Term
|
Definition
| permit everything that is not explicitly denied |
|
|
Term
|
Definition
| everything is denied unless explicitly permitted |
|
|
Term
| restrictive security model |
|
Definition
| combination of specific permissions and restrictions |
|
|
Term
|
Definition
| An individual that manipulates the phone network in order to cause it to perform a function that is normally not allowed such as to make free long distance calls |
|
|
Term
|
Definition
- Individual that sends large quantities of unsolicited email messages.
- Often use viruses to take control of home computers to send out their bulk messages.
|
|
|
Term
|
Definition
| Individual uses email or other means in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords |
|
|
Term
|
Definition
| first virus...written by David Smith and resulted in memory overflows in Internet mail servers |
|
|
Term
|
Definition
| attacks in which one device attempts to pose as another by falsifying data |
|
|
Term
|
Definition
| main network security organizations |
|
|
Term
| Computer Emergency Response Team |
|
Definition
|
|
Term
| SysAdmin Audit Network Security institute |
|
Definition
|
|
Term
| International Information Systems Security Certification Consortium |
|
Definition
|
|
Term
|
Definition
| Established in 1989 as a cooperative research and education organization. Their focus is information security training and certification. They develop documents about various aspects of information security. |
|
|
Term
|
Definition
| responds to major security incidents and analyzes product vulnerabilities |
|
|
Term
|
Definition
| Their mission is to make the cyber world a safer place by elevating information security to the public domain, and supporting and developing network security professionals around the world. |
|
|
Term
|
Definition
| provide an organized framework to facilitate learning about network security |
|
|
Term
|
Definition
| malicious software which attaches to another program to execute a specific unwanted function on a computer |
|
|
Term
|
Definition
self-contained programs that attack a system to exploit a known vulnerability
executes arbitrary code and installs copies of itself in the memory of the infected computer, which then infects other hosts |
|
|
Term
|
Definition
| an application written to look like something else. When it is downloaded and opened, it attacks the end user computer from within |
|
|
Term
|
Definition
used to aid in network design, convey security principles, and facilitate network deployments.
It outlines rules for network access, determines how policies are enforced, and describes the basic architecture of the organization's network security environment.
It is meant to govern items such as data access, web browsing, password usage, encryption, and email attachments. |
|
|
Term
|
Definition
| A worm installs itself using an exploit mechanism (email attachment, executable file, Trojan Horse) on a vulnerable system. |
|
|
Term
|
Definition
| After gaining access to a device, the worm replicates itself and locates new targets |
|
|
Term
|
Definition
| Any malicious code that results in some action. Most often this is used to create a backdoor to the infected host |
|
|
Term
| Five Phases of a Virus/Worm Attack |
|
Definition
- probe
- penetrate
- persist
- propagate
- paralyze
|
|
|
Term
|
Definition
| Vulnerable targets are identified |
|
|
Term
|
Definition
| Exploit code is transferred to the vulnerable target. The goal is to get the target to execute the exploit code through an attack vector |
|
|
Term
|
Definition
| After the attack is successfully launched in the memory, the code tries to stay on the target system |
|
|
Term
|
Definition
| The attacker attempts to extend the attack to other targets by looking for vulnerable neighboring machines |
|
|
Term
|
Definition
| Actual damage is done to the system. Files can be erased, systems can crash, information can be stolen, and distributed DoS (DDoS) attacks can be launched |
|
|
Term
|
Definition
- enabling vulnerability
- propagation mechanism
- payload
|
|
|
Term
|
Definition
| a buffer overflow intended to attain root privileges to a system |
|
|
Term
| remote root buffer oveflow |
|
Definition
| similar to local root buffer overflows, except that local end user or system intervention is not required |
|
|
Term
|
Definition
involves limiting the spread of a worm infection to areas of the network that are already affected
requires using both outgoing and incoming ACLs on routers and firewalls at control points within the network |
|
|
Term
|
Definition
it further deprives the worm of any available targets
all uninfected systems are patched with the appropriate vendor patch for the vulnerability |
|
|
Term
|
Definition
| involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing them |
|
|
Term
|
Definition
| actively infected systems are disinfected of the worm |
|
|
Term
|
Definition
involve the unauthorized discovery and mapping of systems, services, or vulnerabilities.
