Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
56 Cards in this Set
- Front
- Back
Access Control
|
Get what you need and control what you need
|
|
Mandatory Access Control (MAC)
|
Resources assigned "security labels" if labels don't match access is denied |
|
Discretionary Access Control (DAC)
|
used if you want to restrict users' access to an object, for example like a folder.
|
|
Rule Based Access Control (RBAC)
|
Access Control Lists (ACL) are most common |
|
Authentication
|
finding out if something is actually what it states it is. Example: username and password |
|
Kerberos
|
- secure method for authenticating a request for a service on computer network - lets user request encrypted ticket to request service -uses symmetric-key cryptography |
|
Challenge-Handshake Authentication Protocol (CHAP)
|
- more secure that Password Authentication Procedure (PAP) -uses one way hash function, and matches based on from sender and receiver -mostly used on PPP based networks |
|
Password Authentication Procedure (PAP)
|
|
|
Certificates
|
digital certificate establishes your credentials for access some certificates conform to X.509 standard |
|
Username/password
|
must have both for access |
|
Tokens
|
used to authenticate user only used once aka "one time password" |
|
multifactor authentication
|
adds more levels to your current authentication method |
|
two factor authentication
|
based on two methods: something you have and something you know |
|
biometrics
|
Example: fingerprints, retinal scanner, voice recognition biometrics can be placed on smart card |
|
authorization
|
having permission to do something |
|
vulnerability scanning
|
|
|
TCP/IP
|
|
|
Denial of Service (DOS) attack Distributed Denial of Service attack (DDOS) |
DDOS is the launch of simultaneous attacks of zombies |
|
backdoor
|
opening left in functional piece of software that allows unknown entry
|
|
spoofing
|
hackers find IP address and replicate it to assume identity of the trusted sender. |
|
man in the middle attack
|
wireless systems are very susceptible to these attacks |
|
replay attack
|
hacker uses a sniffer to grab packets off the wire. hacker then extracts information from packets like passwords. once data is captured it can be placed back on network |
|
TCP/IP hijacking
|
popular method is source-routed IP packets. |
|
DNS poisoning
|
DNS servers are poisoned with bad information
|
|
Weak keys
|
Secret keys with a certain value which block cipher in question of certain regularities in encryption
|
|
mathematical attack
|
block ciphers that exhibit high degree of mathematical structure |
|
Birthday attack
|
form of brute force attack. |
|
Brute force attack
|
To defend them either have password length to long to crack or change passwords frequently |
|
Dictionary attack
|
form of password cracking. words are loaded into a file to help hacker crack your password. to defend this attack do not use simple passwords and known dictionary words |
|
war dialing attack
|
war dialer is program used to identify phone numbers that can successfully make connection with computer modem. |
|
war driving attack
|
penetrating wireless networks
|
|
buffer overflow attack
|
takes advantage of poorly written code
|
|
SYN flood attack
|
exploit 3 way handshaking of TCP/IP protocol.
|
|
Smurfing attack
|
Exploits ICMP and transmits echo request packet to network's broadcast address with a spoofed source address. The victim is then flooded with large number of echo replies. |
|
sniffing attack
|
use protocol analyzers to capture network traffic for passwords and other data. |
|
Ping of Death attack
|
attempt to crash your system by sending oversized packets to a host
|
|
port scanning attack
|
|
|
important port numbers
|
CHARGEN 19 HTTP 80 FTP-DATA 20 POP3 110 FTP 21 SNMP 161 SSH 22 HTTPS 443 RADIUS 1812 TELNET 23 SMTP 25 TACACS 49 |
|
passive attack
|
sit and wait. passively run the attack to exploit network example packet sniffing |
|
virus
|
form of malicious code that spreads from system to system by attaching to data or files |
|
Trojan horse
|
form of malicious code that lets hackers into networks because they look legitimate. upon execution they become malicious. |
|
logic bomb
|
lie dormant until one or more logical conditions are met to trigger exploit. |
|
worms
|
form of malicious code that exploits networking vulnerabilities to spread itself from system to system on its own accord |
|
anti-virus protection
|
|
|
remote access
|
ability to get access to a computer or network from a remote location |
|
802.1x
|
designed to enhance security of wireless local area networks that follow IEEE 802.11 standard - allows for an authentication framework for wireless LAN's - allows user to authenticated by central authority. |
|
Virtual Private Network (VPN)
|
allows company to internet safely uses encryption methods to tunnel across internet cheaper in price but bandwidth is not always guaranteed. can be used to form extranet |
|
Remote Authentication Dial-In User Service (RADIUS)
|
client/server protocol and maintains user profiles in central database authenticates dial in users, authorizes access, and enables remote access servers to communicate with central server |
|
Terminal Access Controller Access Control System (TACACS) and TACACS+
|
TACACS is old authentication protocol that allows remote access server to forward credentials to authentication server TACACS+ is extension of TACACS that allows multifactor authentication |
|
Point to Point Tunneling Protocol (PPTP)
|
WAN protocol that allows for tunneling. |
|
Layer Two Tunneling Protocol (L2TP)
|
Two main componenets of L2TP are Access Concentrator (LAC) and Network Server (LNS) |
|
Secure Shell (SSH)
|
commands are secure and encrypted uses RSA public key cryptography for both connection and authentication |
|
IPSEC
|
Security protocol that works at the network layer of OSI model two services are- Authentication Header which allow authentication of the sender and Encapsulating Security Payload (ESP) which allows authentication and encryption of data. |
|
OSI model
|
|
|
Secure Multi-Purpose Internet Mail Extensions (S/MIME)
|
- located in most web browsers |
|
|
|