Security+ Lesson 4
Terms and defs from...guess...Security+ Lesson 4!!
Terms
undefined, object
copy deck
- Single Mode Fiber
- Carries a single optical signal
- Pretty Good Privacy (PGP)
- Sender encrypts the contents of the email message and then encrypts the key that was used to encrypt the contents
- Firmware
- Operating instructions and configurations stored in special rewritable computer chips
- Email Worms
- Nimda is an example
- Network Address Translation (NAT)
- Packets sent to the Internet from internal hosts appear to come from a single IP address
- Twisted pair Vulnerability
- Shielded type is most secure to EMI and RFI
- Simple Network Management Protocol (SNMP) v1
- Uses clear text to send community names
- HyperText Transfer Protocol (HTTP)
- Defines web messages are formatted and transmitted
- Finger Service
- Type of router in use can be determined through a request
- Coax Vulnerability
- Implemented in bus type networks, cable breaks or failing terminators can affect many hosts
- Data Buffers
- Overflow problems have been found in Sendmail, Microsoft Exchange Servers, and other email servers/protocols
- File Transfer Protocol (FTP)
- Anonymous connection password convention is entering your email address
- Zone Transfers
- Unauthorized transfers can reveal sensitive network information, including IP addresses and host names
- Demilitarized Zone (DMZ)
- External firewall enables public client access to service; internal firewall prevents public clients from connecting to protected internal hosts
- www.OpenSSH.org
- Site for the leading command line open source implementation SSH
- Radio Guide 9 (RG9)
- 75 ohm impedance, used for television and cable modems
- Internet Mail Access Protocol version 4 (IMAP4)
- Port: 143
- Password Privacy (NNTP Vulnerability)
- Weak authentication schemes can transmit in cleartext
- Category 5 Twisted pair
- Fast Ethernet
- Cache Corruptions
- May result in corruption to the DNS cache and can result in a DoS
- Cache Corruptions
- Microsoft DNS servers; vulnerable to malfored queries or accepting malicious data from a remote name or server
- Firewall
- Generally configured to stop suspicious or unsolicited incoming traffic
- Zone Transfers
- Data can be sniffed; If primary copy goes down, necessary configuration changes can be prevented
- Fiber-optic Cable
- Core is one or more glass or plastic strands surrounded by a silica cladding
- Digest (Web Server Authentication)
- Windows systems may require configure user passwords to be stored using reversible encryption to avoid security risk
- Firewall
- Blocking or stopping intermediary
- Category 2 Twisted pair
- Digital telephone and low speed networks
- Rogue Client Registrations
- Some DNS servers can accept dynamic registrations for administrator free IP additions
- Radio Guide 58/Universal (RG58/U)
- 50 ohms impedance, called "Thinnet"
- Domain Name System (DNS)
- Provides resolution of host names to IP addresses
- Anonymous Authentication (Web Server Authentication)
- Should be reserved for public website
- Basic Authentication (Web Server Authentication)
- Users prompted for user name and password which are matched with a local accounts database
- Router
- Limited CPU and limited memory
- Post Office Protocol version 3 (POP3)
- Can make it difficult to access the same email messages from different computer systems
- NetBIOS
- Best and easiest way to get rid of it is to turn it off
- Virtual LAN (VLAN)
- Uses a special switch or router which controls which groups of hosts receive network broadcasts
- Media Access Control (MAC) Address
- Used as the basis for determining which specific network adapter has the ability to transmit at any given time
- Intranet
- Popular method of corporate communication, internet skills can be used to obtain private company information
- Network Address Translation (NAT)
- Simple form of Internet security that conceals internal addressing schemes from the public Internet
- Radio Guide 62 (RG62)
- 5 mm coax cable with a solid core, used for ARCNET networking
- Firewall
- Software or hardware device that protects a system or network by blocking unwanted traffic
- Category 5 Twisted pair
- Maximum speed: 100Mbps
- Telnet Service
- Unencrypted by default making sessions easier to hijack
- Intranet
- Easier to protect than the Internet because it is privately controlled
- Web Server Authentication
- Control server and website access and protects web data
- Radio Guide 58/Universal (RG58/U)
- 5 mm coax cable with solid core
