Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
84 Cards in this Set
- Front
- Back
|
Servers |
A computer on the network that provides other computers access to resources, such as disk drivers, folders, printers, modems, scanners, and Internet access. (Shared resources) |
|
|
Clients |
A computer that uses the resources on a server. |
|
|
Transmission Control Protocol (TCP) |
Connection-oriented protocol that is responsible for the reliable delivery of Packet Datagram Units (PDUs) over wired and wireless internet |
|
|
Internet Protocol (IP) |
A Protocol that is used for communicating data across a packet switched inter-network using the Internet Protocol Suite, also referred to as TCP/IP |
|
|
Internet Protocol version Four (IPv4) |
The core of standards-based internetworking methods of the internet - still widely used. - used to to identify devices on a network through an addressing system - uses a 32-bit address scheme allowing for a total of 2^32 addresses |
|
|
Class A (IPv4) |
1-127 |
|
|
Class B (IPv4) |
128-191 |
|
|
Class C (IPv4) |
192-223 |
|
|
Class D (IPv4) |
Reserved for multicast |
|
|
Class E (IPv4) |
Reserved for future use, research and Development purposes |
|
|
Internet protocol version Six (IPv6) |
Net-generation Internet layer protocol for packet-switched internetworks and the Internet |
|
|
Name Resolution |
DNS name resolution means successfully mapping a DNS domain or host name to an IP address. A host name is an alias that is assigned to an IP node to identify it as a TCP/IP host. Computer must convert that web name into its associated IP address |
|
|
Address Resolution |
Packet Datagram Unit (PDU) arrives at a particular subnet, it must resolve the destination computers logical address to its physical address - help a packet reach a network |
|
|
IEEE 802.11 Series Standards |
Standards that specify the wireless "over-the-air" interface between a wireless client and a base station or access point, as well as among other wireless clients. |
|
|
IEEE 802.11a |
- Less prone to interference - Wireless network bearer operating in the 5 GHz ISM band with data rate up to 54 Mbps. - Cannot communicate with 802.11b |
|
|
IEEE 802.11b |
- First standard to take off - Wireless network bearer operating in the 2.4 GHz ISM band with data rates up to 11 Mbps - Subject to considerable interference |
|
|
IEEE 802.11g |
- Combined 802.11a and 802.11b into a single standard - Wireless network bearer operating in 2.4 GHz ISM band with data rates up to 54 Mbps - Improved modulation and collision avoidance allows faster speed and greater range |
|
|
IEEE 802.11n |
- Requires all but hand-held devices to use multiple antennas to implement a feature called multiple input/multiple output (MIMO), which enables the devices to make multiple simultaneous connections - Wireless network bearer operating in the 2.4 and 5 GHz ISM bands with data rates up to 600 Mbps. |
|
|
IEEE 802.11ac |
- Newest implemented standard - faster and more scalable version of 802.11n - Wireless network bearer operating below 6GHz to provide data rates of at least 1Gbps per second for multi-station operation and 500 Mbps on a single link |
|
|
Broadband |
Multiple signals being sent over a single transmission line at the same time
|
|
|
Baseband |
- Includes standards such as Ethernet - One signal is transmited at a time through baseband transmission lines Uses Time-Division Multiplexing (TDM) |
|
|
Passive Attack |
Include traffic analysis, monitoring unprotected communications, decrypting weakly encrypted traffic, and capture of authentication information "Sniffing" |
|
|
Active Attack |
Include attempts to circumvent or break protection features, introduce malicious code, or steal or modify information |
|
|
Close-In Attack |
Where unauthorized individual is in physical close proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information |
|
|
Insider Attack |
Can be malicious or non-malicious. Malicious insiders intentionally eavesdrop, steal or damage information, use information in a fraudulent manner, or deny access to other authorized users, Non malicious attacks typically result from carelessness, lack of knowledge, or intentionally circumventing security for such reasons as "getting the job done" |
|
|
Distribution Attack |
Focus on the malicious modification of hardware or software at the factory or during distrubition - can introduce malicious code into a product, such as a back door to gain unauthorized access to information or a system function at a later date |
