification items found in a network packet's header. This includes source and destination address, port numbers, and protocols used. They operate at the Network layer (layer 3) and the Transport layer (layer 4) of the OSI model. They can also be called common routers.
|
|
|
What is:
Network Address Translation (NAT) |
Effectively hides your network by translating internal IP addresses to a single (external) IP address.
|
|
|
What is:
Virtual Local Area Network (VLANs) |
Allow you to create groups of users and systems, and segment them on the network.
|
|
|
What is a:
Demilitarized Zone (DMZ) |
An area where you can place a public server for access by people you might not trust otherwise. Also used to hide or remove access to other areas of your network.
|
|
|
What is an:
Application Programming Interface (API) |
Allows programmers to create interfaces to the protocol suite.
|
|
|
What is a:
Network Access Control (NAC) |
A set of standards defined by the network for clients attempting to access it. Similar to an ACL.
|
|
|
What is:
Subnetting |
Using the subnet mask value to divide a network into smaller components. Gives you more networks, but a smaller number of hosts per network.
|
|
|
What is the:
User Datagram Protocol (UDP) |
Provides an unreliable connectionless communication method between hosts. Best effort, but faster than TCP.
|
|
|
Define (include definition, port, and use):
HTTP |
Definition: Hyper Text Transfer Protocol
Port: TCP and UDP 80 Use: To exchange or transfer hypertext (web pages) |
|
|
What is a:
Intrusion Detection System (IDS) |
Software that runs on individual workstations or on network devices to monitor and track network activity.
|
|
|
What is a:
Network Intrusion Detection System (NIDS) |
Attaches the system to a point in the network where it can monitor and report on all network traffic.
|
|
|
What is the:
Application Layer |
The highest layer. Allows applications to access services or protocols to exchange data.
|
|
|
How many bits are used for IPv4 addressing?
|
32 bits
|
|
|
How many bits are used for IPv6 addressing?
|
128 bits
|
|
|
Define:
Proxy Firewall |
Used to process request from an outside network. Makes rule–based decisions on whether the request should be forwarded or refused. Intercepts all packets and reprocesses. It also hides IP addresses.
|
|
|
Define:
Switch |
A device that routes based on MAC address and is used internally. Improves network efficiency because of its virtual circuit capability.
|
|
|
What is the:
Internet Control Management Protocol (ICMP) |
Provides maintenance and reporting functions (i.e. ping).
|
|
|
What is a:
Stateful Packet Inspection (SPI) Firewall |
Records are kept using a state table that tracks every communication channel. Tracks the whole conversation not just the current packet and may also perform deep packet inspection and analyzes the payload of a packet.
|
|
|
What is the:
Address Resolution Protocol (ARP) |
Is responsible for IP address to Network layer address translation, including hardware addresses. Can resolve IP addresses to MAC addresses.
|
|
|
What is a:
Host–based Intrusion Detection System (HIDS) |
Designed to run as software on a host computer. Can be run as a service or as a background process.
|
|
|
Define (include definition, port, and use):
DNS |
Definition: Domain Name System
Port: UDP 53 Use: Allows host to resolve hostnames to IP addresses |
|
|
Define:
Load Balancer |
A device that shifts a load from one device to another, most often a server.
|
|
|
What is the difference between:
IPS and IDS? |
IPS reacts to the intrusion whereas IDS only reports on the intrusion.
|
|
|
What are the:
Four primary IDS approaches |
Behavior–Based: Looks for variations in behavior.
Signature–Based: Evaluates based on attack signatures and audit trails. Anomaly: Looks for anomalies. Heuristic: Uses algorithms to analyze network traffic. |
|
|
Define:
Encapsulation |
Allows a transport protocol to be sent across the network and be used by the equivalent service or protocol at the receiving end.
|
|
|
What are the:
Four layers of the TCP/IP Suite |
Application
Transport (or Host to Host) Internet Network Access (or Link, or Network Interface) |
|
|
What is the:
Transport Layer |
Provides the application layer with datagram services. TCP & UDP operate at this level.
|
|
|
What is the:
Internet Layer |
Is responsible for routing, IP addressing and packaging.
|
|
|
Define:
Proxy |
A device that acts on behalf of others.
|
|
|
What is the:
Three–way Handshake |
How a session is established. It starts with the client.
SYN –> SYN/ACK –> ACK |
|
|
What is a:
Virtual Private Network (VPN) |
Creates a private network connection that occurs though a public network.
|
|
|
Define (include definition, port, and use):
SMTP |
Definition: Simple Mail Transfer Protocol
Port: TCP 25 Use: Allows email servers to communicate with each other for message delivery. |
|
|
What is the:
Link Layer (or Network Access, or Network Interface) |
The lowest layer for the TCP/IP suite and is responsible for placing and removing packets on the physical network through communication with the network adapter(s) on the host.
|
|
|
Define:
Internet Protocol (IP) |
A routable protocol that is responsible for IP addressing. Also fragments and reassembles message package. It does not verify accuracy.
|
|
|
Define (include definition, port, and use):
FTP |
Definition: File Transfer Protocol
Port: TCP 20 (data) and TCP 21 (control) Use: Transfer of files |
|
|
What is the:
Transfer Control Protocol (TCP) |
Responsible for providing a reliable, one–to–one, connection–oriented session.
