Shared Flashcard Set

Details

Network Security (Part 1) - CTN277
NetSec terminology (Ch 1-3)
88
Computer Networking
Undergraduate 2
01/23/2015

Additional Computer Networking Flashcards

 


 

Cards

Term
Silver Bullet
Definition
A specific and fail-safe solution that acts quickly to solve a serious IT security problem.
Term
Serial Server
Definition
A device that connects to a remote system through the internet to provide remote access to serial ports over TCP/IP so that administrators can access the remote system as if it were connected to the local network. These are commonly used by infrastructure control and traffic systems.
Term
Distributed Attack
Definition
Attacks that utilize many multiple computers against a single server or network. DDoS is an example of this.
Term
BYOD
Definition
This is the concept of allowing employees to bring their own personal devices to work and connect them to the company network. This often poses security risks for the network.
Term
Security
Definition
The goal to be free from danger and the process that achieves that freedom.
Term
Information Security
Definition
The task of securing information that is stored in a digital format.
Term
Confidentiality - Ensures that only authorized parties can view the information.
Integrity - Ensures that the information is correct and no unauthorized person or software has altered the data.
Availability - Ensures that data is accessible for the authorized users.
(Sometimes CIAS is used - the "S" stand for Safety referring to physical security)
Definition
The "CIA(S)" of Security
Term
Authentication - Ensures that the individual is who they claim to be.
Authorization - Provides permission for authenticated users to access specific technology resources.
Accounting - Provides tracking of events.
Definition
The "AAA" of Security
Term
Asset
Definition
An item that has value.
Term
Threat
Definition
A type of action that has the potential to cause harm.
Term
Threat Agent
Definition
An element that has the power to carry out a threat.
Term
Vulnerability
Definition
A flaw or weakness that allows a threat agent to bypass security.
Term
Threat Vector
Definition
The means by which an attack can occur.
Term
Threat Likelihood
Definition
The probability that a threat will cause an attack to occur.
Term
Risk
Definition
A situation that involves exposure to some type of danger.
Term
Risk Avoidance
Definition
Identifying a risk but making the decision of avoiding the cause of the potential risk.
Term
Risk Acceptance
Definition
Acknowledging a risk but taking no action to address the issue.
Term
Mitigation
Definition
Taking action in order to make a risk less serious.
Term
Deterrence
Definition
The action of understanding something about the attacker in order to threaten them.
Term
Risk Transference
Definition
Action taken to transfer a risk to a third party.
Term
Identity Theft
Definition
Crime that involves stealing another person's personal information and using it for the thief's own gain.
Term
HIPAA
Definition
Law that forbids the health information of an individual from being disclosed without the patient's permission.
Term
Sarbox
Definition
A legal attempt to fight corporate corruption. It forbids false financial reports.
Term
GLBA
Definition
Law that requires financial institutions to alert customers of their policies in disclosing customer information.
Term
PCI DSS
Definition
Set of security standards that all companies that process, store, or transmit credit card information must follow.
Term
Cyberterrorism
Definition
Any premeditated politically motivated attack against information, computer systems and programs, and other data which results in violence.
Term
Black Hat Hacker
Definition
Attackers who violate computer security for personal gain or to inflict malicious damage.
Term
White Hat Hacker
Definition
Ethical attackers who attempt to check a system for security vulnerabilities in order to provide that information to the owner of the system.
Term
Grey Hat Hacker
Definition
Attacker who attempts to break into a computer system without the organization's permission in order to disclose their vulnerability to the public.
Term
Cybercrime
Definition
Targeted attack for financial gain or the gain of information.
Term
Script Kiddies
Definition
Individuals who want to attack systems but lack the knowledge needed to do so, and so they rely on automated software such as exploit kits to do the attacks for them.
Term
Brokers
Definition
Individuals who sell their knowledge of vulnerabilities.
Term
Insider
Definition
Individual associated with a company who carries out an attack on that company.
Term
Hacktivist
Definition
Attackers who launch their attacks in order to make a political or ideological statement.
Term
Cyber Kill Chain
Definition
A process followed by an attacker who attempts to break into a system. The steps are: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives.
Term
Layered Security
Definition
Security tactic that involves implementing multiple defenses against attackers in order to protect against different types of attacks. This involves Limiting, Diversity, Obscurity, and Simplicity.
Term
Malware
Definition
A software that enters a computer system and performs an unwanted action without the users knowledge or consent.
Term
Oligomorphic Malware
Definition
Malware that changes its code to one of a number of possible predefined set mutations when it is executed.
Term
Polymorphic Malware
Definition
Malware that completely changes from its original form when it is executed.
Term
Metamorphic Malware
Definition
Malware that can rewrite its own code and appears different each time it is executed.
Term
Circulation - The trait of spreading rapidly in order to impact a large number of users.
Infection - The trait of malware embedding itself into some aspect of the system.
Concealment - The trait of avoiding detection by concealing the malware's presence from scanners.
Payload - The primary focus of the malware. Common payloads may be actions taken to steal information, delete data or otherwise harm the system, or reducing system security.
Definition
The four traits of malware?
Term
Virus
Definition
A malicious code that reproduces itself on a computer and causes harm.
Term
Program Virus
Definition
A virus that infects an executable file.
Term
Macro Virus
Definition
A virus that infects a common data file type such as DOCX.
Term
Worm
Definition
A malicious program that uses a network to replicate and spread onto multiple systems.
Term
Carrier
Definition
The means by which a virus is delivered onto a computer system.
Term
Trojan
