Security Plus Comp-Tia

Exploiting a bug in software to gain elevated privileges.
For example Buffer overflow exploit of a web browser might allow a virus, rootkit or trojan to run with system privileges rather than logged on user.

code designed to infect computer files or disks. Could also delete or change system settings or files

type of virus that spreads through memory and network connections rather than infecting files

Malware that is disguised as another program to trick the user into installing it

software that monitors the users activities. Installed without user consent. Key logging

junk messages sent over email

software that monitors users internet activity and displays correspondingly targeted ads or collects data for marketing purposes

typically a trojan that modifies system files often at the kernel level to conceal its presense

a network of computers that have been compromised by a trojan/rootkit/worm malware.. Can be used for identity theft or spam amoung other things

malicious code that is set to run under particular circumstances or in responce to a defined event.

Boot order allows hacker to insert any type of malicious code on to the network

Theft of the device, data theft, unauthorized software or services

Triangulation, privacy, theft, sim card cloning

The carrier can use the cell system to triangulate the location of a phone within a few meters

It is possible to intercept digital mobile communications using a digital trunking scanner

Boot order allows hacker to insert any type of malicious code on to the network

Theft of the device, data theft, unauthorized software or services

Triangulation, privacy, theft, sim card cloning

The carrier can use the cell system to triangulate the location of a phone within a few meters

It is possible to intercept digital mobile communications using a digital trunking scanner

capacity and ease of portability, allow data theft
theft, delivering infected files via the removeable storage

Exploit attack of the NAS OS gaining access to the data. Also istallation of rogue NAS devices

update designed for and released to particular customer. May be included in later service packs

A collection of software updates, hotfixes and in some cases new features and enhancements

Minor updates to programs that are distributed with only the changes and not the whole program

identifiing, testing, and deploying application and OS updates

on windows domain per user and per computer settings can be deployed via group policy objects, attached to active directory containers such as domains and organization units. Group policy can be used to configure security settings such as password policies, account restictions, firewall status.

settings for service and policy configuration for a server operating in a certain role (web server, mail server, file/print server)

Security configuration and analysis tool

settings for services and policy for a server operating in a particular role (web server, mail server...)

educate users , browser settings Vendors can sign using certificates

should only be enabled on sites that have been confirmed as safe for scripting. Browser settings

Educate users, updates and patches

input should be tested to ensure that it is the sort of data expected by the program

educate users, browser settings

email Server should be configured to send mail that originates from its own domain

Intrusion detection software

Host intrusion detection system

firewall implemented as application software running on the host

Software capable of detecting and removing virus infections

techniques tp prevent a user from being overwhelmed with spam

Triple Digital encryption standard

Access Control list

Advanced encription standard 256bit

Authentication Header

Annulized Loss Expectancy

Annualized RAte of occurance

Address Resolution Protocol

Acceptable Use Policy

Basic input/output system

Network robots

Certificate Authority

Controller Area Network

Closed circuit TV

Challenge Handshake Authentication protocol

Cirtification Revocation list

Discretionary Access Control

Distrubuted Denial of Service

Digital encryption Standard

Dynamic Host Configuration Protocol

Dynamic Link Library

Demiliterized zone
The idea is that traffic can not pass through it. If communication is required between hosts on either side of the DMZ a host within the DMZ acts as a proxy. It takes requests checks it, if it is valid it retransmits it to the destination

Domain Name Service

Denial of service

Extensible autentication Protocol

Eliptic curve cryptography

File transfer protocol

Generic Routing Encapsulation

Host Intrusion Detection System

Host intrusion Prevention system

Hypertext transfer protocol

Heating Ventilation Air Conditioning

Internet control message protocol

Identification

Instant messaging

Internet message access protocol version 4

Internet protocol

Intenet Protocol Security

Internet relay chat

Internet Service Provider

Key distribution Center

Layer two Tunneliing protocol

Local area network manager

Lightweight directory Access protocol

Mandatory access control / Media access control

Message authentication code

Metropolitan Area Network

Message digest 5

Microsoft challenge Handshake Authentication protocol

Maximum transmission Unit

Network access control
Means of ensuring endpoint security. Making sure that all devices conform to a health policy (patch level, antivirus, firewall protection)

Network Based Intrusion detection system
Software designed to monitor network traffic

Network based network intrusion prevention system
Can automatically take preventative action