|
|
|
What is:
Layer 2 Forwarding (L2F) |
A method of creating tunnels primarily for dial–up. Similar to PPP and shouldn't be used over a WAN. Provides authentication but not encryption. Uses TCP port 1701
|
|
|
What is the:
Point–to–Point Tunneling Protocol (PPTP) |
Supports encapsulation in a single point–to–pint environment. Negotiation is done in the clear. Uses TCP port 1723.
|
|
|
Define (include definition, port, and use):
SSH & SCP |
Definition: SSH = Secure Shell
SCP = Secure Copy Port: TCP & UDP 22 Use: SSH is a tunneling protocol that uses encryption to establish a secure connection between systems. SCP is a way to securely copy files and uses SSH. |
|
|
What is:
Internet Protocol Security (IPSec) |
Used in conjunction with tunneling protocols, and is oriented primarily towards LAN–to–LAN connections. Provides secure authentication and encryption of data and headers. In tunneling mode the data/payload and headers are encrypted. In transport mode only the payload is encrypted.
|
|
|
What is the:
Layer 2 Tunneling Protocol (L2TP) |
A hybrid of PPTP and L2F. Doesn't provide data security or encryption. Uses UDP port 1701.
|
|
|
Define (include definition, port, and use):
ISCSI |
Definition: Internet Small Computer System Interface
Port: TCP 860 and 3260 Use: Data storage & transfers across a network |
|
|
What is:
Fibre Channel Over Ethernet (FCoE) |
Used for data storage and transfers, but is not routable
|
|
|
What are the:
7 Factors of Security Topology |
DMZ
Subnetting VLANS Remote Access NAT Telephony NACs |
|
|
What is a:
Remote Access Service (RAS) |
Any server service that offers the ability to connect remote systems such as VPN, ISDN, DSL. The connection may be encrypted.
|
|
|
What are the:
4 Basic Types of Firewalls |
Packet Filter
Circuit–Level Firewall SPI Firewall Application–Level Firewall |
|
|
What is a:
VPN Concentrator |
A hardware device used to create remote access VPNs. The concentrator creates encrypted tunnel sessions between hosts, and many use two–factor authentication for additional security.
|
|
|
What is a:
Network Intrusion Prevention System (NIPS) |
Monitors network traffic with a focus on preventing attacks rather than just monitoring.
|
|
|
What are some:
IDS Active Responses |
Terminate Process or session (kill TCP connections)
Network Configuration Change (Block IP or port) Deception (Fool the attacker into thinking the attack was successful by redirecting to a honeypot) |
|
|
What are some:
IDS Passive Responses |
Logging – Record the event
Notification – Communicate the event Shunning – Ignore the event |
|
|
What is the:
Internet Security Association and Key Management Protocol (ISAKMP) |
Provides a framework for authentication and key exchange within IPSEC.
|
|
|
What is a:
Application–Level Firewall |
Filters traffic based on user access, group membership, the application or service used, or the type of resources being transmitted. It operates at the Application layer (Layer 7) of the OSI model. It can be called a proxy, and is focused on the aspects of a specific appliance and protocol combination as well as the actual content of the conversation.
|
|
|
What is a:
Circuit–Level Firewall |
Filters traffic by filtering the connection between an internal trusted host and an external untrusted host. This monitoring occurs at either the Network layer (layer 3) or the Session layer (layer 5) of the OSI model. It ensures that the packets involved in establishing and maintaining a circuit are valid and used in the proper manner. Once it allows a connection, no further filtering on that communication is performed.
|
|
|
What is:
Identification |
Finding out who someone is
|
|
|
What is:
Authentication |
A mechanism of verifying identification
|
|
|
What are the:
Five factors of authentication: |
Something you know (i.e. a password or pin)
Something you have (i.e. a smart card, token, or identification device) Something you are (i.e. biometrics) Something you do (such as an action you must take to complete authentication) Somewhere you are (geolocation) |
|
|
What is:
Single–Factor Authentication (SFA) |
Only one type of authentication is checked
|
|
|
What is:
Multi–Factor Authentication |
When two or more access methods are included as part of the authentication process. (Access methods should not be from the same categories, i.e. don’t use a PIN and password as these are both “something you know”)
|
|
|
What is a:
Federation |
A collection of computer networks that agree on standards of operation, such as security.
|
|
|
What is the:
Password Authentication Protocol (PAP) |
An old system that is no longer used. Sends username and password in plaintext
|
|
|
What is the:
Shiva Password Authentication Protocol (SPAP) |
Replaced PAP. Encrypts username and password
|
|
|
What is the:
Challenge Handshake Authentication Protocol (CHAP) |
Was designed to stop man–in–the–middle attacks. During the initial authentication, the connecting machine is asked to generate a random number (usually a hash) and send it to the server. Periodically the server will challenge the client machine, demanding to see that number again.
|
|
|
What is a:
Time–Based One–Time Password (TOTP) |
A unique password that is created by an algorithm that uses a time–based factor.
|
|
|
What is a:
HMAC–Based One–Time Password (HOTP) |
A password that is created using a Hash Message Authentication Code (HMAC) algorithm
|
|
|
What is a:
Terminal Access Controller Access–Control System (TACACS) |
A client/server–oriented environment that operates in a manner similar to RADIUS
|
|
|
What is a:
Extended Terminal Access Controller Access–Control System (XTACACS) |
A client/server–oriented environment that operates in a manner similar to RADIUS, it replaced TACACS and combined authentication and authorization with logging to enable auditing
|
|
|
What is a:
Extended Terminal Access Controller Access–Control System+ (TACACS+) |
The most current method of TACACS. Allows credentials to be accepted from multiple methods, including Kerberos.
