Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
68 Cards in this Set
- Front
- Back
|
FTP
|
File Transfer protocol. Allow authenticated or anonymous access. Port 20 or 21
|
|
|
SFTP
|
A secure alternative to FTP. Uses SSH to secure comm
|
|
|
Anonymous FTP
|
Nameless FTP logon
|
|
|
Blind FTP
|
Blind FTP is a configuration of anonymous or authenticated FTP where uploaded files are unseen and unreable by visitors.
|
|
|
FTP vulnerabilities
|
Not all OS support long name
|
|
|
TCP/IP hijacking attacks
|
TCP/IP hijacking is a form of attack where the attacker takes over an existing comm session
|
|
|
Null session
|
A null session is a connection made to a system where no redentials are supplied by the client and thus no authentication process is performed by the server
|
|
|
Spoofing
|
Spoofing is the act of falsifying data
|
|
|
man-in-the-middle attack
|
A man-in-the-middle attack is a form of comm eavesdropping attack. Attackers position themselves in the comm stream between a client and server.
|
|
|
DoS
|
DoS is a form of attack that has the primary foal of preventing the victimized system from performing legitimate activity or responding to legitimate traffic.
|
|
|
Domain name kiting
|
A scheme or scam used to discover which new domain names drive the most profitable traffic and then keep those names indefinitely without having to pay the reg frees.
|
|
|
DNS poisoning
|
DNS poisoning is the act of falsifying the DNS info used by a client to reach a desired system
|
|
|
ARP poisoning
|
ARP poisoning is the act of falsifying the IP-to-MAC address resolution system employed by the TCP/IP protocol
|
|
|
Security Zones
|
A security zone is an area of network that has a single defined level of security.
|
|
|
DMZ
|
A demilitarize zone is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private LAN
|
|
|
Intranet
|
A private LAN
|
|
|
Extranets
|
An extranet is an intranet that functions as the DMZ for business-to-business transaction.
|
|
|
VLAN
|
Switches are often used to create VLANs, a logical creation of subnets out of a single physical network.
|
|
|
NAT
|
Network address translation
|
|
|
RFC 1918
|
Defines a list of non-routable address
A: 10.0.0.0 - 10.255.255.255.255 B: 172.16.0.0 - 172.31.255.255 C: 192.168.0.0 - 182.168.255.255 |
|
|
Routers
|
Connect broadcast domains
|
|
|
Switches
|
Used to create VLAN
|
|
|
Subnetting
|
Dividing a large network into segments
|
|
|
PBX
|
A private branch exchange is a computer or network controlled telephone system.
|
|
|
VoIP
|
VoIP ids a tunneling mechanism used to transport voice/data over TCP/IP network.
|
|
|
IDS
|
Intrusion detection system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.
|
|
|
2 types of IDS
|
Host based or network based
|
|
|
NIDS
|
Network-based IDS watches traffic in real time.
|
|
|
HIDS
|
Host-based IDS watches the audit trails and log files of a host system.
|
|
|
Detection mechanisms
|
Signature detection compares event patterns against known attack patterns stored in the IDS database.
|
|
|
Response methods
|
An IDS with active detection and response id designed to take the quickest action to reduce potential damage caused by an intruder.
|
|
|
Firewalls
|
Firewalls provide protection by controlling traffic entering and leaving a network. They manage traffic using filters or rules.
|
|
|
Types of firewalls
|
4 types of firewalls: Packet filtering, circuit-level gateway and application-level gateway. Stateful inspection firewall uses a combo of the first 3.
|
|
|
Honeypots
|
A honeypot is a fictitious environment designed to fool and lure attackers and intruders away from the private secured network. The purpose of deploying a honeypot is to provide an extra layer of protection for your private network and to gather sufficient evidence for prosecution against malicious intruders and attackers.
|
|
|
Protocol analyzer
|
A protocol analyzer is a tool used to examine the contents of network traffic.
|
|
|
Privilege escalation
|
Privilege escalation occurs when a user account is able to obtain unauthorized access to higher level of privileges.
|
|
|
Password guessing
|
Password attack by guessing and trying different passwords
|
|
|
Birthday attacks
|
The birthday attack exploits a mathematical property that states that if the same mathematical function is performed on two values and the result is the same then the original values are the same.