- 8.3 File Name
- "document.txt.exe" could be disguised to appear as "document.txt"
- Network Address Translation (NAT)
- Does not hide host information and may be vulnerable to IP Spoofing attacks
- Pretty Good Privacy (PGP)
- Uses public key cryptology to digitally sign emails to authenticate the sender and the contents
- Input Validation
- BIND server; Specially formatted and improperly validated input can be used to execute code with BIND user permissions
- Demilitarized Zone (DMZ)
- Enables external clients to access data on private systems, such as web servers, without compromising internal network security
- Address based Authentication (Web Server Authentication)
- Based on a host's IP address; vulnerable to IP spoofing and should be avoided
- Internet Control Message Protocol (IMCP)
- IP network service which reports on connections between two hosts
- Anonymous FTP (FTP Vulnerabilities)
- Passwords are generic, does not provide authentication or access control mechanisms that can prevent malicious activity
- Fiber optic Vulnerability
- Cable damage is most likely source of attack
- Berkeley Internet Name Domain (BIND)
- Unix based implementation of DNS
- Internet Mail Access Protocol version 4 (IMAP4)
- Protocol employed when a client uses a web browser to retrieve email from a web-enabled email server
- Twisted pair Vulnerability
- Improperly twisted pairs can cause crosstalk between wires, interfering with transmission
- Twisted-pair Cable
- Low cost, high bandwidth, and ease of installation
- Network News Transfer Protocol (NNTP)
- Port: 119
- Code Outside Web Root (Web Server Vulnerabilities)
- Common method involves accessing files at a URL with multiple ".." directories
- Simple Mail Transfer Protocol (SMTP)
- Primary protocol used to send email froma client to a server or between servers
- Hoaxes
- Examples of social engineering, can cause users to delete "dangerous" files that are actually critical system files
- Environment Variables
- Specially executed query exposes environment variables via the program stack on a BIND server
- Internet Control Message Protocol (IMCP)
- Redirected packets can be used to flood a router, causing a DoS or to reconfigure routing tables by using forged packets
- Graded Index Multimode Fiber
- Permits multiple optical signals, light is sent down each core layer
- Blind FTP (FTP Vulnerabilities)
- Permit anonymous access to one directory only; provides some protection to other server areas
- Collision Domain
- Group of hosts that must compete for access to the network media before transmission
- Data Privacy (NNTP Vulnerability)
- Compromised message repository could allow posted message data to be altered, corrupted, or stolen
- Radio Guide 8 (RG8)
- 50 ohms impedance, called "Thicknet"
- Unnecessary Network Protocols
- NetBEUI, NWLink, and AppleTalk
- Web Server Authentication
- Authentication and access control for Internet, extranet, and intranet servers and site
- Cabling General Vulnerability
- Pulling connectors from a patch panel or cutting wires causes disruption or DoS conditions
- Echo
- Port: 7
- Category 3 Twisted pair
- Maximum speed: 10Mbps
- Fiber optic Vulnerability
- Impervious to EMI and RFI
- Switch
- Has multiple network ports; combines multiple physical network segments into a single logical network
- DNS Hijacking
- DNS administrative access is gained; attacker modifies or deletes records, eliminates a company's internet presence
- File Sharing Exploitation (FTP Vulnerabilities)
- FTP servers can be hijacked to create warez servers
- Switch
- Controls network traffic on the logical network by creating dedicated connections containing only the two hosts involved in a transmission
- File Transfer Protocol (FTP)
- User can access a directory structure on a remote host, change directories, search and rename files and directories, and download or upload files
- Fiber-optic Cable
- Light pulses from a laser or high-intensity LED passes through the core to carry the signal
- Secure Copy Protocol (SCP)
- Nearly all SSH implementations include this
- Fiber-optic Cable
- Outer jacket is called armor
- Coaxial Cable (Coax)
- Becoming less common in networking due to its difficulty to work with
- Coaxial Cable (Coax)
- Copper cable featuring a central conductor surrounded by braided or foil shielding
- HyperText Transfer Protocol (HTTP)
- All web servers run on it, providing an attractive target for hackers
- Step Index Multimode Fiber
- Permits multiple optical signals, light is sent at angles to the fiber