Definition
An malicious executable program that is disguised as a benign program.
Term
Rootkit
Definition
Malicious software that alters or replaces system files, the operating system itself, or the boot sector, and takes actions in order to hide itself, in order to perform a harmful attack.
Term
Adware
Definition
Advertising content that is unwanted by the user and that can possibly contain malware.
Term
Ransomware
Definition
Prevents a user's device from properly operating until a certain demand is met (usually used for financial gain or the gain of information).
Term
Backdoor
Definition
Malware that gives access to a computer, program, or system service and circumvents normal security protection.
Term
Command and Control (C&C/C2)
Definition
Instructions from malware infections to zombie computers on a botnet.
Term
Social Engineering
Definition
Means of gathering information by exploiting human weaknesses. These methods include Authority, Intimidation, Consensus, Scarcity, Urgency, Familiarity, and Trust.
Term
Phishing
Definition
Sending an email or other online message that falsely claims to be a legitimate source in order to trick the user into sending private information.
Term
Pharming
Definition
Attack that is performed by redirecting a user to a fake website in order to convince them to enter private information.
Term
Whaling
Definition
Phishing attacks targeted toward specific wealthy or otherwise notable individuals.
Term
Vishing
Definition
Phishing attack carried out by calling the victim.
Term
Hoax
Definition
False warning used to reduce the user's security measures.
Term
Typo Squatting
Definition
Malicious attack carried out by convincing a user to go to a fake website whose URL is a misspelling of another popular website.
Term
Watering Hole Attack
Definition
Attack directed toward a small group of individuals who tend to go to the same specific website.
Term
Tailgating
Definition
Physically following an individual in order to gain access to private information or resources.
Term
Shoulder Surfing
Definition
Watching an individual view private information in order to steal that knowledge.
Term
Zero-day Attack
Definition
Attack that exploits previously unknown vulnerabilities and the user no time to defend. This type of attack is common in new software versions.
Term
Cross-Site Scripting (XSS)
Definition
A type of attack that injects its code via an exploit in the existing scripts of a web server, and directs the attack toward the web server's clients.
Term
SQL Injection
Definition
An attack that targets SQL servers by introducing malicious code into their databases.
Term
Directory Traversal
Definition
Taking advantage of a web server vulnerability to move from the root directory to restricted directories.
Term
Client-Side Attacks
Definition
Attacks that compromise servers and/or their clients by targeting vulnerabilities in web applications used by the client.
Term
First-party Cookie
Definition
Cookie that originates from the website that the user is currently viewing.
Term
Third-party Cookie
Definition
Cookie that originates from a website that has content such as advertising on the website that the user is currently viewing.
Term
Session Cookie
Definition
Cookie that is stored in RAM and only exists while the user is viewing the website.
Term
Persistent Cookie/Tracking Cookie
Definition
Cookie that remains on the hard drive of the user's computer after the browser is closed and is never automatically deleted.
Term
Flash Cookie/Locally Shared Object (LSO)
Definition
Cookie that comes from certain web applications such as Adobe Flash. These cookies contain different types of content besides text, and can store up to 100KB of data.
Term
Session Token
Definition
Random string assigned to the user's current session.
Term
Session Hijacking
Definition
Attack in which an attacker attempts to impersonate a user by using their session token.
Term
Buffer Overflow Attack
Definition
Attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer, causing the buffer to overflow to a new address pointing to the attacker's code.
Term
Integer Overflow Attack
Definition
Attack that occurs by changing the value of a variable to something outside a program's intended range.
Term
Arbitrary/Remote Code Execution Attack
Definition
Attack that, once the attacker's code has been injected into the victim's computer, allows the attacker to remotely control the computer.
Term
Distributed Denial of Service (DDoS) Attack
Definition
Attack that uses many computers to flood a system with requests in order to prevent authorized users from accessing that system.
Term
Ping Flood
Definition
Denial of service attack that uses ping (ICMP) to flood a server with requests in order to prevent users from accessing the server.
Term
Spoofing
Definition
The impersonation of another device.
Term
Smurf Attack
Definition
Attack in which an attacker poses as the victim's device and sends requests to many other devices on the network in order to crash the victim's device.
Term
SYN Flood Attack
Definition
Attack that takes advantage of the SYN/ACK process of a user's session. The attacker sends IP packets containing false source addresses to the server, causing the server to continue to listen for requests that do not exist. This exhausts the servers resources and impairs its ability to function properly.
Term
Man-in-the-Middle Attack
Definition
Attack in which the attacker intercepts communication between computers in a way that the computers cannot recognize the attacker's presence while the attacker is capturing information from their communication. The attacker does this either to steal the information (passive attack) or to modify the information before it is sent to the other party (active attack).
Term
Replay
Definition
Attack that involves the attacker making a copy of a communication containing certain confidential information such as a user's logon session. The copy is later used by an attacker to take advantage of that information.
Term
ARP Poisoning
Definition
Attack that modifies a MAC address in an ARP cache to point to a different computer.
Term
DNS Poisoning
Definition
Attack that modifies a DNS address on either the local host table or the external DNS server, so that the user will be redirected to a different website.
Term
Privilege Escalation
Definition
Exploiting a vulnerability in a software to gain access to resources that the user would normally be restricted from accessing.
Term
Transitive Access
Definition
An attack that exploits the trust relationship between three parties.
Supporting users have an ad free experience!