Viewing All Flashcards for New Focus Questions
Questions
Answers
XSS:a vulnerability in web applications which attackers may exploit to steal users' information
Proxy Server: is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP Address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it caches responses from the remote server, and returns subsequent requests for the same content directly.
3DES:
In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
WPA2:WPA2 has replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security
Honeypot:
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
Create file hashes for website and critical system files, and compare the current file hahes to the baseline at regular time intervals
Mandatory Access Control:In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target
WPA2-Enterprise:WPA2 has replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security. Certification began in September, 2004; from March 13, 2006, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.
Temperature and humidity controls
SSH:Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).
Improper input validation Injection: An injection is often used to attack the security of a website by inputting statements in a web form to get a badly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer
Behavioral
Personal identifiable information PII
SCP:is a means of securely transferring computer files between a local and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol.
21:File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet.
To establish an FTP session, clients initiate a connection to an FTP server that listens on TCP port 21 by default. FTP servers respond with messages that prompt the client for FTP login credentials (username and password). FTP servers do not, however, send files from port number 21. Instead, the FTP protocol allows for a second connection to be established for data transfer after the control connection is established. Note that only FTP servers use port 21, not FTP clients.
Disable unused ports
PAT:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
Vishing:is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward
TCP 53 (Zone Transfer), and UDP 53 (Resources Requests)Refers to Domain Name Systems
Device encryption:Device encryption refers to the ability to protect local device data from offline hardware attacks by employing encryption. This is achieved by employing a file-based encryption filter. The master key for the encryption is protected with the user’s device lock PIN. When device encryption is enabled, during bootup the user is prompted to enter the PIN.
TCP 80 and TCP 443TCP 80- HTTP portTCP 443- HTTPS Hypertext Transfer Protocol over SSL/TLS
24)
Account lockout
Evil Twin:
Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers. Evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.
Making it more difficult to hide the malicious activity by insiders
SSH:Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).
IKE:Internet Key Exchange is the protocol used to set up a security association (SA) in the IPsec protocol suite. IPSec: Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. VPN: Virtual Private Network
Encrypt an email message
Group based privleges
Write communitities allows both read and write permissionsSNMP: Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more."It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
Private Key
LDAP:
The Lightweight Directory Access Protocol (LDAP; is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.LDAP is defined in terms of ASN.1 and transmitted using BER Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate electronic mail directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.X.500: X.500 is a series of computer networking standards covering electronic directory services
FTPS:
FTPS (also known as FTP Secure and FTP-SSL) is an extension to the commonly used File Transfer Protocol(FTP) that adds support for the Transport Layer Security(TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
Seperation of Duties
Loop Protection:
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.
Mandatory Vacations
Kerberos:is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography by utilizing asymmetric key cryptography during certain phases of authentication. Kerberos uses port 88 by default.
Peronally owned devices
Port Forwarding:
Full dis encytption only secures files when the laptop is powered off
Passive finger printing
Full Disk encryption
Impact and Likelihood
Protocol Analyzer:A "Protocol analyzer" is a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel.
23:Telnet Protocol-—unencrypted text communications
SHA1
SHA-1 produces a 160-bit message digest based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms, but has a more conservative design.
Fuzzing:is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes or failing built-in code assertions. Fuzzing is commonly used to test for security problems in software or computer systems
TACACS+ and SSHTACACS+: (Terminal Access Controller Access-Control System Plus) is an access control network protocol for routers, network access servers and other networked computing devices.
Unlike RADIUS and the predecessors of TACACS+ (TACACS and XTACACS), TACACS+ provides separate authentication, authorization and accounting services. Like RADIUS, TACACS and XTACACS, TACACS+ is an open, publicly documented protocol.SSH: Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure
Rainbow Tables:A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering the plaintext password, up to a certain length consisting of a limited set of characters.
Discretionary Access Control
Smurf Attack:is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages.
This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.
Group based ACL's
Radius:
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the Internet Engineering Task Force (IETF) standards.
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.
Soulder Surfing. Tailgating is wrong, this is another type of attack.
Server side input validation in a more secure system than client side input validation.
Deploy an anti-spam device to protect the network
Blue Jacking:is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another bluetooth enabled device via the OBEX protocol.
Change management
Install application updates
Remote Wipe
Sara the attacker overwhelms a system or application causing it to crash and bring the server down to cause an outage
Full disk encryption
Account lockout
Cable Locks
73)
Penetration Test
VPN with two factor authentication
78)
Blue jacking
Verify the users identity
Preperation, detection, containment, eradication, recovery
Dual a homing server
Ask the programmer to replicate the problem in a test environment.
Humidity controls
Host software baselining
ConfidentialityInegrity
Spam Filters
Two Factor authentication
Memory dump, ARP cache
Key escrow
The system shall require users to authentication to the system with a combination of a password or PIN and a smartcard
Continuos monitoring
Capability Maturity Model
Remotely initiate a device wipe
Antenna PlacementPower Levels
103)
MAC Filtering
Application Hardening
Install both the private and public key on the web server
Social Engineering
Update the CRLDeploy OCSP
Something you are
Zero day attack
Clean Desk policy
Shoulder surfing
Sperate the network into a number of different VLANs
The router sends queries to the access control server, the access control server handles proxy requests to third party patching and antivirus servers.
Establish a MAC limit and age
It's faster to encrypt an individual file
Cross site scripting
File Encryption
MD5
A degree of probability of loss
Business impact assessment
Fraggle Attack
To limit the number of endpoints connected through the same switch port
War chalking
RAID 5 and a storage area network
Legitimate traffic will be incorrectly blocked
WPA2
Password complexityAccount Lockout
The capacity of a system to resist unauthorized changes to stored information
Ticket granting server
Image hashes
146)
MBR
Disable SSID