Security+ Domain 1.0
Terms
undefined, object
copy deck
- AAA
- Access Control, Authentication, and Auditing
- CIA
- Confidentiality, Integrity, and Availability
- RADIUS
- Remote Authentication Dial-In User Service
- TACACS/TACACS+
- Terminal Access Controller Access Control System (Cisco)
- Confidentiality
- Contents or data are not revealed.
- Integrity
- Contents or data are intact and have not been modified.
- Availability
- Contents or data are accessible if allowed.
- Access Control
- Policy, software component, or hardware component that is used to grant or deny access to a resource (smart card, biometrics, network access hardware like routers and remote access points - RAS - and VPNs.
- Authentication
- Process used to prove the identity of someone or something that wants access (password).
- Non-repudiation
- Method used (time stamps, particular protocols, or authentication methods) to ensure that the presenter of the authentication request cannot later deny they were the originator of the request.
- Auditing
- Methods for tracking and logging activities on networks and systems, and links these activities to specific-user accounts or sources of activity.
- MAC
- Mandatory Access Control - hard-coded and set on each object or resource individually. MAC is non-discretionary, multilevel, label-based, and universally applied.
- DAC
- Discretionary Access Control - Setting of access permissions on an object that a user or application has created or has control of - permissions on files, folders and shared resources. DAC requires less coding and administration of individual files and resources. DAC is discretionary, controllable and transferable.
- RBAC
- Role-based Access Control - Ability to centralize the function of setting the access levels for various resources within a system. RBAC allow for a more granular and defined access level without the generality of groups. RBAC is job-based, highly configurable, more flexible than MAC, more precise than groups.
- 2 different definitions of RBAC
- Role-Based Access Control and Rule-Based Access Control, which consists of creating access lists for devices, and configuring the rules for access to them.
- Brute-Force Attack
- When someone generates every possible combination of characters and runs each version through the same algorithm used to encrypt the originals password until a match is made and the password is cracked.
- MD5
- Message Digest 5
- Packet-sniffing
- Analysis of network traffic and packets being tranmitted to and from the equipment. Software can intercept, track and analyze packets being sent over the network.
- FQDN
- Fully Qualified Domain Name
- Kerberos
- Network protocol designed to centralize the authentication information for the user or service requesting the resource. Allows authentication by the host of the resource being accessed through the use of secure and encrypted keys and tickets (authentication tokens) - cross platform. THe overall structure is called a realm.
- KDC
- Key Distribution Center - used in Kerberos.
- TGT
- Ticket Granting Ticket - used in Kerberos.
- Replay
- Capture of information, modification of captured information, and retransmission of the modified information to the entity waiting to receive the communication.
- Spoofing
- Providing false information about your identity in order to gain unauthorized access to systems.
- Initial Time Stamp (Kerberos)
- Communication between the requesting authentication and the KDC is limited to 5 minutes.
- CHAP
- Challenge Handshake Authentication Protocol - remote access protocol used in conjuction with PPP to provide security and authentication to users of remote services. CHAP doesn't operate with encrypted password databases, so not a strong level of protection.
- PPP
- Point-To-Point Protocol - used in remote access, replaces SLIP (Serial Inline Internet Protocol).
- PAP
- Password Authenticaion Protocol - not as good as CHAP since PAP sends passwords across the network in cleartext.
- Certificates
- Systems that create, distribute, store and validate digitally created signature and identity verification information about machines, individuals and services.
- PKI
- Public Key Infrastructure - plan or methods for exchange of authentication information and protection of that information.
- CA
- Certification Authority or Certificate Authority - may be commercially available service point (Verisign) or created within an enterprise to manage and create certificates that are used only within an organization or with trusted partners.
- Low-level Security Password
- User-created password less than 6 characters.
- Medium-leve Security Password
- Passwords between 8 and 13 characters.
- High-level Security Password
- Passwords requiring 14 or more characters.
- Ideal Password Example
- Passwords that are about 8-characters in length and are changed periodically.