|
|
|
What is the:
Security Assertion Markup Language (SAML) |
An open standard based on XML that is used for authentication and authorization data
|
|
|
What is:
Kerberos |
An authentication protocol. Allows for single sign–on to a distributed network
|
|
|
What is a:
Key Distribution Center (KDC) |
Authenticates the principal (user, system, or program) and provides it with a ticket. The ticket can be used to authenticate against other principals
|
|
|
What is a:
Ticket Granting Ticket (TGT) |
Lists the privileges that a user has. Is encrypted and has a time limit of up to 10 hours
|
|
|
What is:
Single Sign–On (SSO) |
Gives users access to all application and systems they need when they log in instead of requiring a log in for each application or system
|
|
|
What are the:
Four Primary methods of access control |
MAC – Mandatory Access Control – All Access is predefined
DAC – Discretionary Access Control – Incorporates some flexibility RBAC – Role–Based Access Control – Allows the user’s role to dictate access capabilities RBAC – Rule–Based Access Control – Uses preconfigured policies |
|
|
What is:
Least Privilege |
A given user (or system) is given the minimum privileges necessary to accomplish his or her job.
|
|
|
What are:
Access Control Lists (ACLs) |
Enable devices in your network to ignore requested from specified users or systems, or to grant them access to certain network capabilities
|
|
|
What is:
Implicit Deny |
If the request in question has not been explicitly granted, then access is denied
|
|
|
What are the:
Three areas of port security |
MAC Limiting and Filtering – Limit access to the network to MAC address that are known, and filter out those that are not
802.1X – Port–based security for wireless network access control. Offers a means of authentication Unused Ports – All unused ports should be disabled |
|
|
What is a:
Trusted Operating System (TOS) |
Any operating system that meets the government’s requirements for security.
|
|
|
What are the:
Evaluation Assurance Levels (EALs) |
A comprehensive set of evaluation criteria (for operating systems) that is broken down into 7 levels. The levels are EAL 1 (least secure) to EAL 7 (most secure).
|
|
|
What is:
Mutual Authentication |
When two or more parties authenticate each other.
|
|
|
What is a:
Federated Identity |
A means of linking a user's identity with their privileges in a manner that can be used across business boundaries (i.e. Google checkout).
|
|
|
What is:
Transitive access |
One party (A) trusts another party (B). If the second party (B) trusts another party (C), then a relationship can exist where the first party (A) also may trust the third party (C).
|
|
|
What is a:
Remote Authentication Dial–In User Service (RADIUS) |
A mechanism that allows authentication of remote and other network connections.
|
|
|
What is a:
Common Access Card (CAC) |
A card that is issued by the DoD as a general identification/authentication card for military personnel, contractors, and non–DoD employees
|
|
|
What is a:
Personal Identity Verification Card (PIVC) |
A card that is issued to all U.S. government employees and contractors and will be required to can access (physical and logical) to government resources.
|
|
|
What is a
Token |
Similar to certificates, they are used to identify and authenticate the user. They contain the rights and access privileges of the token bearer as part of the token.
|
|
|
What is a
Flood Guard |
A protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks. Reducing this tolerance makes it possible to lessen the likelihood of a successful DoS attack.
|
|
|
What is
Loop Prevention |
Works in layer 2 switching configurations and is intended to prevent broadcast loops.
|
|
|
What is
Network Bridging |
When a device has more than one NIC and the opportunity presents itself for a user on one of the networks to jump to the other network.
|
|
|
What is
Spanning Tree Protocol (SPT) |
Intended to ensure loop–free bridged Ethernet LANs. It operates at the Data Link Layer and ensures only one active path exists between two stations.
|
|
|
What is:
802.11x |
A family of protocols that provides for wireless communications using radio frequency transmissions. It uses the 2.4 GHz and 5GHz frequency spectrum.
|
|
|
What is:
802.11 |
A standard that defines wireless LANs transmitting at 1 Mbps or 2Mbps bandwidth using the 2.4 GHz frequency.
|
|
|
What is:
802.11a |
A standard that provides wireless LAN bandwidth of up to 54 Mbps in the 5 GHZ frequency.
|
|
|
What is:
802.11b |
A standard that provides wireless bandwidth of up to 11 Mbps (with fallback rates of 5.5, 2, and 1 Mbps) on the 2.4 GHz frequency. It is also called Wi–Fi or 802.11 high rate.
|
|
|
What is:
802.11g |
A standard that provides for bandwidths of up to 54 Mbps in the 2.4 GHz frequency. Though able to obtain faster speeds, it suffers from the same interference problem of having to are the spectrum with other devices using that frequency.
|
|
|
What is:
802.11i |
A standard that provides for security enhancements to the wireless standard with particular focus on authentication. Often referenced as WPA2.
|
|
|
What is:
802.11n |
The most popular standard. It operates in both the 5 and 2.4 GHz ranges. Speeds can reach 600 Mbps. It offers higher speed and a frequency that does not have as much interference.
|
|
|
What is:
Wired Equivalent Privacy (WEP) |
A wireless protocol designed to provide a privacy equivalent to that of a wired network. Vulnerable because of a weak IV of only 24–Bits.
