Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
23 Cards in this Set
- Front
- Back
|
Capture and decodes traffic going across the wire. (works at layer 1 and 2) sort by protocol; promiscuous mode for NIC; Wireshark, Etherpeek (AKA Packet Sniffer, Sniffer)
|
Protocol Analyzer
|
|
|
Identifies all active hosts on a network; NMAP (works at network layer, layer 3)
|
Network Mapper
|
|
|
Search for port vulnerabilities (Transport Layer, Host Layer, Layer 4)
|
Port Scanner
|
|
|
Port is listening; reply that port is available
|
OPEN
|
|
|
Port is not listening; reply that service is unavailable.
|
CLOSED
|
|
|
Port is not listening; no reply
|
BLOCKED
|
|
|
Scanner to search for vulnerabilities to specific listening services (Layer 5,6,7) individual listening applications); NESSUS
|
Vulnerability Scanner
|
|
|
Language; used by professionals to share descriptions of vulnerabilities, fixes, and vendor details.
|
OVAL
|
|
|
Cain & Able; John the Ripper; LC4 (l0phtcrack)
|
Password Cracker
|
|
|
Dictionary of words and common words.
|
Dictionary attack
|
|
|
All possible combinations
|
Brute Force Attack
|
|
|
Combines dictionary and brute force methods by trying all combinations of a dictionary. (capitalization, letter substitution)
|
Hybrid attack
|
|
|
Table of passwords and associated hashes for quick lookup; defeat with salt.
|
Rainbow Table
|
|
|
Access model; security, objects, labels.
|
MAC (Mandatory Access Control)
|
|
|
Owner created, owner controlled.
|
DAC (Discretionary Access Control)
|
|
|
Based upon roles for job function (role); rules for times, or location.
|
RBAC (Role/Rule Based Access Control)
|
|
|
No access without expressed authorization.
|
Implicit Deny
|
|
|
Complete access unless authorization is specifically denied.
|
Explicit Deny
|
|
|
Access only granted to information needed to perform function.
|
Need to Know
|
|
|
Only granted privileges needed to perform function.
|
Least Privilege
|
|
|
Logging
Access (Files or the system) |
Security Log
|
|
|
Logging
Hardware (effect is system wide, like adding hardware to the system) |
System Log
|
|
|
Logging
Software (effect is within a specific application) |
Application Log
|