- Token Technology
- Physical devices used for randomization of a code that can be used to assure the identity of the individual or service which has control of them. It's more secure than biometrics. Tokens are either hardware- or software-based.
- One-Time Password Technology
- Uses a pre-generated list of secured password combinations that may be used for authentication with a one-time use of each.
- Something You KNOW
- Password or PIN
- Something you HAVE
- Token or Smart Card
- Something you ARE
- Thumbprint, retina, hand or other biometrically identifiable item.
- Something you DO
- Voice or handwriting analysis.
- Multi-factor Authentication
- Uses another item for authentication in addition to or in place of the traditional password. 4 types of factors are: something you know, have, are and do.
- Mutual Authentication
- Process where both the requestor and the target entity must fully identify themselves before communication or access is allowed.
- Segmenation of Duties
- Requires the collusion of at least two people to perform any unauthorize activities. 1) no access to sensitive combination of capabilites; 2) prohibit conversion and concealment; 3) same person can't originate and approve transactions.
- Logging
- Transaction log detailing the activities that occurred within the database - can be used to rebuild the database or to create a duplicate database at another location.
- System Scanning
- Use of appropriate technologies to detect and repair potential areas of vulnerability within the system (password policies, ability to access networks from an outside or foreign network, analysis of know security vulnerabilities in NOS or hardware, test a system's response to various scenarios that could lead to DoS or system crash.)
- SATAN
- System Administrator Tool for Analyzing Networks - UNIX-based tool that allows penetration testing, probing, and analysis.
- Nessus
- Tool set that utilizes a server component and a client component, with a expanded capabilities and greater funcationality than SATAN. It has the ability to probe and launch DoS attacks and is very useful in detecting vulnerabilities.
- Non-Essential Services
- Include network services (DNS or DHCP, Telnet, Web or FTP services). Also, systems without shared resources need not run file and print services.
- 4 categories of attacks
- General target of attack (application, network or mixed), active or passive, how the attack works (password cracking, exploiting code), and mixed threat applications.
- Active attacks
- Attacker is actively attempting to cause harm to a network or system; attempting to breach or shut down a service.
- Passive attacks
- Vulnerability scannning, sniffing and eavesdropping.
- Password attacks
- Password guessing, brute force, and dictionary-based attacks.
- Code and Cryptographic attacks
- Backdoors, viruses, Trojans, worms, aoftware exploitation, and weak keys and mathematical attacks.
- DoS/DDoS
- Aimed squarely at ensuring that the service a computing infrastructure usually delivers is negatively affected in some way; reduces the quality of service. DoS attacks can also be effectively launched against a router.
- Fork bomb
- Locally based Dos attack, which repeatedly spawns processes to consume system resources.
- 2 types of DoS attacks
- Resource comsumption attacks, such as SYN flood attacks and amplification attacks; and Malformed packet attacks
- Flooding
- Large number of packets directed at one victim - example of resource consumption attack.
- Amplification attacks
- Consuming bandwidth to enlist the aid of loosely configured networks, causing them to send traffic directed at the victim - victim's network can be flooded.
- DDoS
- Distributed Denial of Service - consists of 2 phases - 1st phase, computers scattered across the internet are compromised with special software; 2nd phase, compromised hosts (zombies) are then instructed through intermediaries (masters) to start the attack.
- Client in DDos Attack
- Control software used by the hacker to launch attacks.
- Daemon in DDoS Attacks
- Software programs running on a zombie that receive incoming client command strings and act on them accordingly.
- Master in DDoS Attack
- Computer that runs the client software.
- Zombie in DDoS Attack
- A subordinate host that runs the daemon process.
- Target in DDoS Attack
- The recipient of the attack.
- Rootkits
- Tools used to ensure that the tasks are successful in a DDos attack.
- Daemon (general definition)
- Any program that runs on a continuous basis and handles requests for service that come in from other computers (example: print daemon).
- DDoS Attack for Hosts
- Attacker to Master to Zombie to Target
- DDoS Attack for Software
- Attacker to Client to Daemon to Target
- Buffer Overflows
- Attack that writes too much data to a program's buffer.
