Term
A _____ attack occurs when a system becomes unable to function because it has been inundated with requests for services and can't respond to any of them.
A. denial-of-service
B. flashing
C. war driving
D. phishing |
|
Definition
|
|
Term
In a _____ attack, a person redirects or captures secure transmissions as they occur.
A. man-in-the-middle
B. war driving
C. phishing
D. denial-of-service |
|
Definition
|
|
Term
RC4 is used in: (Select 2)
A. WPA
B. WPA2
C. WEP
D. AES |
|
Definition
|
|
Term
In tunneling mode, IPsec encrypts the entire packet.
A. true
B. false |
|
Definition
|
|
Term
A _____ attack occurs when a hacker uses programs that try a combination of a user ID and every word in a dictionary to gain access to the network.
A. flashing
B. brute force
C. dictionary
D. denial-of-service |
|
Definition
|
|
Term
Lack of encryption is the feature of: (Select all that apply)
A. TFTP
B. IPsec
C. L2TP
D. PAP |
|
Definition
|
|
Term
You are alerted that suddenly 100% of the resources on your two core routers are being used and no legitimate traffic can travel into or out of your network. What kind of security attack are you most likely experiencing?
A. Brute force attack
B. Flashing
C. IP spoofing
D. Denial-of-service attack |
|
Definition
| D. Denial-of-service attack |
|
|
Term
_____ protocols are the rules that computers follow to accomplish authentication.
A. Authority
B. Availability
C. Authentication
D. Access |
|
Definition
|
|
Term
Kerberos is ideally meant for _____.
A. Authenticating WAN users
B. Authenticating LAN users
C. Encrypting user names
D. Encrypting databases |
|
Definition
| B. Authenticating LAN users |
|
|
Term
What is a honeypot? (Select 3)
A. system that is used to divert an attacker from the real production network
B. system that allows security administrators to monitor activities of a hacker
C. system that hasn't got any security measures in place
D. virtual system that is used for testing updates and malware analysis
E. system that is meant to be compromised |
|
Definition
A. system that is used to divert an attacker from the real production network
B. system that allows security administrators to monitor activities of a hacker
E. system that is meant to be compromised |
|
|
Term
Which of the following techniques would prevent an FTP bounce attack?
A. Configuring your firewall to deny requests to ports 20 and 21
B. Configuring the FTP service to require a password
C. Restricting the size of your FTP server's memory allocation table
D. Performing a port scan of your network using NMAP |
|
Definition
| A. Configuring your firewall to deny requests to ports 20 and 21 |
|
|
Term
HTTPS: (Select 2)
A. URLs begin with shttp://
B. doesn't encrypt the entire communication channel
C. runs on TCP port 443
D. runs on TCP port 143
E. uses SSL/TLS |
|
Definition
C. runs on TCP port 443
E. uses SSL/TLS |
|
|
Term
Which of the following can automatically detect and deny network access to a host whose traffic patterns appear suspicious?
A. Router
B. Proxy server
C. NAT gateway
D. IPS |
|
Definition
|
|
Term
A router that is not configured to drop packets that match certain or suspicious characteristics is an example of a risk associated with _____.
A. Internet access
B. People
C. Transmission and hardware
D. Protocols and software |
|
Definition
| C. Transmission and hardware |
|
|
Term
Public/private key pair is a feature of:
A. AES
B. PKI
C. Symmetric-key algorithm
D. WEP |
|
Definition
|
|
Term
Which of the following is used as another term for a rogue wireless access point?
A. ICS
B. hotspot
C. IBSS
D. evil twin |
|
Definition
|
|
Term
A(n) _____ is a password-protected and encrypted file that holds an individual's identification information, including a public key.
A. authentication file
B. digital certificate
C. authentication certificate
D. access control list |
|
Definition
|
|
Term
You are designing an 802.11n wireless network for a local cafe. You want the wireless network to be available to the cafe's customers, but not to anyone with a wireless NIC who happens to be in the vacinity. Which of the following security measures require customers to enter a network key to gain access to your network via the access point?
A. TLS
B. IPsec
C. WPA2
D. SSEL |
|
Definition
|
|
Term
What type of device guards against an attack in which the hacker modifies the IP source address in the packets he's issuing so that the transmission appears to belong to your network?