These attacks often employ the use of packet sniffers and port scanners |
|
|
Term
|
Definition
exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
often employs a dictionary attack to guess system passwords |
|
|
Term
|
Definition
| attacks send extremely large numbers of requests over a network or the Internet. These excessive requests cause the target device to run sub-optimally |
|
|
Term
|
Definition
| similar in intent to a DoS attack, except that it originates from multiple coordinated sources |
|
|
Term
| Reconnaissance Attack Countermeasures |
|
Definition
- Implement authentication to ensure proper access.
- Use encryption to render packet sniffer attacks useless.
- Use anti-sniffer tools to detect packet sniffer attacks.
- Implement a switched infrastructure.
- Use a firewall and IPS.
|
|
|
Term
| Access Attack Mitigation Techniques |
|
Definition
- Strong password security
- Principle of minimum trust
- Encryption
- Applying operating system and application patches
|
|
|
Term
| DoS Attack Mitigation Techniques |
|
Definition
- IPS and firewalls (Cisco ASAs and ISRs)
- Antispoofing technologies
- Quality of Service – traffic policing
|
|
|
Term
| 10 Best Practices of attack mitigation |
|
Definition
1. Keep patches up-to-date
2. Shut down unnecessary services and ports.
3. Use strong passwords
4. Control physical access to systems.
5. Avoid unnecessary web page inputs.
6. Perform backups and test the backed up files
7. Educate employees
8. Encrypt and password protect sensitive data.
9. Implement security hardware and software
10. Develop a written security policy for the company.
|
|
|
Term
| Cisco Network Foundation Protection (NFP) |
|
Definition
- Control Plane
- Management Plane
- Data Plane
|
|
|
Term
|
Definition
Responsible for routing data correctly. Traffic consists of device-generated packets required for the operation of the network itself such as ARP message exchanges or OSPF routing advertisements.
|
|
|
Term
|
Definition
Responsible for managing network elements.
Traffic is generated either by network devices or network management stations using processes and protocols such as Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP, syslog, TACACS+, RADIUS, and NetFlow |
|
|
Term
| Data plane (Forwarding Plane) |
|
Definition
| Responsible for forwarding data. Traffic normally consists of user-generated packets being forwarded between endstations |
|
|
Term
|
Definition
- ACLs
- Antispoofing
- Layer 2 security including port security, DHCP snooping, dynamic ARP inspection (DAI)
|
|
|
Term
|
Definition
- Port security
- DHCP snooping
- Dynamic ARP Inspection (DAI)
- IP Source Guard
|
|
|
Term
| management plane attack mitigation |
|
Definition
- Enabling login and password policy
- Presenting legal notification
- Ensuring the confidentiality of data using SSH and HTTPS
- Enabling role-based access control
- Authorizing actions
- Enabling management access reporting
|
|
|
Term
|
Definition
- Cisco AutoSecure
- Routing protocol authentication
- Control Plane Policing (CoPP)
|
|
|
Term
| containment, inoculation, quarantine, treatment |
|
Definition
| The four phase process to mitigate an active worm attacks |
|
|
Term
|
Definition
a basic network scanning technique that determines which range of IP addresses map to live hosts.
Consists of ICMP echo requests sent to multiple hosts |
|
|
Term
- Packet sniffers
- Ping sweeps
- Port scans
- Internet information queries
|
|
Definition
| Tools used in reconnaisance attackes to gain access to a network |
|
|
Term
|
Definition
| a hacker sends an echo request in an IP packet larger than the maximum packet size of 65,535 bytes. Sending a ping of this size can crash the target computer |
|
|
Term
|
Definition
a perpetrator sends a large number of ICMP requests to directed broadcast addresses, all with spoofed source addresses on the same network as the respective directed broadcast.
If the routing device delivering traffic to those broadcast addresses forwards the directed broadcasts, all hosts on the destination networks send ICMP replies, multiplying the traffic by the number of hosts on the networks |
|
|
Term
|
Definition
TCP SYN packets are sent, often with a forged sender address. Each packet is handled like a connection request, causing the server to spawn a half-open connection by sending back a TCP SYN-ACK packet and waiting for a packet in response.
These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends |
|
|