- SYN Attack
- Exploits basic weakness in TCP/IP. Attacker sends only the SYN packet, leaving the victim waiting for a reply. When the attacker sends thousands of SYN packets to the victim, it forces them to wait for replies that never come, consuming resources.
- Blind Spoofing
- Attacker only sends and has to make assumptions or guesses about replies.
- Informed Attacks (Spoofing)
- Attacker can monitor, and therefore participate in, bidirectional communications.
- Safeguarding against Spoofing
- Use firewalls; dont' rely on security through obscurity; and use various cryptograpic algorithms to provide different levels of authentication; disable source routing (firewall or router): tells packet to take the same path back that it took while going forward.
- MITM Attacks
- Man In The Middle Attacks - malicious individual places himself between Host A and Host B, he can then monitor the packets moving between the 2 hosts. Easy to perform on Telnet sessions.
- Replay Attacks
- Malicious person must first capture an amount of sensitive traffic, then simply replay it back to the host in an attempt to replicate the transaction.
- Defense again MITM and Replay attacks
- More random TCP sequence numbers and encryption like SSH or IPSec.
- TCP/IP Hijacking
- Malicious person has the abilitliy to intercept a legitimate user's data, then insert himself into that session - works especially well on Telnet and FTP sessions.
- Defense against TCP/IP Hijacking
- Encrypted sessions; unique and pseudo-random session IDs and cookies should be used along with SSL encryption.
- Wardialing
- Dialing large blocks of telephone numbers searching for a computer with which to connect. Common method used to discover unauthorized modems.
- Dumpster Diving
- Process of physically digging through a victim's trash in an attempt to gain information. Defense: paper shredder.
- Social Engineering
- Concept is nother more than creative lying, but often lying is backed up by materials found in dumpster diving. Attacker seems more authentic and can allow him to pose as someone he's not.
- Vulnerabililty scanning
- Probing a host in order to find an exploitable sevice or process
- Sniffing
- Eavesdropping on a network.
- Sniffer
- Tools that enables a machine to see all packets that are passing over the wire.
- Brute Force Attacks
- Trying as many passwords combinations as possible until hitting the right one.
- Password hashing
- Passwords are never stored on a server in cleartext form - rather they're stored in hashed format. Passwords pass through one-way hashing function (MD5) and the output is recorded. Once the password has been hashed, it can't be restored.
- Dictionary-based Attacks
- Long lists of words of a particular language (dictionary files) are searched to find a match to the encrypted password.
- Malicous Code Attacks
- Code attacks are carefully crafted programs written by attackers and designed to do damage: trojan horse, viruses, malware.
- Malware
- Malicious software: 2 common types are viruses and trojan horses.
- Viruses
- Self-replicating computer program that interferes with a computer's hardware or OS or application software. Types: parasitic, bootstrap, multi-partite, companion, link and data file.
- Parasitic Virus
- Infect executable files or programs.
- Bootstrap sector Virus
- Live on the first portion of the disk (boot sector) - commonly spread via the physical exchange of floppy disks.
- Multi-partite Virus
- Combine the functionality of the parasitic virus and the bootstrap virus.
- Companion Virus
- Creates a new program with the same name as an already existing legitimate program and tricks the OS into running it.
- Link Virus
- Modifies the way the OS finds a program, then tricking it into first running the virus and then the desired program.
- Data File Virus
- Can open, manipulate and close data files (written in macro languages and automatically execute when the legitimate program is opened.
- Trojan Horses
- Most elementary form of malicious code - program in which malicious code is contained inside what appears to be harmless data or programming.
- Logic Bomb
- Type of malware that can be compared to a time bomb - designed to do their damage after a certain condition is met (passing of a certain date or time, deletion of a user's account, etc).
- Worms
- Self-replicating program that does not alter files but resides in active memory and duplicates itself by means of computer networks.
- Backdoor
- Trojans, rootkits and even legitimate programs can be used as a back door to gain access to a computer.