A. NAT gateway
B. Proxy server
C. Router
D. Packet-filtering firewall |
|
Definition
|
|
Term
_____ is a method of encrypting TCP/IP transmissions above the Network layer.
A. PAP
B. PGP
C. IPsec
D. SSL |
|
Definition
|
|
Term
Which of the following is the most secure password?
A. A1B2C333
B. 12345ABC
C. dolphins
D. !tlzOGS557X^^L |
|
Definition
|
|
Term
Which of the following encryption methods provides the best security for data traveling over VPN connections?
A. L2TP
B. SLIP
C. PPTP
D. IPsec |
|
Definition
|
|
Term
In transport mode, IPsec doesn't offer any encryption.
A. true
B. false |
|
Definition
|
|
Term
Which of the following can be implemented through a proxy server? (Select all that apply)
A. enhanced security by servicing requests on behalf of many users
B. scanning outbound content to prevent data leakage
C. scanning processed content for malware
D. faster access to resources through caching |
|
Definition
|
|
Term
You have decided to add a honeypot to your network. Where on the network would you place it?
A. Attached to a workgroup switch
B. In a decoy DMZ
C. Between the access server and RADIUS server
D. On your company's Web server |
|
Definition
|
|
Term
Which of the following encryption techniques is incorporated into IP version 6?
A. IPsec
B. SSL
C. Kerberos
D. SSH |
|
Definition
|
|
Term
If your are entering your account number and password in a Web form to check your bank account balance online, which of the following encryption methods are you most likely using?
A. SSH
B. Kerberos
C. PGP
D. SSL |
|
Definition
|
|
Term
A VPN _____ authenticates VPN clients and establishes tunnels for VPN connections.
A. concentrator
B. certificate authority
C. router
D. service |
|
Definition
|
|
Term
Using a 20-bit key is how many times more secure than using an 18-bit key?
A. eight times
B. four times
C. two times
D. three times |
|
Definition
|
|
Term
PAP, CHAP, MS-CHAP, and MS-CHAP2, are all used to provide:
A. authorization
B. accounting
C. data integrity
D. authentication
E. mutual authentication between a client and a server |
|
Definition
|
|
Term
You work for a retailer that sells household goods online. The company has decided to redesign its network for better security. Included in this redesign is the addition of a new firewall. Assuming the firewall is placed between the Internet connection and the Web server, which of the following should be included in the firewall's configuration so that customers can still reach the Web site?
A. allow incoming UDP-based transmission to port 23
B. allow incoming TCP-based transmission to port 80
C. allow outgoing TCP-based transmissions to port 88
D. allow outgoing UDP-based transmission to port 1024 |
|
Definition
| B. allow incoming TCP-based transmission to port 80 |
|
|
Term
which of the following devices can improve performance for certain applications, in additoin to enhancing network security?
A. Packet-filtering firewall
B. NAT gateway
C. Proxy server
D. Router |
|
Definition
|
|
Term
If a firewall does nothing more than filter packets, at what layer of the OSI model does it operate?
A. Transport
B. Network
C. Data Link
D. Session |
|
Definition
|
|
Term
Which of the following criteria could a router's ACL use for denying packets access to a private network?
A. Source IP address
B. Authentication header
C. RTT
D. Source MAC address |
|
Definition
|
|
Term
Which of the following NOS logon restrictions is most likely to stop a hacker who is attempting to discover someone's password through a brute force or dictionary attack?
A. Total time logged on
B. Time of day
C. Period of time after which a password expires
D. Number of unsuccessful logon attempts |
|
Definition
| D. Number of unsuccessful logon attempts |
|
|
Term
Which of the following is one reason WEP is less secure than 802.11i?
A. WEP is only capable of 16-bit keys, where 802.11i can use keys up to 128 bits long.
B. WEP uses only one encryption method, whereas 802.11i combines two encryption methods for data in transit.
C. WEP uses the same key for authentication and encryption every time a client connects, whereas 802.11i assigns keys dynamically to each transmission.
D. WEP does not require clients to specify as SSID, whereas 802.11i requires clients to specify an SSID plus a username and password for the network's access server. |
|
Definition
| C. WEP uses the same key for authentication and encryption every time a client connects, whereas 802.11i assigns keys dynamically to each transmission. |
|
|
Term
How many keys are required for public key encryption?
A. one
B. two
C. four
D. none |
|
Definition
|
|
Term
Which of the following requires port-based authentication?
