Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
105 Cards in this Set
- Front
- Back
|
FTP(Data)
|
TCP 20
|
|
|
FTP(Control)
|
TCP 21
|
|
|
SSH
|
TCP 22
|
|
|
Telnet
|
TCP 23
|
|
|
SMTP(Simple Mail Transfer Protocol)
|
TCP 25
|
|
|
DNS(Domain Name System)
|
TCP 53(Zone Tranfers), UDP 53(Look Ups)
|
|
|
DHCP(Dynamic Host Configuration Protocol)
|
UDP 67(Server), UDP 68(Client)
|
|
|
TFTP(Trivial File Transfer Protocol)
|
TCP 69
|
|
|
HTTP(Hypertext Transfer Protocol)
|
TCP 80
|
|
|
Kerberos
|
TCP 88
|
|
|
POP3(Post Office Protocol 3)
|
TCP 110
|
|
|
SunRPC(Sun Remote Procedure Call)
|
TCP 111(Port Mapper)
|
|
|
NetBIOS(Remote Procedure Call)
|
TCP 135
|
|
|
NetBIOS(Session)
|
TCP 139
|
|
|
SNMP(Simple Network Management Protocol)
|
UDP 161
|
|
|
BGP(Border Gateway Protocol)
|
TCP 179
|
|
|
LDAP(Lightweight Directory Access Protocol)
|
TCP 389
|
|
|
HTTPS(Hypertext Transfer Protocol over Secure Socket Layer)
|
TCP 443
|
|
|
NetBIOS(Directory Services)
|
TCP 445
|
|
|
SYSLOG
|
UDP 514
|
|
|
FTPS(File Transfer Protocol over SSL/TLS)
|
TCP 990
|
|
|
POP3(POP over SSL/TLS)
|
TCP 995
|
|
|
What can some common programming errors result in?
|
System compromise, allowing for privilege escalation.
|
|
|
Viruses:
|
Infect systems and spread copies of themselves. Usually require user interaction for replication.
|
|
|
Trojans:
|
Disguise malicious code within apparently useful applications or files.
|
|
|
Logic Bombs:
|
Trigger on a particular date or event.
|
|
|
Worms:
|
Self-Replicating forms of other types of malicious code.
|
|
|
Bots:
|
Systems that can be controlled by outside sources.
|
|
|
Rootkits:
|
Pieces of software that can be installed and hidden on a computer, mainly for the purpose of compromising the system.
|
|
|
Spyware:
|
Software on your PC that is sending information about you and your surfing habits to a remote location.
|
|
|
Spam:
|
Term that refers to the sending of unsolicited commercial email.
|
|
|
What are the ways in which the BIOS can be compromised?
|
BIOS Password, known vulnerabilities, and bypassing access control.
|
|
|
True or False: Small, high capacity removable storage devices present a considerable concern when it comes to corporate security?
|
True
|
|
|
What are the common web vulnerabilities to watch for?
|
Java, Javascript, ActiveX, Cookies, CGI Vulnerabilities, and SMTP Relay Vulnerabilities.
|
|
|
Protocol Vulnerabilities Include:
|
TLS, LDAP, FTP(anonymous access and unencrypted authentication), WEP(key analysis)
|
|
|
What is necessary before deploying a WLAN?
|
A Site Survey.
|
|
|
What qualifies as a Denial of Service attack?
|
A disruption of normal network services.
|
|
|
Smurf:
|
Attack based on ICMP echo reply.
|
|
|
Fraggle:
|
Smurf-like, based on UDP packets.
|
|
|
Ping Flood:
|
Blocks service through repeated pings.
|
|
|
SYN Flood:
|
Repeated SYN requests without an ACK.
|
|
|
Land:
|
Exploits TCP/IP stacks using spoofed SYNs(the same source and port appears in both source and destination)
|
|
|
Teardrop:
|
An attack using overlapping, fragmented UDP packets that can't be reassembled correctly.