- Network News Transfer Protocol (NNTP)
- Used to post and retrieve messages from USENET
- Virtual LAN (VLAN) Hopping
- Redirection of packets from one to another and capture them for their data
- Bounce Vulnerability (FTP Vulnerabilities)
- FTP, RFC 2577 permits connected clients to open connections with on any port on the FTP server
- File Transfer Protocol (FTP)
- Fast and efficient; very common method for storing and transferring large groups of files
- Radio Guide 8 (RG8)
- 10 mm coax cable with solid core
- Default Ports
- Type of device can be determined through manufacturer's
- Media Access Control (MAC) Address
- Unique physical address individually assigned to every network adapter board by the adapter's manufacturer
- Anonymous Access (NNTP Vulnerability)
- Servers permitting anonymous postings could be used for illegal activity
- Graded Index Multimode Fiber
- Core is typically 50 or more microns, longer transmission distance
- Switch
- Limited memory and Limited OS
- Category 1 Twisted pair
- Voice grade, not suitable for networking
- Category 4 Twisted pair
- Maximum speed: 16Mbps
- 8.3 File Name
- Some email programs have an inability to display long file names, allowing dangerous attachments to be disguised
- Router
- Can filter network traffic based on criteria
- Simple Network Management Protocol (SNMP) v1
- Use version 2 or higher; disable if not needed
- Secure Copy Protocol (SCP)
- Secure drop in replacement for the Remote Copy Protocol command
- Weak Authentication (Web Server Vulnerabilities)
- User name and passwords are sent in clear text; particularly vulnerable to sniffers
- Telnet Service
- Often used to administer network routers
- Coax Vulnerability
- Highly subject to radio frequency interference (RFI)
- Category 4 Twisted pair
- IBM token ring
- Enhanced Twisted pair
- Gigabit ethernet
- Step Index Multimode Fiber
- Core is typically 50 or more microns, less expensive
- EMI
- Electromagnetic Interference
- Category 2 Twisted pair
- Maximum speed: 4Mbps
- Cabling General Vulnerability
- Must be protected physically against unauthorized access and damage
- Simple Mail Transfer Protocol (SMTP)
- Port: 25
- Switch
- Can perform routing functions based on protocol address
- HyperText Markup Language (HTML)
- Used to create web content; Controls how web pages are formatted and displayed
- Secure Shell (SSH) Version 2
- Considered to be significantly more secure and is the current version
- DNS Spoofing
- DNS records are manipulated to send DNS clients to fraudulent websites
- Virtual LAN (VLAN)
- Point to point logical network that groups hosts together regardless of their physical location
- Clear Text Transmissions (FTP Vulnerabilities)
- By default, data transfers are not encrypted; data is open to sniffers and eavesdroppers
- Integrated Windows Authentication (Web Server Authentication)
- Uses Kerberos v5 with Active Directory or NT challenge/response
- Coax Vulnerability
- Easily tapped if physical access is gained
- Digest (Web Server Authentication)
- Highly secure and works through proxy servers and firewalls
- Twisted-pair Cable
- Shielded twisted-pair is more expensive than unshielded twisted-pair
- Network Address Translation (NAT)
- Can expose network to attack if accessed through open device ports (with no firewall)
- Intranet
- Private network that employs Internet style technologies
- Multipurpose Internet Mail Extensions (MIME)
- Originally created to allow users to share email attachments in a variety of file formats
- Domain Name System (DNS)
- Prime target for attackers because of its network functioning importance
- IP Filters
- Improperly configured can lead to unauthorized network entry through spoofed IP address or launch a DoS attack
- Routing Internet Protocol (RIP) v1
- Can provide opportunities for an attacker to connect to a device and manipulate the routing table
- Internet Control Message Protocol (IMCP)
- Often used for simple functions such as the "ping" command
- Coaxial Cable (Coax)
- Conductor and shield separated by insulator, wrapped in an insulating layer called a jacket
- Chargen
- Port: 19
- Pretty Good Privacy (PGP)
- Publicly available email security method that uses a variation of public key cryptography to encrypt emails
- Secure Multipurpose Internet Mail Extensions (S/MIME)
- Created to prevent attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cryptography
- Integrated Windows Authentication (Web Server Authentication)