A. Kerberos
B. RADIUS
C. WEP
D. WPA |
|
Definition
|
|
Term
Which of the following plays a crucial role in the Public-key Infrastructure?
A. IDS
B. Certificate authority
C. VPN concentrator
D. PGP |
|
Definition
|
|
Term
|
Definition
| The IEEE standard for wireless network encryption and authentication that uses the EAP authentication method, strong encryption, and dynamically assigned keys, which are different for every transmission. 802.11i specifies AES encryption and weaves a key into each packet. |
|
|
Term
|
Definition
| A vendor-independent IEEE standard for securing transmission between nodes according to the transmissions's port, whether physical or logical. 802.1x, also known as EAPoL, is the authentication standard followed by wireless networks using 802.11i. |
|
|
Term
| AAA (authentication, authorization, and accounting) |
|
Definition
| The name of a category of protocols that establish a client's identity; check the client's credentials and, based on those, allow or deny access to a system or network; and, finally, track the client's system or network usage. |
|
|
Term
| ACL (access control list) |
|
Definition
| A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria. |
|
|
Term
| AES (Advanced Encryption Standard) |
|
Definition
| A private key encryption algorithm that weaves keys of 128, 160, 192, or 256 bits through data multiple times. The algorithm used in the most popular form of AES is known as Rijndael. AES has replaced DES in situations such as military communications, which require the highest level of security. |
|
|
Term
| AH (authentication header) |
|
Definition
| In the context of IPSec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. |
|
|
Term
| AS (authentication service) |
|
Definition
| In Kerberos terminology, the process that runs on a KDC (Key Distribution Center) to initially validate a client who's logging on. The authentication service issues a session key to the client and to the service the client wants to access. |
|
|
Term
|
Definition
| A type of encryption (such as public key encryption) that uses a different key for encoding data than is used for decoding the ciphertext. |
|
|
Term
|
Definition
| A set of rules that governs how servers authenticate clients. Several types of authentication protocols exists. |
|
|
Term
|
Definition
| In Kerberos authentication, the user's time stamp encrypted with the session key. The authenticator is used to help the service verify that a user's ticket is valid. |
|
|
Term
|
Definition
| A method of authentication in which a device scans an individual's unique physical characteristics (such as the color patterns in her iris or the geometry of her hand) to verify the user's identity. |
|
|
Term
|
Definition
| An attempt to discover an encryption key or password by trying numerous possible character combinations. Usually, a brute force attack is performed rapidly by a program designed for that purpose. |
|
|
Term
| CA (certificate authority) |
|
Definition
| An organization that issues and maintains digital certificates as part of the Public-key Infrastructure. |
|
|
Term
|
Definition
| A random string of text issued from one computer to another in some forms of authentication. It is used, along with the password (or other credential), in a response to verify the computer's credentials. |
|
|
Term
| CHAP (Challenge Handshake Authentication Protocol) |
|
Definition
| An authentication protocol that operates over PPP and that requires the authenticator to take the first step by offering the other computer a challenge. The requestor responds by combining the challenge with its password, encrypting the new string of characters and sending it to the authenticator. The authenticator matches to see if the requestor's encrypted string of text matches its own encrypted string of characters. If so, the requestor is authenticated and granted access to secured resources. |
|
|
Term
|
Definition
| The unique data block that results when an original piece of data (such as text) is encrypted (for example, by using a key). |
|
|
Term
|
Definition
| In the context of SSL encryption, a message issued from the client to the server that contains information about what level of security the client's browser is capable of accepting and what type of encryption the client's browser can decipher (for example, RSA or Diffie-Hellman). the client_hello message also establishes a randomly generated number that uniquely identifies the client, plus another number that identifies the SSL session. |
|
|
Term
| content-filtering firewall |
|
Definition
| A firewall that can block designated types of traffic from entering a protected network. |
|
|
Term
|
Definition
| A security attack in which a system becomes unable to function because it has been inundated with requests for services and can't respond to any of them. As a result, all data transmissions are disrupted. |
|
|
Term
| DES (Data Encryption Standard) |
|
Definition
| A popular private key encryption technique that was developed by IBM in the 1970s. |
|
|
Term
|
Definition
| A technique in which attackers run a program that tries a combination of a known user ID and, for a password, every word in a dictionary to attempt to gain access to a network. |