|
|
|
Back door attacks
|
The term back door can refer to two types of problems or attacks on a system: a developer-installed or hacker installed access.
|
|
|
Default accounts
|
Default accounts are any accounts that are predefined by the vendor.
|
|
|
Data emanation
|
Data emanation is the transmission of data across electromagnetic signals.
|
|
|
War driving
|
War driving is the act of using a detection tool to look for open AP for unauthorized access
|
|
|
SSID broadcast
|
Wireless networks announce their SSID on a regular basis that others can use to connect to the AP
|
|
|
Blue jacking
|
Blue jacking is the sending of messages to Bluetooth-capable devices without permission of the owner/user
|
|
|
Bluesnarfing
|
Bluesnarfing is the unauthorized accessing of data via a Bluetooth connection. This is data theft and is a crime
|
|
|
Rogue access points
|
A rogue wireless access point can be connected to any open network port or cable.
|
|
|
Weak encryption
|
Any cryptography system that either has a design or implementation flaw
|
|
|
802.11 and 802.11x
|
IEEE standard for wireless network comm
|
|
|
WEP
|
Wired Equivalent Privacy is defined by the IEEE 802.11 standard.
|
|
|
Site surveys
|
A site survey is the process of investigating the presence, strength and reach of wireless AP deployed in an environment.
|
|
|
Why proxy service?
|
The two major benefits of a proxy service are address masking and caching. Since the proxy service would browse the internet on behalf of the clients, the clients have no need to expose their own IP addresses to the outside world. In addition, since the proxy service usually comes with a proxy cache for caching contents, browsing performance can be enhanced even when you have a large group of web users to serve.
|
|
|
Why Network IDS?
|
You rely on intrusion detection systems to detect direct unauthorized attempts and to determine if a trend of unauthorized attempts is occurring. In a network-based IDS system, individual packets that flow through a network are analyzed.
|
|
|
Your company is in the process of locking down CIFS and SMB file and print sharing. Which of the following ports do you have to secure? (Choose all that apply.
|
138, 139
|
|
|
Services using an interprocess communication share such as network file and print sharing services leave the network susceptible to which of the following attacks?
|
A null session is a connection without specifying a user name or password. Null sessions are a possible security risk because the connection is not really authenticated. Spoofing is incorrect because spoofing involves modifying the source address of traffic or source of information. DNS kiting is incorrect because domain kiting refers to the practice of taking advantage of this AGP period to monopolize domain names without even paying for them. ARP poisoning is incorrect because ARP poisoning allows a perpetrator to trick a device into thinking any IP is related to any MAC address.
|
|
|
An intrusion detection system (IDS) detects an attacker and seamlessly transfers the attacker to a special host. What is this host called?
|
Padded cell
|
|
|
On a Windows Server, what tool can you use to analyze and configure computer security?
|
Security configuration and analysis
|
|
|
Which of the following specifically refers to the act of exploiting a bug in order to gain access to system resources that are under the protection of an application or user?
|
Privilege escalation
|
|
|
Logic bombs may be used for providing which of the following functions?
|
setting off a malicious function
|
|
|
Proxy server
|
Hiding internal IP configuration from public. Block external queries to internal servers. Content filtering and caching
|
|
|
Proxy server
|
1. Hiding internal client and IP
2. Support NAT 3. Provide caching 4. Content filtering |
|
|
Teardrop
|
Numerous partial IP packets are send to a victim with overlapping sequencing and offset values
|
|
|
Land attack
|
Numerous SYN packets are sent to the victim with src and dest addresses spoofed as the victim's address. The victim is confused because it is getting data that it has not sent
|
|
|
Ping flood
|
The attacker sends numerous ping echo request to pictim.
|
|
|
Ping of death
|
The attacker sends oversized ping packets to the victim.
|
|
|
Bonk
|
The attacker sends a corrupt UDP packet to DNS port 53
|
|
|
Boink
|
Same as Bonk but multiple UDP packets are send to multiple ports
|
|
|
Smurf
|
This form DRoS uses ICMP echo reply packets
|
|
|
Fraggle
|
This form of DRDoS uses UDP commonly directed to port 7 (echo port) or 19 (chargen port)
|