- Option for Windows based web services; best for intranet use in a Microsoft network
- Single Mode Fiber
- Small core, allows a single beam to pass
- Fiber-optic Cable
- Very expensive and difficult to handle and install
- Secure Shell (SSH)
- Protocol for secure login and transfer of data; entire session is encrypted using a variety of encryption methods
- Radio Guide 9 (RG9)
- 10 mm coax cable with a stranded core
- Broadcast Domain
- Network equivalent of a mass mailing
- Virtual LAN (VLAN)
- Provides network security by enabling administrators to segment groups of hosts within the larger physical network
- Format String (Web Server Vulnerabilities)
- Invalid parameters passed to functions such as printf or sprintf in the C standard library
- Email Worms
- Email clients that use a particular version of Microsoft IE may be vulnerable to arbitrary code execution in emails
- Rogue client Registrations
- Unwanted clients can register with a zone, giving them unwanted access to your network
- Certificates (Web Server Authentication)
- Can be used in place of or as a supplement to user name and password for access
- Secure Shell (SSH)
- Replacement for the rsh application on Unix and Linux systems
- Fiber-optic Cable
- Cladding reflects light back into the core which increases signal travel distance
- Malicious Code
- Often disguised as an attachment; this can infect a user's machine, revealing sensitive information, filling the hard disk, or deleting files
- HyperText Transfer Protocol (HTTP)
- Defines how web servers and client web browsers respond to commands
- Switch
- Generally forward broadcasts to all ports on the switch
- Firewall Configuration (FTP Vulnerabilities)
- Configuration difficulties may cause administrators to open holes in the security perimeter
- "Glob" Vulnerability (FTP Vulnerabilities)
- Wildcard characters such as the asterisk (*) can allow large numbers of files to be copied or deleted in a single operation
- Zone Transfers
- All records stored in text files; one server has a writable copy; file updates are copied to other servers
- File Transfer Protocol (FTP) Control
- Port: 21
- Fiber-optic Cable
- Very high-speed, long distance networking
- Clear Text Transmissions (Web Server Vulnerabilities)
- Perfect target for an attacker
- Router
- Most will not forward broadcast network traffic
- Single Mode Fiber
- Modulated in amplitude
- Certificates (Web Server Authentication)
- Required for Secure Sockets Layer (SSL)
- Cache Poisoning/Pollution
- Cache corruption that allows an attacker to redirect websites using a vulnerable DNS
- Demilitarized Zone (DMZ)
- Small section of a private network located between two firewalls; made available for public access
- Extranet
- Requires a high level of security and privacy to protect interests and data of all participants
- Simple Mail Transfer Protocol (SMTP)
- Runs on every standard email server, target for attack; causes complete disruption if corrupted
- Extranet
- Private network that employs Internet style technologies to enable communications between two or more separate companies or organizations
- Fiber optic Vulnerability
- Delicate and easily broken
- Secure FTP (SFTP)
- Secure, SSH encrypted version of the FTP protocol
- Buffer Overflow (Web Server Vulnerabilities)
- Most common exploit
- Radio Guide 8 (RG8)
- Used for ethernet networking
- File Transfer Protocol (FTP)
- Standard Internet service that enables transfer of files between a workstation and a remote host
- Fiber optic Vulnerability
- Very secure because it is difficult to splice or tap
- Cabling General Vulnerability
- Tapping or splicing exposed wires can lead to eavesdropping and data theft
- HyperText Transfer Protocol (HTTP)
- Corruption or problems in transmission can damage websites or provide an avenue for network attacks
- Unnecessary Services (FTP Vulnerabilities)
- Can provide an avenue to attack an FTP server
- Twisted-pair Cable
- One or more pairs of wires twisted around each other and enclosed in a plastic jacket
- Digest (Web Server Authentication)
- Similar to Basic Authentication; Uses hashing algorithm to encrypt user name and password
- Web Server Applications (Web Server Vulnerabilities)
- Active Server Pages [ASP], Internet Services Application Programming Interface [ISAPI], PHP, Practical Extraction and Report Language [Perl] may allow attacks through weaknesses
- Anonymous Authentication (Web Server Authentication)
- No user name or password needed to gain web server file access
- Basic Authentication (FTP Vulnerabilities)
