Shared Flashcard Set

Details

Security+ 4th ed. Chapter 03
Ciampa's Security+ Guide to Network Security Fundamentals
37
Other
Undergraduate 4
10/27/2011

Additional Other Flashcards

 


 

Cards

Term
Add-ons
Definition
Programs that provide additional functionality to Web browsers.
Term
Address Resolution Protocol (ARP)
Definition
Part of the TCP/IP protocol for determining the MAC address based on the IP address.
Term
ARP poisoning
Definition
An attack that corrupts the ARP cache.
Term
Attachments
Definition
Files that are coupled to e-mail messages.
Term
Buffer overflow
Definition
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Term
Client-side attack
Definition
An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data.
Term
Cookie
Definition
A file on a local computer in which a server stores user-specific information.
Term
Command injection
Definition
Injecting and executing commands to execute on a server.
Term
Cross-site scripting (XSS)
Definition
An attack that injects scripts into a Web application server to direct attacks at clients.
Term
Denial of service (DoS)
Definition
An attack that attempts to prevent a system from performing its normal functions.
Term
Directory traversal
Definition
An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.
Term
Distributed denial of service (DDoS)
Definition
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
Term
DNS poisoning
Definition
An attack that substitutes DNS addresses so that the computer is automatically redirected to another device.
Term
Domain Name System (DNS)
Definition
A hierarchical name system for matching computer names and numbers.
Term
First-party cookie
Definition
A cookie that is created from the Web site that currently is being viewed.
Term
Flash cookie
Definition
A cookie named after the Adobe Flash player. Also known as local shared objects (LSOs). Flash cookies cannot be deleted through the browser’s normal configuration settings as regular cookies can. Typically, they are saved in multiple locations on the hard drive and can be take up as much as 100,000 bytes of storage per cookie (about 25 times the size of a normal cookie). Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked.
Term
Host table
Definition
A list of the mappings of names to computer numbers.
Term
HTTP header
Definition
Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.
Term
Man-in-the-middle
Definition
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
Term
Persistent cookie (tracking cookie)
Definition
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.
Term
Ping
Definition
A utility that sends an ICMP echo request message to a host.
Term
Ping flood
Definition
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
Term
Privilege escalation
Definition
An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
Term
Replay
Definition
An attack that makes a copy of the transmission before sending it to the recipient.
Term
Secure cookie
Definition
A cookie that is only used when a browser is visiting a server using a secure connection.
Term
Session cookie
Definition
A cookie that is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting a Web site.
Term
Session hijacking
Definition
An attack in which an attacker attempts to impersonate the user by using his session token.
Term
Session token
Definition
A form of verification used when accessing a secure Web application.
Term
Smurf attack
Definition
An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.
Term
Spoofing
Definition
Impersonating another computer or device.
Term
SQL injection
Definition
An attack that targets SQL servers by injecting commands to be manipulated by the database.
Term
SYN flood attack
Definition
An attack that takes advantage of the procedures for initiating a TCP session.
Term
Third-party cookies
Definition
A cookie that was created by a third party that is different from the primary Web site.
Term
Transitive access
Definition
An attack involving using a third party to gain access rights.
Term
XML (Extensible Markup Language)
Definition
A markup language that is designed to carry data instead of indicating how to display it.
Term
XML injection
Definition
An attack that injects XLM tags and data into a database.
Term
Zero day attacks
Definition
Attacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks.
Supporting users have an ad free experience!