|
|
|
What is an:
Initialization vector (IV) |
An arbitrary number that can be used along with a secret key for data encryption
|
|
|
What is the:
Temporal Key Integrity Protocol (TKIP) |
A 128–bit wrapper around WEP encryption with a key that is based on things such as the MAC address of the destination device and the serial number of the packet.
|
|
|
What is the:
Wireless Application Protocol (WAP) |
A technology designed for use with wireless devices. Its functions are equivalent to TCP/IP functions in that they're attempting to serve the same purpose for wireless devices.
|
|
|
What is the:
Wireless Markup Language (WML) |
A smaller version of HTML, it is used for internet displays over wireless.
|
|
|
What is:
Wi–Fi Protected Access (WPA) |
A technology that was designed to address the core problems of WEP. It implements most, but not all, of 802.11i for backwards compatibility. It also uses TKIP.
|
|
|
What is:
Wi–Fi Protected Access 2 (WPA2) |
A technology that was designed to address the core problems of WEP. It implements the full 802.11i standard and is not compatible with older devices. It also uses CCMP.
|
|
|
What is the :
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (A.k.a. Counter Mode CBC–MAC Protocol or CCMP) |
An encryption protocol that uses a 128–bit AES encryption with a 48–bit IV.
|
|
|
What is:
Wireless Transport Layer Security (WTLS) |
The security layer of WAP. It provides authentication, encryption, and data integrity for wireless devices.
|
|
|
What are:
The 3 levels of security that exist in WAP |
Anonymous Authentication – Virtually anyone can connect.
Server Authentication – Requires the workstation to authenticate against the server. Two–Way Authentication – Requires both the client and server to authenticate. |
|
|
What is the:
Wireless Session Protocol (WSP) |
Manages the session information and connection between the devices.
|
|
|
What is the:
Wireless Transaction Protocol (WTP) |
Provides services similar to TCP and UDP for WAP.
|
|
|
What is the:
Wireless Datagram Protocol (WDP) |
Provides the common interface between devices.
|
|
|
What is a:
(Wireless) Access Point (AP) |
A low power transmitter/receiver which is strategically placed for access.d
|
|
|
What is a:
Captive portal |
Requires that users agree to some condition before they use the Wi–Fi hotspot.
|
|
|
What is the:
Extensible Authentication Protocol (EAP) |
Provides a framework for authentication that is often used with wireless network.
|
|
|
What are:
The 5 EAP types adopted by the WPA/WPA2 standard |
EAP–TLS
EAP–PSK EAP–MD5 LEAP PEAP |
|
|
What is:
Extensible Authentication Protocol Tunneled Transport Layer Security (EAP–TTLS) |
Adds one more layer of security against man–in–the–middles attacks and ease–dropping by adding tunneling.
|
|
|
What is:
Wi–Fi Protected Setup (WPS) |
Used to simplify network setup, it often requires users to do something in order to complete enrollment (i.e. press a button on the router, enter a PIN, etc). The technology is susceptible to brute–force attacks.
|
|
|
What is the:
Lightweight Extensible Authentication Protocol (LEAP) |
Created by Cisco as an extension to EPA. It is being phased out as it is a proprietary protocol to Cisco and lacks native Windows support. LEAP requires mutual authentication, but is susceptible to dictionary attacks.
|
|
|
What is the:
Protected Extensible Authentication Protocol (PEAP) |
Replaces LEAP and has native support for Windows. It is more secure than EAP–TTLS as it establishes an encrypted channel between the client and server.
|
|
|
What is a:
Site Survey |
Used by admins to determine if a proposed location is free of interference. When used by an attacker a site survey can determine what types of systems are in use, the protocols used, and other critical information about a network.
|
|
|
What is:
Jamming |
Intentional interference meant to jam a signal and keep legitimate devices from communicating.
|
|
|
Define:
War Driving |
Driving around, with a wireless device, looking for APs to communicate with.
|
|
|
Define:
Warchalking |
A way to notify others that a wireless vulnerability exists here. Can be on the sidewalk, the side of the building, etc.
|
|
|
What is a:
Rogue Access Point |
Any wireless access point added to the network that is not authorized.
|
|
|
What is an:
Evil Twin Attack |
An attack in which a rogue access point poses as a legitimate wireless access point in the hopes of intercepting information that users transmit.
|
|
|
What is:
Bluejacking |
The sending of unsolicited messages over a Bluetooth connection (spam).
|
|
|
What is:
Bluesnarfing |
The gaining of unauthorized access through a bluetooth connection.
|
|
|
Define:
Private Cloud |
A cloud infrastructure that is provisioned for exclusive use by a single organization. It may be owned, managed, and operated by the organization, a third party, or any combination thereof, and may exist on or off premises.
|
|
|
Define:
Public Cloud |
A cloud infrastructure that is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or any combination thereof. It exists on the premises of the cloud provider.
|
|
|
Define:
Community Cloud |
A cloud infrastructure that is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or any combination thereof and it may exist on or off premises.
|
|
|
Define:
Hybrid Cloud |
A cloud infrastructure that is a composition of two or more distinct cloud infrastructures that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability.
|
|
|
Define:
Hypervisor |
Software/hardware that makes visualization possible.
|
|
|
What is a:
Type I Hypervisor |
A hypervisor that is independent of the operating system and boots before the OS. Also known as bare metal.
