Term
| What do firewalls do with packets? |
|
Definition
| Examines each packet passing through making sure its not a provable attack. |
|
|
Term
|
Definition
| Filters traffic passing between different parts of the site's internal network. |
|
|
Term
|
Definition
| Firewall examines packets entering the network from the outside. |
|
|
Term
|
Definition
| The firewal filters packets when they are leaving the network. |
|
|
Term
| What does it mean that a firewall should operate at wire speed? |
|
Definition
| Firewalls must have the capacity to handle the incoming traffic volume with heavy attacks. |
|
|
Term
|
Definition
| Sits at the boundary between the corporate site and the external Internet. |
|
|
Term
|
Definition
| The maximum speed of data coming into each port. |
|
|
Term
| Stateful Packet Inspection (SPI) |
|
Definition
| Firewall filtering mechanism that nearly all main border firewalls use as their primary inspection mechanism. |
|
|
Term
| Which port number is well-known for "Port 80?" |
|
Definition
|
|
Term
| Which port number is well-known for "Port 20/21?" |
|
Definition
|
|
Term
| Which port number is well-known for "Port 22?" |
|
Definition
|
|
Term
| Which port number is well-known for "Port 25?" |
|
Definition
| Simple Mail Transfer Protocol (SMTP) |
|
|
Term
| Which port number is well-known for "Port 53?" |
|
Definition
|
|
Term
| Intrusion Detection Systems (IDSs) |
|
Definition
| Examines streams of packets to look for suspicious activities that indicate possible attacks. Similar to a car or house alarm once the IDS suspects suspicious movement in progress it'll send an alarm message to the security adminstrator. |
|
|
Term
| Intrusion Prevention Systems (IPSs) |
|
Definition
| Use IDS filtering mechanisms and allowed to stop traffic at the high end of the attack confidence spectrum. |
|
|
Term
|
Definition
| Series of a rules that are exceptions to the default behavior. |
|
|
Term
|
Definition
| ACLs internally initiate connection-opening attempts specify conditions under which it should be prevented. |
|
|
Term
|
Definition
| ACLs externally initiate connection-opening attempts specify conditions under which certain attempts should be accepted. |
|
|
Term
|
Definition
| A period, phase, or stage in a connection. A distinct phase in a connection between two applications. |
|
|
Term
|
Definition
| Persistent conversations between different computers. |
|
|
Term
| How is a connection represented? |
|
Definition
| It's used like a telephone in a conversation between two people. |
|
|
Term
| Why are stateful packets inspections firewalls inexpensive? |
|
Definition
| Simple for packets that do not attempt to open a connection. Consequently, nearly all are handled quickly. |
|
|
Term
| Network Address Translation (NAT) |
|
Definition
| Used in firewalls that use various types of examination methods as a second type of protection. |
|
|
Term
|
Definition
| Consist of the NAT firewall and places the internal socket and the external socket in the table. |
|
|
Term
|
Definition
| Translate network IP addresses and port numbers. |
|
|
Term
|
Definition
| Provides automatic protection offered by application proxy firewalls unlike the SPI. Hides the internal IP addresses, header destruction, and protocol fidelity. |
|
|
Term
|
Definition
| A subnet that contains all of the servers and application proxy firewalls that must be accessible to the outside world. |
|
|
Term
|
Definition
| A source that captures packets and notes the IP address that allows attackers to learn about the network's host IP address and have access to their port numbers without sending a probe packets. |
|
|
Term
| Characteristics of sniffers |
|
Definition
| Ability to send attacks packets to the available IP adresses and port numbers. |
|
|
Term
| Why are deep packet inspections important? |
|
Definition
| Examines all fields of the packet, including the IP header, the TCP/UDP header, and the application message. |
|
|
Term
|
Definition
| Instead of just individual packets for dangerous pattenrs is very processing-intensive. |
|
|
Term
| Why do half open (SYN flooding) DoS attacks cause problems for servers? |
|
Definition
| The packets have the same format as the legitimate packets. |
|
|
Term
| What can be done to to stop half-open DoS attacks? |
|
Definition
| Companies that own infected computers must stop their computers from sending out DoS attack packets. |
|
|
Term
| Three hosts thst are usually placed in DMZ? |
|
Definition
| Public webservers, Application Proxy Servers, and a DNS server that only knows the host names and IP addreses within DMZ. |
|
|
Term
| Why is vulnerability testing necessary? |
|
Definition
| To detect if the ACL rules are intact due to the complexity of writing each rule and to make sure all the rules went through during the installation process. |
|
|
Term
|
Definition
| Contains selected data from each packets that was dropped |
|
|
Term
| How can attackers avoid the border firewall? |
|
Definition
| Avoid the firewall filtering completely. Work with someone that's already apart of the network. Attack and compromise an internal computer. Allow drive-by hackers to enter the site with an access point. Compromise the users personal devices when they connect to the network with their tablets and phone and other devices. |
|
|
Term
|
Definition
| A new attack that are made before signatures are defined. |
|
|
Term
|
Definition
| The policy-driven control of access to systems, data, and dialogues. |
|
|
Term
|
Definition
| The process of assessing the identity of each individual claiming to have permission to use a resource. |
|
|
Term
|
Definition
| Specific permissions that a particular authenticated user should have, given his or her authenticated identity. |
|
|
Term
|
