Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
68 Cards in this Set
- Front
- Back
1. Target Acquisition
2. Target Analysis 3. Target Access 4. Target Appropriation |
Target Acquisition
|
|
discovery, compliance, & vulnerabilty
|
network scanners
|
|
LAN with a central cable to which all nodes connect
Advantage-Scalable, Permits node failure Disadvantage-Bus failure |
Bus Toplogy
|
|
even small networks are complex, layout affect scalibility and security,
|
Network Topology
|
|
devices connect to a branch on the network; Advantage Scalable, permits node failure, Disadvantage failures split the network
|
Tree Topology
|
|
closed-loop topology; advantages-deterministic; disadvantage-single point of failure
|
Ring Topology
|
|
every node in the network is connected to every other node in the network;Advantage-redundacy;Disadvatage-expensive, complex, scalabilty
|
Mesh Topology
|
|
All nodes connect to a central device; advantage-permits node.cable failure; Disadvantage-single point of failure
|
Star Topoloy
|
|
three component- light source, optical fiber cable, two types, light detector
|
Fiber Optics
|
|
DSSS,FHSS,OFDM
|
Wireless multiplexing technologies
|
|
The connection between a wireless and wired network.
|
Access point
|
|
A layer 2 device that used to connect two network segments and regulate traffic.
|
Bridge
|
|
A device that provides the functions of both a bridge and a router.
|
Brouter
|
|
A cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor
|
Coaxial cable
|
|
Used to code/decode a digital data stream.
|
Codec
|
|
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a hub).
|
Concentrator
|
|
An asymmetric cryptography mechanism that provides authentication.
|
Digital signature
|
|
A passive network attack involving monitoring of traffic.
|
Eavesdropping
|
|
Forgery of the sender’s email address in an email header
|
E-Mail spoofing
|
|
Potentially compromising leakage of electrical or acoustical signals.
|
Emanations
|
|
Disruption of operation of an electronic device due to a competing electromagnetic field.
|
EMI
|
|
A shield against leakage of electromagnetic signals.
|
Faraday Cage/ Shield
|
|
Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is
difficult. |
Fiber optics
|
|
A system that enforces an access control policy between two networks.
|
Firewalls
|
|
A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. (See Smurf)
|
Fraggle
|
|
A secure connection to another network.
|
Gateway
|
|
Interception of a communication session by an attacker.
|
Hijacking
|
|
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).
|
Hub
|
|
An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
|
Injection
|
|
Unauthorized access of information (e.g. tapping, sniffing, unsecured wireless communication, emanations)
|
Interception
|
|
Forging of an IP address.
|
IP address spoofing
|
|
An attack that breaks up malicious code into fragments, in an attempt to elude detection.
|
IP Fragmentation
|
|
High frequency, highly directional radio signals. Attackers target interception attempts at transmission and relay stations.
|
Microwave
|
|
A device that converts between digital and analog representation of data.
|
Modems
|
|
A type of attack involving attempted insertion, deletion or altering of data.
|
Modification
|
|
A device that sequentially switches multiple analog inputs to the output.
|
Multiplexers
|
|
A mail server that improperly allows inbound SMTP connections for domains it does not serve.
|
Open mail relay servers
|
|
A Denial of Service attack that exploits packet filter firewalls that only inspect the initial fragment of a
fragmented packet. |
Overlapping fragment attack
|
|
A basic level of network access control that is based upon information contained in the IP packet header.
|
.
Packet filtering |
|
Provides a physical cross connect point for devices.
|
Patch panels
|
|
A Private Branch Exchange is telephone exchange for a specific office or business.
|
PBX
|
|
A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
|
Phishing
|
|
Unauthorized access of network devices.
|
Physical tampering
|
|
Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
|
Proxies
|
|
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).
|
Repeaters
|
|
Radio Frequency Interference is a disturbance that degrades performance of electronic devices and electronic communications.
|
RFI
|
|
Unauthorized wireless network access device
|
Rogue access points
|
|
A layer 3 device that used to connect two or more network segments and regulate traffic.
|
Routers
|
|
A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
|
Satellite
|
|
An attack involving the hijacking of a TCP session by predicting a sequence number.
|
Sequence Attacks
|
|
“Worldwide Interoperability for Microwave Access” (IEEE 802.16) is specification for wireless Metropolitan Area Networks that
provides an alternative to the use of cable and DSL for last mile delivery. |
WI-MAX
|
|
“Wireless fidelity” is a world-wide wireless technology
|
Wi-Fi
|
|
Searching for wireless networks in a moving car.
|
War Driving
|
|
Reconnaissance technique, involving automated, brute force identification of potentially vulnerable modems.
|
War dialing
|
|
Voice over Internet Protocol (VoIP) – a protocol for the efficient transmission of voice over the Internet
|
Voice over IP
|
|
A simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
|
Twisted pair
|
|
Potential danger to information or systems
|
Threats
|
|
A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic
equipment |
TEMPEST
|
|
A Denial of Service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments.
|
Teardrop
|
|
Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
|
Tar Pits
|
|
Eavesdropping on network communications by a third party.
|
Tapping
|
|
A Denial of Service attack that floods the target system with connection requests that are not finalized.
|
SYN flooding
|
|
A layer 2 device that used to connect two or more network segments and regulate traffic.
|
Switches
|
|
Unsolicited commercial email
|
Spam
|
|
A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal
network |
Source routing exploitation
|
|
Eavesdropping on network communications by a third party.
|
Sniffing
|
|
A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses.
|
Shielding
|
|
A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses.
|
Smurf
|