|
|
|
What is a:
Type II Hypervisor |
A hypervisor that is dependent on the operation system and cannot boot until the OS is up and running. It needs the OS to stay up so that it can boot. Also known as hosted.
|
|
|
What are:
Snapshots |
An image of a system at a particular point in time. Can be used for virtual machine cloning.
|
|
|
What is the:
Industry standard for host availability |
5 9s or 99.999% uptime
|
|
|
What is:
Rapid elasticity |
Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
|
|
|
What is:
Security Control Testing (SCT) |
Similar to PEN testing for the cloud, it often includes interviews, examinations, and testing of systems to look for weaknesses. It should also include contract reviews of SLAs, a look at the history of prior breaches that the provider has had, a focus on shared resources as well as dedicated servers, etc.
|
|
|
What is:
Sandboxing |
Running apps in restricted memory to limit the possibility of an app's crash, allowing a user to access another app or the data associated with it..
|
|
|
What is:
Anything as a service (XaaS) |
A hybrid of Paas, Saas, and/or IaaS
|
|
|
What is:
Cloud Bursting |
Offloading traffic to resources to a cloud provider when your servers become too busy.
|
|
|
What is a
Relational Database |
The most common approach to database implementation. This technology allows data to be viewed in dynamic ways based on the user's or administrator's needs.
|
|
|
What is:
Structured Query Language (SQL) |
The most common language used to speak to databases. It allows queries to be configured in real time and passed to database servers.
|
|
|
What are the
Three models of database security |
One–Tier Model – The database and application exist on a single system.
Two–Tier Model – The client workstation or system runs an application that communicates with the database that is running on a different server Three–Tier Model – Isolates the end user from the database by introducing a middle–tier server |
|
|
What is
Big Data |
Extremely large amounts of data that normally cannot fit on a single server.
|
|
|
What is a:
Storage Area Network (SAN) |
A separate network setup to appear as a server to the main network.
|
|
|
What is
Fuzzing |
A technique of providing unexpected values as input to an application in order to attempt to make it crash.
|
|
|
What is the:
Open Web Application Security Project (OWASP) |
A voluntary group dedicated to forming secure coding practices for web–based applications as well as mobile and client applications along with back–end design issues.
|
|
|
What is the:
Computer Emergency Response Team (CERT) |
Based at Carnage Mellon University it covers many of the same issues as OWASP, but they also have complete language–specific standards for Java, Perl, C, and C++.
|
|
|
Define:
Baselining |
A method for analyzing computer performance (such as CPU usage, network performance, etc) by comparing current performance to historical data.
|
|
|
What are the
Five file permissions and one additional folder permission as described by Microsoft |
Full Control – A user can read, execute, write, and assign permissions
Modify – Read, write, delete Read and Execute Read – Read but not modify Write – May modify the file List Folder Contents – View what is is the folder but not the files themselves |
|
|
What are the
Minimum actions one should take to keep hosts safe from malware |
Install AV
Install Antispam Install Antispyware Use pop–up blockers Use host–based firewalls Use host–based IDSs |
|
|
What is a
Security Baseline |
The level of security that will be implemented and maintained.
|
|
|
What is:
Domain Name Service Denial–of–Service (DNS DoS) |
An attack primarily aimed at DNS servers with the intention to disrupt the operations of the server.
|
|
|
What is
Network Footprinting |
The act of gathering data about a network in order to find ways that someone might intrude. This may include looking for vulnerabilities and any other means of entry.
|
|
|
What is:
Domain Name System Security Extensions (DNSSEC) |
Created to add security to and maintain backwards compatibility of DNS. It checks digital signatures and can protect information by digitally signing records.
|
|
|
What is
DNS Poisoning |
A problem that existed in early implementations of DNS. A daemon caches DNS reply packets, which sometimes contain other information which can be useful in a break–in or man–in–the–middle attack.
|
|
|
What is
ARP Poisoning |
An attack which tries to convince the network that the attacker's MAC address is the one associated with an IP address so that traffic sent to that IP address is wrongly sent to the attacker's machine.
|
|
|
What are the
Three primary backup types |
Full – All changes to the data are archived
Differential – All changes since the last full backup are archived. Incremental – All changes since the last backup of any type are archived. |
|
|
What is:
Hierarchical Storage Management (HSM) |
Provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system and can be configured to provide the closest version of an available real–time backup.
|
|
|
What is
RAID 6 |
Striped Disks with Dual Parity. Combines four or more discs and adds an additional parity block to RAID 5.
|
|
|
What is
RAID 1+0 |
Stripe of Mirrors – Four or more disks that are a mirrored set which is then striped.
|
|
|
What is
RAID 0+1 |
Mirror of Stripes – Four or more drives that are a stripes that are mirrored.
|
|
|
What is a
Cluster |
Multiple connected servers that work/act together as a single server.
|
|
|
What is:
Data Loss Prevention (DLP) |
Monitors the contents of systems to make sure that key content is not deleted or removed. Can also monitor who is using or transmitting the data.
|
|
|
What is a:
Trusted Platform Module (TPM) |
Trusted Platform Module – A chip that can assist with hash key generation, store cryptographic keys, passwords, or certificates. It can be used to protect PCs, smartphones and other devices.
|
|
|
What is
Geo–Tagging |
Adding GPS coordinates to a file.
