• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/56

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

56 Cards in this Set

  • Front
  • Back
Access Control
Get what you need and control what you need
Mandatory Access Control (MAC)


Multi-level security and non-discretionary


Resources assigned "security labels" if labels don't match access is denied
Discretionary Access Control (DAC)
used if you want to restrict users' access to an object, for example like a folder.
Rule Based Access Control (RBAC)


looks at every request and performs match based on set of conditions. Access is granted depending on the result of the match.




Access Control Lists (ACL) are most common
Authentication

finding out if something is actually what it states it is. Example: username and password
Kerberos

- secure method for authenticating a request for a service on computer network


- lets user request encrypted ticket to request service


-uses symmetric-key cryptography
Challenge-Handshake Authentication Protocol (CHAP)

- more secure that Password Authentication Procedure (PAP)


-uses one way hash function, and matches based on from sender and receiver


-mostly used on PPP based networks
Password Authentication Procedure (PAP)

Certificates

digital certificate establishes your credentials for access


some certificates conform to X.509 standard
Username/password


Authentication based on credentials of username and password


must have both for access
Tokens


devices that store information on a user


used to authenticate user


only used once aka "one time password"
multifactor authentication


based on two or more methods


adds more levels to your current authentication method
two factor authentication

based on two methods:


something you have and something you know
biometrics


based on human characteristics or smart card


Example: fingerprints, retinal scanner, voice recognition


biometrics can be placed on smart card
authorization

having permission to do something
vulnerability scanning


method to identify problems that exist on networks
TCP/IP

Denial of Service (DOS) attack


Distributed Denial of Service attack (DDOS)


disruption of service to legitimate users


DDOS is the launch of simultaneous attacks of zombies
backdoor
opening left in functional piece of software that allows unknown entry
spoofing


used to gain unauthorized access


hackers find IP address and replicate it to assume identity of the trusted sender.
man in the middle attack


attacker is able to intercept traffic by placing themselves between a conversation. Process of fooling both parties to make them think they are communicating privately


wireless systems are very susceptible to these attacks
replay attack

hacker uses a sniffer to grab packets off the wire. hacker then extracts information from packets like passwords. once data is captured it can be placed back on network
TCP/IP hijacking


also known as "session hijacking". Hacker takes over TCP/IP session between to machines.


popular method is source-routed IP packets.
DNS poisoning
DNS servers are poisoned with bad information
Weak keys
Secret keys with a certain value which block cipher in question of certain regularities in encryption
mathematical attack

block ciphers that exhibit high degree of mathematical structure
Birthday attack

form of brute force attack.
Brute force attack


form of password cracking. Will attempt every single password combination known to crack password.


To defend them either have password length to long to crack or change passwords frequently
Dictionary attack

form of password cracking. words are loaded into a file to help hacker crack your password.




to defend this attack do not use simple passwords and known dictionary words
war dialing attack


running a modem scanning tool against a PBX or dialup modem.


war dialer is program used to identify phone numbers that can successfully make connection with computer modem.
war driving attack
penetrating wireless networks
buffer overflow attack
takes advantage of poorly written code
SYN flood attack
exploit 3 way handshaking of TCP/IP protocol.
Smurfing attack

Exploits ICMP and transmits echo request packet to network's broadcast address with a spoofed source address. The victim is then flooded with large number of echo replies.
sniffing attack

use protocol analyzers to capture network traffic for passwords and other data.
Ping of Death attack
attempt to crash your system by sending oversized packets to a host
port scanning attack


performed by running vulnerability scanner on a system to see what ports are open
important port numbers


ECHO 7 DNS 53


CHARGEN 19 HTTP 80


FTP-DATA 20 POP3 110


FTP 21 SNMP 161


SSH 22 HTTPS 443


RADIUS 1812 TELNET 23


SMTP 25


TACACS 49
passive attack

sit and wait. passively run the attack to exploit network


example packet sniffing
virus

form of malicious code that spreads from system to system by attaching to data or files
Trojan horse

form of malicious code that lets hackers into networks because they look legitimate. upon execution they become malicious.
logic bomb

lie dormant until one or more logical conditions are met to trigger exploit.
worms

form of malicious code that exploits networking vulnerabilities to spread itself from system to system on its own accord
anti-virus protection

remote access

ability to get access to a computer or network from a remote location
802.1x

designed to enhance security of wireless local area networks that follow IEEE 802.11 standard


- allows for an authentication framework for wireless LAN's


- allows user to authenticated by central authority.
Virtual Private Network (VPN)


way to use public infrastructure to provide remote offices or users with secured access to their home network.


allows company to internet safely


uses encryption methods to tunnel across internet


cheaper in price but bandwidth is not always guaranteed.


can be used to form extranet
Remote Authentication Dial-In User Service (RADIUS)

client/server protocol and maintains user profiles in central database


authenticates dial in users, authorizes access, and enables remote access servers to communicate with central server
Terminal Access Controller Access Control System (TACACS) and TACACS+

TACACS is old authentication protocol that allows remote access server to forward credentials to authentication server


TACACS+ is extension of TACACS that allows multifactor authentication
Point to Point Tunneling Protocol (PPTP)

WAN protocol that allows for tunneling.
Layer Two Tunneling Protocol (L2TP)


Extension of PPTP used to enable the operation of VPN over the internet


Two main componenets of L2TP are Access Concentrator (LAC) and Network Server (LNS)
Secure Shell (SSH)


protocol for securely getting access to a remote computer


commands are secure and encrypted


uses RSA public key cryptography for both connection and authentication
IPSEC

Security protocol that works at the network layer of OSI model


two services are- Authentication Header which allow authentication of the sender and Encapsulating Security Payload (ESP) which allows authentication and encryption of data.
OSI model

Secure Multi-Purpose Internet Mail Extensions (S/MIME)


method of sending email that uses RSA encryption


- located in most web browsers