|
|
Boot Sector Viruses |
Replaces the legitimenate boot-up instructions with viral code |
|
|
Macro Viruses |
Take advantage of the popularity of MS-Office macros, while harnessing the power of the programming language behind them. Will carry out whatever actions they are programmed to perform when when executed |
|
|
File-Infector Viruses |
Attach to an excutable file and copy themselves into memory whenever the host file is run It can then attach iteself to other files on a users' hard drive which continues over and over again |
|
|
Worms |
Run independently of users and travel between computers and accross networks |
|
|
Trojan Horse
|
Program that disguises itself as something useful but actually harms your system
|
|
|
Hardening
|
To close our avenues of attack is to eliminate vulnerabilities and reduce your overall risk (i.g. Anti-virus, firewalls, disabling unnecessary software/services, encryption, password policy, account lockout policy, disabling unused accounts, and trusted operating systems.) |
|
|
Classes of viral software
|
Boot sector viruses, macro, file-injector, worms, Trojan horse
|
|
|
Infection vectors |
Binary executable files, boot records of floppy disks and hard disk partitions might hold viral code, script files, Autorun script files, Macro-enabled Microsoft office files, Cross-site scripting vulnerabilities |
|
|
Protecting a Non-Encrypted Wireless Network
|
Ways to protect a WLAN without encrypting the entire network (SSID, Mac filtering, Power Levels, Captive Portals, Antenna Placement and VPN over Wi-Fi) |
|
|
Service Set Identifier (SSID)
|
Broadcasted name of a wireless network |
|
|
MAC Address Filtering
|
Access list of MAC addresses authorized to connect to the WAP |
|
|
Power Levels
|
This is increasing security by decreasing your WAP's power level
|
|
|
Captive Portals |
Where incoming users to complete a one-time "landing page" or portal to assure that users are aware of the terms and conditions of use
|
|
|
Antenna Placement |
Placement of WAP antennas that effect the impact of your WLAN security |
|
|
VPN over open WiFi
|
If a wireless network must remain unencrypted for matters of user convenience or connectivity, considering enforcing this
|
|
|
Protecting a Wireless Network through Encryption
|
Wired Equivalent Privacy (WEP) Extensible Authentication Protocol (EAP) Wi-Fi Protected Access (WPA) Wi-Fi Protected Access II (WPA2) |
|
|
Wired Equivalent Privacy (WEP)
|
This encryption method encrypts all data packets using a stream cipher called RC4, which relies on a 40-bit key plus a 24-bit Initialization Vector - Considered deprecated and should NOT be used for secure purposes |
|
|
Extensible Authentication Protocol (EAP)
|
- There are 40 "flavors" |
|
|
IEEE 802.1X
|
This standard defines how EAP should be applied across all IEEE 802 networks
- Also known as EAP over LAN |
|
|
Lightweight EAP (LEAP)
|
This was designed to address the authentication flaws of WEP and is a Cisco-proprietary method of EAP implementation - Still better than WEP but only should be used with sufficiently strong passwords |
|
|
Protected EAP (PEAP)
|
Tis is a method of encapsulating specific EAP methods within a securely encrypted TLS end-to-end tunnel - Strongly recommended, modern alternative to ELAP |
|
|
Wi-Fi Protected Access (WPA)
|
- Can be used in personal mode (Pre-shared Key) - Can be used in enterprise mode (WPA-EAP) this mode authenticates as well as encrypting - Still relied on RC4 encryption algorithm but upgraded to a 128-bit key |
|
|
Wi-Fi Protected Access II (WPA2)
|
This standard significantly improves on the RC4-dependent TKIP employed by WPA It is a method of employing the Advanced Encryption Standard (AES) which is a CCMP to protect all message traffic between wireless clients and a WAP. - Has two distinct modes that are PSK and Enterprise |
|
|
Directory and Resource Administrator (DRA)
|
A lookup table that allows users to associate a name with specific data points about that name (dictionary or a telephone book) |
|
|
X.500 |
- Assigned a Distinguished Name to every object that could be cataloged, and fit those names into a hierarchical structure called a Directory Information Tree - Upside down family tree |
|
|
Lightweight Directory Access Protocol (LDAP)
|