|
|
|
What is a:
Hardware Security Module (HSM) |
A cryptoprocessor that can be used to enhance security. It is commonly used with PKI systems to augment security with certification authorities, and is traditionally packaged as a PCI adapter.
|
|
|
What is
Cryptography |
The science of altering information so that is cannot be decoded without a key, and the study of cryptographic algorithms.
|
|
|
What is
Cryptanalysis |
The study of how to break cryptographic algorithms.
|
|
|
What is a
Cipher |
A method used to encode characters to hide their value.
|
|
|
What is a
Substitution Cipher |
A type of coding or ciphering system that changes one character or symbol to another.
|
|
|
What is a
Transposition Cipher |
Involves transposing or scrambling the letters in a certain manner.
|
|
|
What is
ROT13 |
One of the oldest known encoding algorithms, it is a simple algorithm that rotates every letter 13 places in the alphabet. Thus, an A becomes an N, a B becomes an O, and so forth.
|
|
|
What is
Steganography |
The process of hiding a message in a medium such as a digital image, audio file, or other file.
|
|
|
What is the
Least Significant Bit (LSB) method of steganography |
The most common method of steganography where the very last bit (the least significant bit in each byte) is changed. Doing so does not make a noticeable change to the file.
|
|
|
What is a
Symmetric Algorithms |
Requires that both ends of an encrypted message have the same key and processing algorithms. They generate a secret key that must be protected.
|
|
|
What is a
Block Cipher |
An algorithm that works on chunks of data, encrypting one chunk at a time.
|
|
|
What is a
Stream Cipher |
An algorithm that encrypts data one bit, or byte, at a time.
|
|
|
What is the
Data Encryption Standard (DES) |
A symmetric algorithm that is based on a 56–bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size and has been replaced by AES.
|
|
|
What is
Triple–DES (3DES) |
A symmetrical algorithm that is a technological upgrade of DES. It is still used even though AES is the preferred choice for government applications. It is considerably harder to break than many other systems and uses a key length of 168 bits (using three 56–bit DES keys).
|
|
|
What is
Advanced Encryption Standard (AES) |
A symmetric algorithm that replaced DES as the current standard. It is the current product used by U.S. government agencies and supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.
|
|
|
What is
AES256 |
A symmetrical algorithm that uses a 256 bit key and qualifies for US classification as Top Secret.
|
|
|
What is
CAST |
A symmetrical algorithm that is used in some products offered by Microsoft and IBM. It uses a 40 bit to 128 bit key and is very fast an efficient. A 128 and 265 bit version also exist.
|
|
|
What is
Ron's Cipher (RC) |
A symmetric encryption family that was produced by RSA laboratories. The current levels are RC4, RC5, and RC6.
|
|
|
What is
RC5 |
A symmetric algorithm that uses a key size of up to 2048 bits and is considered to be a strong system.
|
|
|
What is
RC4 |
Popular with wireless and WEP/WPA encryption, it is a symmetric streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS.
|
|
|
What is
Blowfish |
An encryption system that performs a 64–bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable–length keys (from 32 bits to 448 bits).
|
|
|
What is
Twofish |
Similar to blowfish, it works on 128–bit blocks and has a complex key schedule.
|
|
|
What is the
International Data Encryption Algorithm (IDEA) |
A symmetric algorithm that uses a 128–bit key. Similar in speed and capability to DES, but it's more secure. It is also used in PGP.
|
|
|
What are
One–Time Pads |
The only truly completely secure cryptographic implementations. They are so secure for two reasons. They use a key that is as long as a plain text message, and they are only used once before being discarded.
|
|
|
What is
In–band Key Exchange |
A method of key exchange where the key is exchanged within the same communications channel that is going to be encrypted. IPSec uses in–band key exchange.
|
|
|
What is
Out–of–Band Key Exchange |
A method of key exchange where the key is exchanged using some other channel, other than the one that is going to be secured.
|
|
|
What is
Forward Secrecy |
A property of any key exchange system, which ensures that if one key is compromised, subsequent keys will not also be compromised.
|
|
|
What is
Perfect Forward Secrecy |
When the process of key exchange is unbreakable. A common approach uses ephemeral keys.
|
|
|
What is an
Asymmetric Algorithm |
Uses two keys to encrypt and decrypt data. The keys are referred to as the public and private keys. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message. What one key does, the other undoes.
|
|
|
What is
RSA |
An early public–key (asymmetric) encryption system that uses large integers as the basis for the process. It works with both encryption and digital signatures and is used in many environments, including SSL and it can be used for key exchange. It is the most commonly used public–key algorithm
|
|
|
What is
Diffie–Hellman |
An asymmetric system, it is primarily used to send keys across public networks and works by splitting the key into two parts. The process isn't used to encrypt or decrypt messages, and is used merely for the creation of a symmetric key between two parties.
|
|
|
What is
Elliptic Curve Cryptography |
Similar in functionality to RSA, but it uses smaller key sizes to obtain the same level of security. This asymmetric encryption system is based on the idea of using points on a curve combined with a point at infinity and the difficulty of solving discrete logarithm problems.
|
|
|
What is
ElGamal |
An asymmetric algorithm that has several variations, including Elliptic Curve. It uses an ephemeral key and is used for transmitting digital signatures and key exchanges.
|
|
|
What are the
Three Characteristics of a Cryptographic Hash Function |
It must be one way and not reversible.
