Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
|
unit of data routed between an origin and a destination on the internet |
packet |
|
|
directs internet traffic. Decides where to forward a packet |
router |
|
|
computer that provides data to other computers. Might serve data to a system on a LAN or WAN |
Server |
|
|
computer hardware or software that access a service made available by a server |
CLient |
|
|
takes advantage of vulnerability same day vulnerability generally known. |
Zero Day exploit |
|
|
repair job for vulnerability in program |
patches |
|
|
replicates itself and infects other programs or files by attaching itself. needs hos to spread |
Virus |
|
|
Spread on their own from computer to computer. Doesn't need a host. Stand alone application |
worm |
|
|
Software program that masks itself as a regular program. Must run fake program to activate. Overwrites parts of hard drive. Cant replicate. |
Trojan |
|
|
A network of private computers infected with malware and controlled as a group without the owners knowledge. Eg to send spam messages |
Botnet |
|
|
Attacks multiple systems. Flood the bandwidth or resources of a targeted system. Usually one or more web servers. |
Distributed denial of service (DDoS) |
|
|
Security mechanism for separating and running a program that is untested or un-trusted without risking host machine. |
Sandboxing |
|
|
tricking people into breaking normal security protocol |
Social engineering |
|
|
tricking people into releasing their own personal information such as SS# |
Phishing (email) Smishing (sms) Vishing( phone call) |
|
|
Used to encrypt data. Generating a value or values from a text using a mathematical algorithm |
hashing |
|
|
adding a secret code to every password after it has been encrypted |
salting |
|
|
precomputed table for reversing hashing. cracking hashes |
rainbow table |
|
|
method of computer access control in which a user is granted access after presenting several pieces of evidence |
multifactor authentication |
|
|
evidence based knowledge about an existing or emerging threat |
Threat intelligence |
|
|
Network security system that monitors and controls the incoming and outgoing network traffic |
Firewall |
|
|
technology that exams network traffic flow to prevent vulnerability exploits |
Intrusion prevention system (IPS) |
|
|
detects and destroys computer viruses |
Anti-virus (AV) |
|
|
protects web applications/servers from attak |
Web application firewall (WAF) |
|
|
protects computers from a full spectrum of modern cyber attacks. Every process and every point. |
Next generation anti-virus (NGAV) |
|
|
strategy for making sure end users don't send sensitive or critical information outside the corporate network |
Data loss prevention ( DLP) |
|
|
Disguising origin of email |
Spoofs, look-alike domains, or display name deception |
|
|
Technology that creates a safe and encrypted connection over a less secure network, such as the internet. |
VPN |
|
|
software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities to upload and execute malicious code on the client. |
Exploit kit |
|
|
disseminating the tasks and associated privileges for a specific security process among multiple people |
Separation of duties |
|
|
the practice of limiting access to the minimal level that will allow normal functioning |
principle of least privilege (POLP) |
|
|
the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties. |
Encryption |
|
|
key pair is mathematically related, whatever is encrypted |
Public key Vs private key
|
|
|
type of encryption where the same key is used to encrypt and decrypt the message |
Symmetric encryption |
|
|
Encryption where keys come in pairs. What one key encrypts, only the other can decrypt. |
Asymmetric encryption |
|
|
software testing method in which the internal structure/ design/ implementation of the item being tested is NOT known to the tester |
Black box testing
|
|
|
software testing method in which the internal structure/ design/ implementation of the item being tested is known to the tester |
White box testing |
|
|
total sum of the vulnerabilities in a given computing device or network that are accessible to a hacker. |
attack surface |
|
|
network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time |
Advanced persistent threats |