|
|
Term
|
Definition
| the first commonly used public, or asymmetric, key algorithm. Diffie-Hellman was released in 1975 by its creators, Whitfield Diffie and Martin Hellman. |
|
|
Term
|
Definition
| A password-protected and encrypted file that holds an individual's identification information, including a public key and a private key. The individual's public key is used to verify the sender's digital signature, and the private key allows the individual to log on to a third-party authority who administers digital certificates. |
|
|
Term
|
Definition
| The perimeter of a protected, internal network where users, both authorized and unauthorized, from external networks can attempt to access it. Firewalls and IDS/IPS systems are typically placed in the DMZ. |
|
|
Term
|
Definition
| A security attack in which an outsider forges name server records to falsify his host's identity. |
|
|
Term
| EAP (Extensible Authentication Protocol) |
|
Definition
| A Data Link layer protocol defined by the IETF that specifies the dynamic distribution of encryption keys and a preauthentication process in which a client and server exchange data via an intermediate node (for example, an access point on a wireless LAN). Only after they have mutually authenticated can the client and server exchange encrypted data. EAP can be used with multiple authentication and encryption schemes. |
|
|
Term
|
Definition
| The use of an algorithm to scramble data into a format that can be read only by reversing the algorithm - decrypting the data - to keep the information private. The most popular kind of encryption algorithm weaves a key into the original data's bits, sometimes several times in different sequences, to generate a unique data block. |
|
|
Term
|
Definition
| Computers or specialized adapters inserted into other devices, such as routers or servers, that perform encryption. |
|
|
Term
| ESP (Encapsulation Security Payload) |
|
Definition
| In the context of IPSec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. In addition, ESP also encrypts the entire IP packet for added security. |
|
|
Term
|
Definition
| An exploit in which a rogue access point masquerades as a legitimate access point, using the same SSID and potentially other identical settings. |
|
|
Term
|
Definition
| In the context of network security, the means by which a hacker takes advantage of a vulnerability. |
|
|
Term
|
Definition
| A security attack in which an Internet user sends commands to another Internet user's machine that cause the screen to fill with garbage characters. A flashing attack causes the user to terminate her session. |
|
|
Term
|
Definition
| A security exploit in which an FTP client specifies a different host's IP address and port number for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code. To thwart FTP bounce attacks, most modern FTP servers will not issue data to hosts other than the client that originated the request. |
|
|
Term
|
Definition
| Traditionally, a person who masters the inner workings of operating systems and utilities in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent. |
|
|
Term
|
Definition
| One of several protocols within SSL, and perhaps the most significant. As its name implies, the handshake protocol allows the client and server to authenticate (or introduce) each other and establishes terms for how they securely exchange data during an SSL session. |
|
|
Term
| HIDS (host-based intrusion detection) |
|
Definition
| A type of intrusion detection that runs on a single computer, such as a client or server, that has access to and allows access from the Internet. |
|
|
Term
| HIPS (host-based intrusion prevention) |
|
Definition
| A type of intrusion prevention that runs on a single computer, such as a client or server, that has access to and allows access from the Internet. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act. |
|
|
Term
|
Definition
| A firewall that only protects the computer on which it's installed. |
|
|
Term
| HTTPS (HTTP over Secure Sockets Layer) |
|
Definition
| The URL prefix that indicates that a Web page requires its data to be exchanged between client and server using SSL encryption. HTTPS uses the TCP port number 443. |
|
|
Term
| IDS (intrusion-detection system) |
|
Definition
| A dedicated device or software running on a host that monitors, flags, and logs any unauthorized attempt to access an organization's secured resources on a network or host. |
|
|
Term
| IKE (Internet Key Exchange) |
|
Definition
| The first phase of IPSec authentication, which accomplishes key management. IKE is a service that runs on UDP port 500. After IKE has established the rules for the type of keys two nodes use, IPSec invokes its second phase, encryption. |
|
|
Term
| IPS (intrusion-prevention system) |
|
Definition
| A dedicated device or software running on a host that automatically reacts to any unauthorized attempt to access an organizations's secured resources on a network or host. IPS is often combined with IDS. |
|
|
Term
| IPSec (Internet Protocol Security) |
|
Definition