|
|
|
Bonk:
|
An attack on port 53 using fragmented UDP packets with bogus reassembly information.
|
|
|
Boink:
|
Bonk-like attack on multiple ports.
|
|
|
True or False:
Back doors allow access to a system and can only be introduced through malicious means. |
False. Back doors can also be left in by programmers who forgot to take them out during the testing phase.
|
|
|
Spoofing:
|
The process of making data look as if it came from a trusted or legitimate origin.
|
|
|
What is a Man-in-the-Middle attack?
|
An attack involving the interception of traffic between two systems using a third system pretending to be the others.
|
|
|
What is a Replay Attack?
|
An attack that re-posts or re-sends captured data.
|
|
|
How does TCP/IP Hijacking work and how can it be prevented?
|
The session is hijacked by one system pretending to be the other system in the communication by possibly DoS'ing it and then spoofing its IP Address.
It can be mitigated by using encryption, such as IPSec. |
|
|
What are Mathematical Attacks?
|
Cryptographic Key cracking.
|
|
|
What is Password-Guessing?
|
Brute-Force or Dictionary attacks that repeatedly guess logons and passwords.
|
|
|
What is a Null Session?
|
A connection without specifying a username and password.
|
|
|
DNS Poisoning:
|
Allows a perpetrator to redirect traffic by changing the IP record for a specific domain, thus permitting the attacker to send legitimate traffic anywhere they choose.
|
|
|
ARP Poisoning:
|
The attacker deceives a device on your network, poisoning its table associations of other devices.
|
|
|
Domain Kiting:
|
Practice of taking advantage of the Add Grace Period to monopolize domain names without ever paying for them.
|
|
|
What is a HIDS(Host Intrusion Detection System)?
|
Systems implemented to monitor event and application logs, port access, and other running processes.
|
|
|
What is Anti-Virus software used for?
|
To scan for malicious code present in the system, whether downloaded or copied from other systems.
|
|
|
What is the main component of Anti-Spam Software and how does it work?
|
Heuristic filtering, and it has a predefined rule set that compares incoming email information against the rule set.
|
|
|
What are the perks of Virtualization?
|
It gives an organization more control over the environment because applications can be isolated and hardware resources can be shared.
|
|
|
What types of firewalls are we concerned with and at what level of the OSI model do they work?
|
Packet-Filtering(Network - Layer 3)
Proxy-Service(Session - Layer 5 and Application - Layer 7) Stateful-Inspection(Application - Layer 7) |
|
|
What are NIDS(Network Intrusion Detection Systems) designed to do?
|
Catch attacks in progress within the network, not just on individual machines or the boundary between private and public networks.
|
|
|
What are the uses of a Proxy Server?
|
They can be placed between the private network and the internet for Internet Connectivity or internally for web content caching.
|
|
|
Where would you want to place a Protocol Analyzer?
|
In-line or in between the devices from which you want to capture traffic.
|
|
|
What should Access Control take into consideration?
|
Direct Access, Network Access, Facilities, and the environment supporting a system.
|
|
|
True or False:
Print and File Sharing increases the risk of intruders being able to access any of the files on the a computer's hard drive. |
True.
|
|
|
What is a common method for assigning Allow/Deny rights to an account or group of accounts?
|
ACLs(Access Control Lists)
|
|
|
What is Identity Proofing?
|
A process that binds users to authentication methods.
|
|
|
What is Authentication?
|
Determining the identity of the account attempting to access the resources.
|
|
|
Kerberos Authentication:
|
Ticket-based, symmetric key authentication system involving a KDC. Kerberos 5 supports Mutual Authentication.
|
|
|
CHAP:
|
Involves the exchange of hashed values for authentication.
|
|
|
Certificates are using with a PKI to provide what?
|
An asymmetric key solution.
|
|
|
What is the most common form of authentication?
|
Username and Passwords.
|
|
|
What is Token-Based Authentication?
|
A strong form of authentication requiring the user to possess a token item.
|
|
|
What is Biometric Authentication?