Definition
| Collecting information about an individual's activities in log files. |
|
|
Term
| Four bases of authentication credentials |
|
Definition
| What you know (a pasword or private key), What you have(a physical key or a smart card), Who you are(your fingerprint), What you do(how you specifically pronounce a passphrase) |
|
|
Term
| Two factor of authentication |
|
Definition
| Using two credentials in order to gain to private information such as a verbal voice recognition and an active smart card key to scan with pin. |
|
|
Term
| Role-Based Access Control (RBAC) and its benefits |
|
Definition
| Cheaper and less error-prone than basing access rules on individual accounts |
|
|
Term
| ISO/IEC 27002's Security Clause 9 |
|
Definition
| Physical and environmental security: securing offices, rooms, and facilities. |
|
|
Term
| Controls for equipment disposals/reuse and offsite equipment maintenance. |
|
Definition
| Only authorized people are allowed access to the equipment. The equipment must be logged off and logged back in with the users' specification. |
|
|
Term
|
Definition
| Enforcing entrance controls is very dificult because of a social engineering trick. |
|
|
Term
|
Definition
| An attacker goes through a firm's trash bins looking for documents, backup tapes, floppy disks, and other information-carrying media. |
|
|
Term
|
Definition
| Passwords used for weeks and/or months at a time. |
|
|
Term
|
Definition
| Passwords is only used once. |
|
|
Term
| Why is password cracking over a network difficult? |
|
Definition
| Once you try to log in and repeatedly use the wrong information the account will lock itself and it'll frustrate attackers that try to attempt to hack the account. |
|
|
Term
| What is brute-force password guessing? |
|
Definition
| Try to decipher the password using the 26 alphabetic characters, or 52 upper and lower case letters, or 62 alphanumeric characters, or using all 75 characters available on a modern keyboard. |
|
|
Term
| What is a dictionary attack? |
|
Definition
| Depicting of random passwords that are commonly used. |
|
|
Term
|
Definition
| The longer the password increases the difficulty for hackers to break and figure out your passwords. |
|
|
Term
|
Definition
| Authentication cards that contain data on a magnetic stripe. |
|
|
Term
|
Definition
| Authentication card that contains a microprocessor. |
|
|
Term
| What is the attraction of proximity tokens? |
|
Definition
| By simply walking up to the computer or door you'll be granted access after you authorize your information into the system. |
|
|
Term
| What is a personal indentification number (PIN)? |
|
Definition
| Passwords that are used with physical access devices that are usually four to six digits long. |
|
|
Term
| What is biometric authentication? |
|
Definition
| Based on something you are or something you do. Make reusable passwords obsolete. |
|
|
Term
| What is false acceptance? |
|
Definition
| A match to a template that should not be made. |
|
|
Term
|
Definition
| The supplicant is incorrectly rejected as a match to a template when the applicant should be accepted as a match. |
|
|
Term
| Which is worst false acceptance or rejection? |
|
Definition
| Depending on the content they both aren't good, but overall false rejection is a major security violation. |
|
|
Term
| What is failure to enroll? |
|
Definition
| A type of error that occurs when the system doesn't enrolla user. |
|
|
Term
|
Definition
| A supplicant claims to be a particular person, and the challenge is to measure the supplicant's biometric access data against the template of the person he or she claims to be. |
|
|
Term
|
Definition
| The supplicant doesn't claim to be a particular person in contrast. |
|
|
Term
| What will be the FAR for verification? |
|
Definition
| One in a thousand, 0.1 percent. |
|
|
Term
| What will be the FAR for identification? |
|
Definition
|
|
Term
| What is the principle of least permissions? |
|
Definition
| Each person should only get the permissions that he or she absolutely needs to do his or her job. |
|
|
Term
|
Definition
| Records and analyzes what the person or program actually did. |
|
|
Term
| What is Death of the perimeter? |
|
Definition
| A phrase used by network administrators to convey the idea that creating a 100 percent secure network is impossible. |
|
|
Term
| The purpose for DoS attacks |
|
Definition
| To cause harm, in regards to to corporations this can comein the form of losses related to online sales, industry reputation, employee productivity, or customer loyalty. |
|
|
Term
|
Definition
| Flooding the victim directly. |
|
|
Term
|
Definition
| Spoofing the source address and then flood the victim. |
|
|
Term
|
Definition
| Handler can update the software to change the type attack the bot can do, Peer-to-peer redirect. |
|
|
Term
|
Definition
| Incorrectly configured router, Broadcasts to internal hosts. |
|
|
Term
|
Definition
| Causes a victim to crash, Ping of death, SMS of death. |
|
|
Term
|
Definition
| Direct or indirect attacks can only succeed if the attacker can flood the victim with more requests than the victim can handle. |
|
|
Term
|
Definition
| Attackers don't like to send direct attacks, therefore they use spoofed IP addresses that hide their original IP address from being visible. |
|
|
Term
|
Definition
| When a victim sends responses to the spoofed IP address used by the attacker, and inadvertently floods an unintended victim. |
|
|
Term
|
Definition
| A victim is flooded with SYN packets in an attempt to make many half-open TCP connections. |
|
|
Term
|
Definition
| A victim is flooded with ICMP packets that appear to be normal supervisory traffic. |
|
|
Term
|
Definition
| Black Holing, Validating the Handshake, Rate Limiting |
|
|