| A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. IPSec is an enhancement to IPv4 and is native to IPv6. IPSec is unique among authentication methods in that it adds security information to the header of all IP packets. |
|
|
Term
|
Definition
| A security attack in which an outsider obtains internal IP addresses and then uses those addresses to pretend that he has authority to access a private network from the Internet. |
|
|
Term
| ISAKMP (Internet Security Association and Key Management Protocol) |
|
Definition
| A service for setting policies to verify the identity and the encryption methods nodes will use in IPSec transmission. |
|
|
Term
| KDC (Key Distribution Center) |
|
Definition
| In Kerberos terminology, the server that runs the authentication service and the Ticket-Granting Service to issue keys and tickets to clients. |
|
|
Term
|
Definition
| A cross-platform authentication protocol that uses key encryption to verify the identity of clients and to securely exchange information after a client logs on to a system. It is an example of a private key encryption service. |
|
|
Term
|
Definition
| A series of characters that is combined with a block of data during that data's encryption. To decrypt the resulting data, the recipient must also possess the key. |
|
|
Term
|
Definition
| The method whereby two nodes using key encryption agree on common parameters for the keys they will use to encrypt data. |
|
|
Term
|
Definition
| The combination of a public and private key used to decipher data that was encrypted using public key encryption. |
|
|
Term
|
Definition
| A security threat that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit. |
|
|
Term
|
Definition
| A penetration-testing tool that combines known scanning techniques and exploits to result in potentially new types of exploits. |
|
|
Term
| MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) |
|
Definition
| An authentication protocol provided with Windows operating systems that uses a three-way handshake to verify a client's credentials and encrypts passwords with a challenge text. |
|
|
Term
| MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol, version 2) |
|
Definition
| An authentication protocol provided with Windows operating systems that follows the CHAP model, but uses stronger encryption, uses different encryption keys for transmission and reception, and requires mutual authentication between two computers. |
|
|
Term
| multifactor authentication |
|
Definition
| An authentication process that requires the client to provide two or more pieces of information, such as a password, fingerprint scan, and security token. |
|
|
Term
|
Definition
| An authentication scheme in which both computers verify the credentials of each other. |
|
|
Term
|
Definition
| A penetration-testing tool from Tenable Security that performs sophisticated scans to discover information about hosts, ports, services, and software. |
|
|
Term
|
Definition
| A firewall configured and positioned to protect an entire network. |
|
|
Term
|
Definition
| A key (or character string) required for a wireless station to associate with an access point using WEP. |
|
|
Term
| NIDS (network-based intrusion detection) |
|
Definition
| A type of intrusion detection that occurs on devices that are situated at the edge of the network or that handle aggregated traffic. |
|
|
Term
| NIPS (network-based intrusion prevention) |
|
Definition
| A type of intrusion prevention that occurs on devices that are situated at the edge of the network or that handle aggregated traffic. |
|
|
Term
|
Definition
| A scanning tool designed to assess large networks quickly and provide comprehensive, customized information about a network and its hosts. NMAP, which runs on virtually any modern operating system, is available for download at no cost at www.nmap.org. |
|
|
Term
|
Definition
| An open source version of the SSH suite of protocols. |
|
|
Term
| packet-filtering firewall |
|
Definition
| A router that examines the header of every packet of data that it receives to determine whether that type of packet is authorized to continue to its destination. Packet-filtering firewalls are also called screening firewalls. |
|
|
Term
| PAP (Password Authentication Protocol) |
|
Definition
| A simple authentication protocol that operates over PPP. Using PAP, a client issues its credentials in a request to authenticate, and the server responds with a confirmation or denial of authentication after comparing the credentials with those in its database. PAP is not very secure and is, therefore, rarely used on modern networks. |
|
|
Term
| PGP (Pretty Good Privacy) |
|
Definition
| A key-based encryption system for e-mail that uses a two-step verification process. |
|
|
Term
|
Definition
| A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information. |
|
|
Term
| PKI (Public-key Infrastructure) |
|
Definition
| The use of certificate authorities to associate public keys with certain users. |
|
|
Term
|
Definition
| A technique in which a client's identity is verified by an authentication server before a port, whether physical or logical, is opened for the client's Layer 3 traffic. |
|
|
Term
|
Definition