Variable–Length input produces fixed–length output. The Algorithm must have few or no collisions. |
|
|
What is the
Secure Hash Algorithm |
Designed to ensure the integrity of a message. It is a one–way hash that provides a hash value that can be used with an encryption protocol. It produces a 160–bit hash value.
|
|
|
What is
SHA2 |
A hashing algorithm that has several sizes: 224, 256, 334, and 512. It is the most widely used and recommended hashing algorithm.
|
|
|
What is the
Message Digest Algorithm |
A hash value that uses a one–way hash to help maintain integrity. There are several, the most common are MD5, MD4, and MD2. MD4 was used by NTLM to compute the NT hash.
|
|
|
What is
MD5 |
The newest version of the algorithm, it produces a 128–bit hash, but the algorithm is more complex than its predecessors and offers greater security. Its biggest weakness is that is does not have strong collision resistance, and is no longer recommended for use.
|
|
|
What is the
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) |
A hashing algorithm based on MD4 there were questions regarding its security and it has been replaced with a 160 bit version. There are also version that use 256 and 320 bits.
|
|
|
What is
GOST |
A symmetric cipher developed in the old Soviet Union that has been modified to work as a hash function. It processes a variable–length message into a fixed–length output of 256 bits.
|
|
|
What is
LANMAN |
A protocol used for authentication prior to the release of Windows NT. While functioning only has an authentication protocol, it used LM Hash and two DES keys.
|
|
|
What is
NT LAN Manager (NTLM) |
A protocol that replaced the LANMAN protocol and uses MD4/MD5 hashing algorithms.
|
|
|
What is a
Rainbow Table |
A table in which all of the possible hashes are computed in advance.
|
|
|
What is
Salt |
A countermeasure to Rainbow Tables, it works by adding bits at key locations, either before or after the hash.
|
|
|
What is
Key stretching |
The processes used to take a key that might be a bit weak and make it stronger, usually by making it longer.
|
|
|
What is the
Password–Based Key Derivation Function 2 (PBKDF2) |
A part of PKCS #5, it applies some function (like a hash or HMAC) to a password along with Salt to produce a derived key.
|
|
|
What is
Bcrypt |
Used with passwords, it uses a derivative of the Blowfish algorithm, converted to a hashing algorithm, to hash a password and add Salt to it.
|
|
|
What is
Frequency Analysis |
Looking at blocks of an encrypted message to determine if any common patterns exist. Initially, the analyst doesn't try to break the code, but looks at the patterns in the message.
|
|
|
What is
Chosen Plaintext |
An attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt the other messages encrypted with that key.
|
|
|
What is a
Related Key attack |
Similar to a chosen–plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys. It is a very useful attack if you can obtain the plaintext and matching ciphertext.
|
|
|
What is a
Brute–Force Attack |
Accomplished by applying every possible combination of characters that could be the key. Although it may take a long time to find the key, it can indeed be found.
|
|
|
What are the
Three Most Important Concepts in Security |
Confidentiality
Integrity Availability |
|
|
What is the
Work Factor |
An estimate of the amount of time and effort that would be needed to break a system.
|
|
|
What is a
Message Authentication Code (MAC) |
A common method of verifying integrity. It is derived from the message and a shared secret key.
|
|
|
What is a
Hash–Based Message Authentication Code (HMAC) |
A MAC that uses a hashing algorithm along with a symmetric key.
|
|
|
What is a
Digital Signature |
Validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Most implementations also use a hash to verify that the message has not been altered.
|
|
|
What is
Nonrepudiation |
Prevents one party from denying actions they carried out.
|
|
|
What is
Key Escrow |
Addresses the possibility that a third party may need to access keys used to encrypt/decrypt data. The keys are held in an account and made available if the third party requests them.
|
|
|
What is a
Key Recovery Agent |
An entity that has the ability to recover a key, key components, or plaintext messages as needed. Typically used to access information that is encrypted with older keys.
|
|
|
What is
Key Registration |
The process of providing certificates to users.
|
|
|
What is the
Certificate Revocation List (CRL) |
The most widely used method to find out if a key is still valid. It is literally a list of certificates that a specific CA states should no longer be used.
|
|
|
What is the
Online Certificate Status Protocol (OCSP) |
A real–time protocol that is replacing CRLs.
|
|
|
What is a
Request For Comment (RFC) |
The mechanism used to propose a standard. It's a document–creation process with a set of practices and can be categorized as standard, best practice, informational, experimental, or historic.
|
|
|
What is the
Internet Engineering Task Force (IETF) |
An international community of computer professionals that is mainly interested in improving the Internet. It is also very interested in security.
|
|
|
What is the
Internet Society (ISOC) |
A professional group whose membership consists primarily of Internet experts. It oversees a number of committees and groups, including the IETF.
|
|
|
What is the
World Wide Web Consortium (W3C) |
An association concerned with the interoperability, growth, and standardization of the World Wide Web.
|
|
|
What is the
International Telecommunications Union (ITU) |
Responsible for virtually all aspects of telecommunications and radio communication standards world wide.
|
|
|
What is the
Institute of Electrical and Electronics Engineers (IEEE) |
An international organization focused on technology and related standards. It is organized into several working groups and standards committees, and is actively involved in the development of PKC, wireless, and networking protocol standards.
|
|
|
What is
Public–Key Infrastructure X.509 (PKIX) |
The working group formed by the IETF to develop standards and models for the PKI environment.