This is the most common directory structure that you will encounter and was designed to provide a "lightweight" alternative that would be easier to implement at a local level and are hierarchical and rely on DIT
|
|
|
Directory Information Tree (DIT)
|
A hierarchical structure that is used to catalog information |
|
|
Active Directory
|
This also allows administrators to create Domains of objects that are controlled by an aptly named Domain Controller server |
|
|
Tools that manage network accounts through Active Directory
|
Active Directory Users and Computers (ADUC) |
|
|
Organizational Units
|
Computer and User objects are organized by logical groups and represented in a nesting tree structure called ____ |
|
|
Directory Resource Administrator
|
Designed to minimize potential accidents by making mass actions more difficult to carry out Only one object can be manipulated at a time |
|
|
Domain Computer Account
|
These accounts are created and stored on a central server called the Domain Controller (DC) - Host machine cannot access domain resources until it has "joined" the domain computer account |
|
|
Local Computer Accounts
|
This is usually a local administrator account
Machine becomes part of a default "WORKGROUP" |
|
|
User Accounts
|
This stores information and attributes about the user and is created on a local computer or a domain controller using DRA.
|
|
|
Security Identifier
|
This is used for tracking rights and permission assignments through the domain
|
|
|
Administrator Accounts
|
This is where you create the account and assign applicable rights and permissions that are applied before the user can logon to a system or network |
|
|
Rights
|
This enables a user account or group to perform predefined tasks for example access to a server or authority to create accounts and manage server functions |
|
|
Permissions
|
|
|
|
Domain User Account
|
- Also called "network accounts" or "limited access accounts"
- No special abilities - Object hosted on the Domain Controller |
|
|
Local User Account
|
This account only gives access to the resources of the local computer and these accounts have permissions and rights that do not extend beyond the computer the account was created on. |
|
|
Local Administrator
|
This account allows you to manage the local computer, local users, local groups, and local resources |
|
|
Guest Accounts |
This provides a way for users to log on or gain access to resources without having a unique local username |
|
|
Group Accounts |
This account is a collection of objects: a collection of user and computer accounts, contacts, or other groups that can be managed as a single unit. These can be directory-based or local to a particular computer |
|
|
Local Groups
|
These can contain only local objects on a single host
|
|
|
Domain Groups
|
These can contain any other domain-type object |
|
|
Domain groups enable
|
- Simpler policy enforcement by assigning user rights to a group through Group Policy - Creation of e-mail distribution lists |
|
|
Domain Group Types
|
Security Groups |
|
|
Distribution Groups
|
These groups define collections of users for non-security purposes - Specifically for email distribution |
|
|
Security Groups |
- Rights and permissions assigned to a security group are inherited by the group's members |
|
|
Group Nesting |
This is when you add a group as a member of another group |
|
|
Organizational Account |
Are user accounts without a user - These are disabled on a domain controller - They exist on a domain to be shared as an email resource for multiple users with a specific organization |
|
|
User Datagram Protocol (UDP)
|
Connectionless, best-effort counterpart to TCP
|
|
|
Network Address Translation (NAT) |
This helps reduce congestion by allowing multiple nodes to share a single public IP address |
|
|
Planning Phase |
In this phase you want to consider 1 - Expected Traffic 2 - Technology 3 - Access Control methods 4 - Security - Perform a Site Survey |
|
|
Deployment Phase |
In this phase we.. Install Access points Install cabling to connect all WAPs to the LAN |
|
|
Securing |
In this phase we.. Must exercise Due Care and encrypt all traffic with the best available methods Consider filtering all connections with a list of pre-authorized MAC addresses |
|
|
Management/Support |
In this phase we.. Must remain vigilant in opperational support of WLANs |
|
|
Dial-up Technology |
This Internet access allows users to connect to the Internet via analog telephone lines over Public Switch Telephone Network |