| The process of redirecting traffic from its normally assigned port to a different port, either on the client or server. In the case of using SSH, port forwarding can send data exchanges that are normally insecure through encrypted tunnels. |
|
|
Term
|
Definition
| A monitoring technique in which one port on a switch is configured to send a copy of all its traffic to a second port. |
|
|
Term
|
Definition
| Software that searches a server, switch, router, or other device for open ports, which can be vulnerable to attack. |
|
|
Term
|
Definition
| An assessment of an organizations's security vulnerabilities. Posture assessments should be performed at least annually and preferably quarterly - or sooner if the network has undergone significant changes. for each risk found, it should rate the severity of a potential breach, as well as its likelihood. |
|
|
Term
|
Definition
| In Kerberos terminology, a user or client. |
|
|
Term
|
Definition
| A type of key encryption in which the sender and receiver use a key to which only they have access. DES (Data Encryption Standard), which was developed by IBM in the 1970s, is a popular example of a private key encryption technique. Private key encryption is also known as symmetric encryption. |
|
|
Term
|
Definition
| A network host that runs s proxy service. Proxy servers may also be called gateways. |
|
|
Term
|
Definition
| A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the addresses of internal LAN devices. |
|
|
Term
|
Definition
| A form of key encryption in which data is encrypted using two keys. One key is a key known only to a user, and the other is a key associated with the user and that can be obtained from a public source, such as a public key server. Some examples of public key algorithms include RSA and Diffie-Hellman. Public key encryption is also known as asymmetric encryption. |
|
|
Term
|
Definition
| A publicly available host (such as an Internet host) that provides free access to a list of users' public keys (for use in public key encryption). |
|
|
Term
| RADIUS (Remote Authentication Dial-In User Service) |
|
Definition
| A popular protocol for providing centralized AAA (authentication, authorization, and accounting) for multiple users. RADIUS runs over UDP and can use one of several authentication protocols. |
|
|
Term
|
Definition
| A server that offers centralized authentication services to a network's access server, VPN server, or wireless access point via the RADIUS protocol. |
|
|
Term
|
Definition
| An asymmetric key encryption technique that weaves a key with data multiple times as a computer issues the stream of data. RC4 keys can be as long as 2048 bits. In addition to being highly secure, RC4 is fast. |
|
|
Term
|
Definition
| An encryption algorithm that creates a key by randomly choosing two large prime numbers and multiplying them together. RSA is named after its creators, Ronald Rivest, Adi Shamir, and Leonard Adlemane. RSA was released in 1977, but remains popular today for e-commerce transactions. |
|
|
Term
|
Definition
| A method for copying files securely between hosts. SCP is part of the OpenSSH package, which comes with modern UNIX and Linux operating systems. Third-party SCP applications are available for Windows-based computers. |
|
|
Term
|
Definition
| An assessment of an organization's security vulnerabilities performed by an accredited network security firm. |
|
|
Term
|
Definition
| A document or plan that identifies an organization's security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition, it specifies how to address security breaches. |
|
|
Term
|
Definition
| A device or piece of software used for authentication that stores or generates information, such as a series of numbers or letters, known only to its authorized user. |
|
|
Term
|
Definition
| In the context of SSL encryption, a message issued from the server to the client that confirms the information the server received in the client_hello message. It also agrees to certain terms of encryption based on the options the client supplied. Depending on the Web server's preferred encryption method, the server may choose to issue your browser a public key or a digital certificate at this time. |
|
|
Term
|
Definition
| In the context of Kerberos authentication, a key issued to both the client and the server by the authentication service that uniquely identifies their session. |
|
|
Term
| SFTP (Secure File Transfer Protocol) |
|
Definition
| A protocol available with the proprietary version of SSH that copies files between hosts securely. Like FTP, SFTP first establishes a connection with a host and then allows a remote user to browse directories, list files, and copy files. Unlike FTP, SFTP encrypts data before transmitting it. |
|
|
Term
|
Definition
| A form of authentication in which a client signs on once to access multiple systems or resources. |
|
|
Term
|
Definition
| A threat to networked hosts in which the host is flooded with broadcast ping messages. A smurf attack is a type of denial-of-service attack. |
|
|
Term
|
Definition
| The act of manipulating personal relationships to circumvent network security measures and gain access to a system. |
|
|
Term
|
Definition