- Passes user name and password in clear text; can be a problem if the server is configured to accept account based authentication
- Twisted-pair Cable
- Main types are UTP and STP
- Network Address Translation (NAT)
- Prevents external hosts from identifying and connecting directly to internal systems
- Post Office Protocol version 3 (POP3)
- Port: 110
- rlogin, rsh, and Telnet
- Non-encrypted Unix protocols; all information is sent in plaintext
- Coaxial Cable (Coax)
- So named because all components run along a common central axis
- Router Configuration Files
- Improperly stored files can allow attackers to gain administrative access
- HyperText Transfer Protocol (HTTP)
- Primary protocol that enables clients to connect and interact websites
- Enhanced Twisted pair
- 1Gbps or better, varying cable characteristics
- Secure Multipurpose Internet Mail Extensions (S/MIME)
- Ensures that the email received is the same email that was sent and that it's contents are the original contents included by the sender
- Bounce Vulnerability (FTP Vulnerabilities)
- Can attack other systems by opening a service port and the third system and sending commands
- Routing Internet Protocol (RIP) v1
- Dynamic routing protocol which provides a weak level of authentication
- Broadcast Domain
- Group of hosts that will receive a network broadcast packet not addressed to any individual host
- HTML Source Code (Web Server Vulnerabilities)
- Can reveal data about an company that can be used for a later attack
- Berkeley Internet Name Domain (BIND)
- Runs on many DNS servers on the internet
- Radio Guide 62 (RG62)
- 93 ohms impedance
- Telnet Service
- Simple terminal emulation service allows remote server connection
- Code Outside Web Root (Web Server Vulnerabilities)
- Files executed outside of this directory; generally accessed and executed with the same permissions
- Internet Mail Access Protocol version 4 (IMAP4)
- Messages normally remain in storage on the email server until deleted by the client
- Improper Input Validation (Web Server Vulnerabilities)
- If improperly coded, attackers can send malicious code and execute it locally
- Spam
- Malicious user can flood a network with emails and effectively cause a DoS through email server overload
- Pretty Good Privacy (PGP)
- Encrypted key is sent with the email and the receiver decrypts the key and uses the key to decrypt the contents
- Router
- Connects multiple networks that use the same protocols
- Router
- Examine protocol-based addressing information and determines the most efficient path
- Small Server
- Rarely used Cisco services can be exploited for a DoS attack
- Common Gateway Interface (CGI) (Web Server Vulnerabilities)
- Can provide system information to an attacker or be used to execute commands locally
- Twisted-pair Cable
- Shielded type has an addition foil shield to help protect it from EMI
- File Transfer Protocol (FTP) Data
- Port: 20
- Integrated Windows Authentication (Web Server Authentication)
- Requires IE 2.0 or higher or a browser that supports HTTP 1.1
- SMTP relays
- Email servers permit clients to relay email to non direct server clients, can allow spoofing or spam attacks against other networks
- Coax Vulnerability
- Highly subject to electromagntic interference (EMI)
- Basic Authentication (Web Server Authentication)
- User names and passwords are sent in clear text; can be combined with Secure Sockets Layer (SSL) for credential encryption
- Email Integration (NNTP Vulnerability)
- NNTP implemented as a protocol can be an avenue of attack against these services
- Domain Name System (DNS)
- Allows users to use URLs instead of IP addresses
- Buffer Overflow (Web Server Vulnerabilities)
- Web server software and operating system are vulnerable to this
- Format String (Web Server Vulnerabilities)
- Results in buffer overflow can allow an attacker to execute arbitrary code
- Twisted-pair Cable
- Standard cabling type in most short distance implementations
- Network Address Translation (NAT)
- Router is configured with a single public IP address on it's external face and a private, nonroutable address on it's internal interface
- Network Address Translation (NAT)
- Keeps public addresses singular
- Post Office Protocol version 3 (POP3)
- Protocol employed by dedicated, stand-alone, email clients
- Post Office Protocol version 3 (POP3)
- Email messages are moved from the server to the email client computer when they are read by default
- Category 3 Twisted pair
- Ethernet