|
|
|
What are the
Public–Key Cryptography Standards (PKCS) |
A set of voluntary standards created by RSA and security leaders. There are 15 published standards.
|
|
|
What is the
X.509 Standard |
Defines the certificates formats and fields for public keys. It also defines the procedures that should be used to distribute public keys and is the standard certificate format supported by the ITU.
|
|
|
What is an
End–Entity Certificate |
The most common certificate, which is issued by a CA to an end entity.
|
|
|
What is a
CA certificate |
Issued by one CA to another CA. The second CA can, in turn, then issue certificates to an end entity.
|
|
|
What do
All X.509 Certificates contain |
Signature
Version Serial Number Signature Algorithm ID Issuer Name Validity Period Subject Name Subject Public–Key Information Issuer Unique Identifier Subject Unique Identifier Extensions |
|
|
What is
Secure Sockets Layer (SSL) |
used to establish a secure communications connection between two TCP–based machines. The number of steps in the handshake is always between four and nine, inclusive, based on who is doing the documentation. One of the early steps will always be to select an appropriate cipher suite to use.
|
|
|
What is
Transport Layer Security (TLS) |
A security protocol that expands upon SSL and may replace SSL in the future.
|
|
|
What is the
Certificate Management Protocol (CMP) |
A messaging protocol used between PKI entities, and is used in some PKI environments.
|
|
|
What is the
XML Key Management Specification (XKMS) |
Designed to allow XML–based programs access PKI services, it is a standard that is build on CMP and uses it as a model.
|
|
|
What is the
Secure Multipurpose Internet Mail Extensions (S/MIME) |
A standard used for encrypting email and contains a signature. It uses the PKCS #7 standard and is the most widely supported standard used to secure email communications.
|
|
|
What is
Secure Electronic Transaction (SET) |
Provides encryption for credit card number that can be transmitted over the Internet. It was developed by Visa and MasterCard.
|
|
|
What is
Pretty Good Privacy (PGP) |
A freeware encryption system. It uses both symmetrical and asymmetrical systems as a part of its process.
|
|
|
What is
Secure Hypertext Transport Protocol (S–HTTP) |
HTTP with message security (added by using RSA or a digital certificate). Creates a secure message not a secure channel. It can use multiple protocols and mechanisms to protect the message. It also provides data integrity and authentication.
|
|
|
What is
Federal Information Processing Standard (FIPS) |
A set of guidelines for U.S. federal government information systems. It is used when an existing commercial or government system does not meet federal security requirements.
|
|
|
What is
Public–Key Infrastructure (PKI) |
A security framework that should work across multiple vendors, systems, and networks. It is a two–key, asymmetric system with four main components: Certificate Authority (CA), Registration Authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are encrypted with a public key and decrypted with a private key.
|
|
|
What is a
Certificate Authority (CA) |
An organization that is responsible for issuing, revoking, and distributing certificates.
|
|
|
What is a
Certificate |
A mechanism that associates the public key with an individual.
|
|
|
What is a
Certificate–Signing Request (CSR) |
A request formatted for the CA. It will have the public key you wish to use and your fully distinguished name (often a domain name).
|
|
|
What is a
Registration Authority |
Offloads some of the work from a CA and operates as a middle man. It can distribute keys, accept registration for the CA, and validate identities. It can not issue certificates.
|
|
|
What is a
Local Registration Authority (LRA) |
Can be used to identify or establish the identity of an individual for certificate issuance.
|
|
|
What are
Certificate Policies |
Define what certificates do (i.e. this certificate can only be used for email, or this certificate can only be used for e–commerce, etc)
|
|
|
What is a
Certificate Practice Statement (CPS) |
A detailed statement the CA uses to issue certificates and implement its policies. They should discuss how certificates are issued, what measures are taken to protect certificates, and the rules that CA users must follow in order to maintain their certificate eligibility.
|
|
|
What is
Certificate Revocation |
The process of revoking a certificate before it expires possibly due to the certificate being stolen, an employee leaving the company, or someone has had their access revoked.
|
|
|
What is the
Hierarchical Trust Model |
Also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next and only trust information provided by the root CA. The root CA also trusts the intermediate CAs that are in their level in the hierarchy and none that aren't.
|
|
|
What is the
Bridge Trust Model |
A peer–to–peer relationship exists among the root CAs. The root CAs can communicate with one another, allowing cross certification. Each intermediate CA trusts only the CAs above and below it, but the CA structure can be expanded without creating additional layers of CAs.
|
|
|
What is the
Mesh Trust Model |
Expands the concepts of the bridge model by supporting multiple paths and multiple root CAs. Each of the root CAs can cross–certify with the other root CAs.
|
|
|
What is the
Hybrid Trust Model |
Can use the capabilities of any or all of the trust models.
|
|
|
List a few:
Asymmetric Algorithms |
Diffie–Hellman
ElGamal Elliptic Curve (ECC) RSA |
|
|
List a few:
Hashing Algorithms |
SHA & SHA2
MD5, MD4, MD2 RIPEMD GOST LANMAN NTLM |
|
|
List two:
Key Stretching Methods |
PBKDF2
Bcrypt |
|
|
List a few:
Symmetric Algorithms |
DES, 3DES
AES, AES256 CAST RC4, RC6, RC6 Blowfish, Twofish IDEA One–Time Pads |