|
System that uses something you are, such as your hand, finger, or iris for authentication.
|
|
|
What items does Remote Access entail?
|
802.11x(Wi-Fi), VPN connections, Dial-up(using RADIUS, TACACS, or TACACS+), SSL connections, and Packet-level authentication via IPSec in the network layer(Layer 3) of the OSI Model.
|
|
|
What are the common VPN Protocols used for connections?
|
PPTP or L2TP
|
|
|
SSH is a secure version of what?
|
Telnet.
|
|
|
What is RAS for?
|
It allows remote dial-up(Telecom/PBX) or VPN connections.
|
|
|
Which protocols can be used to secure email?
|
S/MIME or PGP
|
|
|
What security threats does Email and Instant Messaging commonly suffer from?
|
Spam and hoaxes.
|
|
|
What is commonly used to secure web connectivity?
|
HTTPS, SSL, and TLS.
|
|
|
What are the various Access Control types?
|
MAC, DAC, RuleBAC, and RoleBAC.
|
|
|
What are the two basic methods of Intrusion Detection?
|
Knowledge Based and Behavior Based
|
|
|
What are the different types of Intrusion Detection Systems?
|
Knowledge or Behavior on a Network-based or Host-based configuration.
|
|
|
How may incidents be handled?
|
Detection, deflection, or countermeasures.
|
|
|
What is a security baseline?
|
A measure of normal network activity against which behavior-based IDSs measure network traffic to detect anomalies.
|
|
|
What is hardening, in relation to network security?
|
The process of securing a host network or application to resist attacks.
|
|
|
What are the key services that should be considered when implementing network hardening?
|
Web, email, FTP, DNS, NNTP, DHCP, file, print, and data repository servers.
|
|
|
What are some of the more common network diagnostic tools worth knowing about?
|
ping, tracert/traceroute, nslookup, netstat, ipconfig/ifconfig, telnet, and SNMP
|
|
|
Symmetric Key Algorithms depend upon what?
|
A shared single key for encryption and decryption.
|
|
|
What are the most common Symmetric Key Algorithms?
|
DES, 3DES, AES, Blowfish, IDEA, and the Rivest Ciphers, RC2, RC4, RC5, and RC6.
|
|
|
How do Asymmetric Keys work?
|
The algorithms use a public key for encryption and a private key for decryption.
|
|
|
RSA, Diffie-Hellman, El Gamal, and Elliptic Curver Cryptography are examples of what?
|
Asymmetric Key Algorithms.
|
|
|
What is a Hashing Algorithm?
|
One that uses a mathematical formula to verify data integrity.
|
|
|
What does cryptographic hashing improve?
|
Confidentiality.
|
|
|
Error checking within encryption/decryption schemes ensures what?
|
Data integrity.
|
|
|
What are digital signatures used for?
|
To sign data so that the recipient can verify the data's origin.
|
|
|
What kind of key does PKI rely upon?
|
Asymmetric.
|
|
|
What are certificates?
|
Digitally signed blocks of data that may be used within a PKI setting.
|
|
|
Everything as a Service(EaaS)
|
For a price, nearly anything that user or company would want to use a cmputing system for can be delivered to them by a cloud provider through the cloud infrastructure, typically though a thin client or web interface.
|
|
|
Infrastructure as a Service(IaaS)
|
Provides the ability to quickly stand up virtual machines, storage devices, and other infrastructure that would otherwise require purchase of physical devices.
|
|
|
Platform as a Service(PaaS)
|
Provides the framework of an operating system and associated software required to perform a function(For example, the Linux operating system and components needed to run a web server).
|
|
|
Software as a Service(SaaS)
|
Lease software, such as applications and databases, allowing rapid roll out to greater user community.
|
|
|
Security as a Service(SECaaS)
|
Allows offloading security monitoring and administration to a third part provider on a subscription model. Often, this third party is responsible for antivirus, antimalware, intrusion detection, and other security focused monitoring services.
|