Network operating System

New Technology File sytem

New Technology LANMAN

Network Time Protocol

Operating system

Open Vulnerability Assesment Lanaguage

Password authentication Protocol

Port address translation

Private branch exchange

Pretty Good Privacy

Personally Identifiable Information

Public Key Infrastructure

Point to Point Protocol

Point to Point Tunneling Protocol

Rapid appication Developement

Remoted Authentication Dial in User Server

Redundant Array of Inexpensive Disk

Remoter Access Server

Role Based Access Control

Rule Based Access control

Rivest, Shamir, & Adleman

Secure/ Multipurpose internet mail extionsions

Secure Hashing Alogorithm

Secure Hypertext transfer protocol

Service Level Agreement

Single Loss expectancy

Simple mail transfer protocol

Simple Network Mangement Protocol

Spam over internet messaging

Secure shell

Secure Sockets layer

Single Sign on

Shielded twisted pair

Terminal access controller access control system

Transmission Control Protocol / Internet protocol

Temporal KEy Integrity Protocol

Transport layer security

Trusted platform module

Uninteruptable Power supply

Unisversal Resource locator

universal serial bus

Unshielded twisted pair

Virtual Local Area Network
Virtual lan created by switching technology. Provides traffic management and protection against sniffing

Voice over Internet Protocol

Virtual Private network

Wireless equivalent Privacy

WI-FI Protected Access

MAny protocols used for network transport and services were designed without reguard for security. These need to be deployed with extra safeguards. Either using another protocol for security (ipsec or ssl) or by filtering traffic using a firewall

A type of spoofing where the attacker disconnects the host and replaces it with his or her own spoofing the original hosts ip address.

Windows NT and 2000 allowed access to the IPC$ share by default This allows an attacker to gain valuable information about the host (Fingerprinting)

Attacked disguises thier identity. Examples include IP spoofing, phishing

Attacker intercepts communication between two hosts

Attacked intercepts some sort of authentication data and reuses it to try to restablish a session

Denial of Service
A network attack that aims to disrupt a service by overloading it

register a domain
delete the domain within 5 days
reregister the domain

Manipulates DNS host records

Address resolution protocol maps mac addresses to ip addresses. ARP Poisening injects false IP/Mac lookup in to the ARP cache

ensure physical security of the infrastructure (Cabeling, servers, switches)

IP network can be divided into a number os subnets. Communication between any two subnets must be challenged by a router

refers to carrying voice traffic over data network.

a range of devices and software products designed to restrict access from one network zone to another, to defined IP addresses or TCP/UDP application ports

Mediates communication between a client and another server.Can fillter and often modify communications as well as providing caching services

A computer set up to entice attackers with the purpose of discovering attack strategies and weakneses in security configurations

A software application or gateway that filters internet content requests. Can work on the basis of keywords, urls, time of day total browsing time

Software that intercepts network traffic (packet sniffer) and displays the captured packets for analysis. AAlowing inspection of the packet headers and payload. Unless it is encrypted.

A connector used on old ethernet networks for joining a host to a thicknet cable via a drop cable

Unless shielded, all electrical cable leaks. Data emanation is more of a concern for wireless media. It is imparative that wireless communications use a strong encryption syste

Using a notebook with suitable software to detect unsecured or poorly secured wireless LANS

Identifies a particular wireless LAN. Broadcasting the sSSID makes the network publicly visible. Disabling the SSID broadcast is no substitute for enforcing authentication and encryption

Hijacking a bluetooth device using some software exploit.

Sending someone an unsolicited message or picture using a bluetooth connection

Device attached to the network without permission. There are various scanning and monitoring software available to detect rogue devices

if a cryptographic function has faults such as known weak keys or insufficient bit strength. An attack can be formulated to exploit this. Fake a digital signature, decrypt a document, or intercept wireless communications.

unless something has specifically been granted access it should be denied access

something should be granted the minimun necessary privileges or information to perform its role

duties that require no one person be able to perform the entire task

prevents any one person from performing the same role or task for too long

Can be used to configure security settings such as password policy , account restrictions, firewall status

addresses issues like weak passwords, reusing passwords, writing passwords down, not changing password regularly

A single sign on system such as Kerberos issues users a software token to present as confirmation that they have been previously authenticated

one proof of identity
password
voice submission
finger print scan
token
smart card
certificate

Two credentials
smart card and pin
finger print scan and password

Three credentials
Smart card, Pin, Password

System such as Kerberos centralizes user authentication in one module then negotiates with applications on behalf of the user to obtain service tickets

Authentication based on a record (template) of some information about their physical attributes such as fingerprints, or iris pattern obtained via a biiometric reader

When a user authenticates with a remote server. Important to keep the communications private through the use of encryption.

Single sign on authentication scheme where clients authenticate once to a key distribution center and are granted service tickets to use particular applications without having to log on to each application seperately

Typically a cliemt authenticates to a server. In many circumstances it may be necessary for the server to authenticate to the client also (to prevent man in the middle attacks)

Remote authentication framework with particular emphasis on wireless access. Defines how devices should provide support for Extensible Authentication Protocol (EAP) EAP allows authentication by a number of methods including smart cards and certificates

Terminal Access controller access control system an alternative to RADIUS developed by CISCO