| A connection utility that provides authentication and encryption. With SSH, you can securely log on to a host, execute commands on that host, and copy files to or from that host. SSH encrypts data exchanged throughout the session. |
|
|
Term
| SSL (Secure Sockets Layer) |
|
Definition
| A method of encrypting TCP/IP transmissions - including Web pages and data entered into Web forms - en route between the client and server using public key encryption technology. |
|
|
Term
|
Definition
| In the context of SSL encryption, an association between the client and server that is defined by an agreement on a specific set of encryption techniques. An SSL session allows the client and server to continue to exchange data securely as long as the client is still connected to the server. SSL sessions are established by the SSL handshake protocol. |
|
|
Term
|
Definition
| A firewall capable of monitoring a data stream from end to end. |
|
|
Term
|
Definition
| A firewall capable only of examining packets individually. Stateless firewalls perform more quickly than stateful firewalls, but are not as sophisticated. |
|
|
Term
|
Definition
| A method of encryption that requires the same key to encode the data as is used to decode the ciphertext. |
|
|
Term
| TACACS+ (Terminal Access Controller Access Control System Plus) |
|
Definition
| A Cisco proprietary protocol for AAA (authentication, authorization, and accounting). Like RADIUS, TACACS+ may use one of many authentication protocols. Unlike RADIUS, TACACS+ relies on TCP at the Network layer and allows for separation of the AAA services. |
|
|
Term
| TGS (Ticket-Granting Service) |
|
Definition
| In Kerberos terminology, an application that runs on the KDC that issues Ticket-Granting Tickets to clients so that they need not request a new ticket for each new service they want to access. |
|
|
Term
| TGT (Ticket-Granting Ticket) |
|
Definition
| In Kerberos terminology, a ticket that enables a user to be accepted as a validated principal by multiple services. |
|
|
Term
|
Definition
| An authentication process that involves three steps. |
|
|
Term
|
Definition
| In Kerberos terminology, a temporary set of credentials that a client uses to prove that its identity has been validated by the authentication service. |
|
|
Term
| TKIP (Temporal Key Integrity Protocol) |
|
Definition
| An encryption key generation and management scheme used by 802.11i. |
|
|
Term
| TLS (Transport Layer Security) |
|
Definition
| A version of SSL being standardized by the IETF. With TLS, the IETF aims to create a version of SSL that encrypts UDP as well as TCP transmissions. TLS, which is supported by new Web browsers, uses slightly different encryption algorithms than SSL, but otherwise is very similar to the most recent version of SSL. |
|
|
Term
|
Definition
| The modern implementation of DES, which weaves a 56-bit key through data three times, each time using a different key. |
|
|
Term
| two-factor authentication |
|
Definition
| A process in which clients must supply two pieces of information to verify their identity and gain access to a system. |
|
|
Term
|
Definition
| A specialized device that authenticates VPN clients and establishes tunnels for VPN connections. |
|
|
Term
|
Definition
| A weakness of a system, process, or architecture that could lead to compromised information or unauthorized access to a network. |
|
|
Term
|
Definition
| The use of chalk to draw symbols on a sidewalk or wall within range of an access point. The symbols, patterned after marks that hobos devised to indicate hospitable places for food or rest, indicate the access point's SSID and whether it's secured. |
|
|
Term
|
Definition
| The act of driving while running a laptop configured to detect and capture wireless data transmissions. |
|
|
Term
| WEP (Wired Equivalent Privacy) |
|
Definition
| A key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit. |
|
|
Term
|
Definition
| A security exploit in which a hacker uses a program to discover a WEP key. |
|
|
Term
|
Definition
| An international, nonprofit organization dedicated to ensuring the interoperability of 802.11-capable devices. |
|
|
Term
| WPA (Wi-Fi Protected Access) |
|
Definition
| A wireless security method endorsed by the Wi-Fi Alliance that is considered a subset of the 802.11i standard. In WPA, authentication follows the same mechanism specified in 802.11i. The main difference between WPA and 802.11i is that WPA specifies RC4 encryption rather than AES. |
|
|
Term
|
Definition
| The name given to the 802.11i security standard by the Wi-Fi Alliance. The only difference between WPA2 and 802.11i is that WPA2 includes support for the older WPA security method. |
|
|
Term
|
Definition
| An authentication scheme for Wi-Fi networks that combines WPA(2) with RADIUS. |
|
|
Term
|
Definition
| A security exploit in which a hacker uses a program to discover a WPA key. |
|
|
Term
|
Definition
| An exploit that takes advantage of a software vulnerability that hasn't yet become public, and is known only to the hacker who discovered it. Zero-day exploits are particularly dangerous, because the vulnerability is exploited before the software developer has the opportunity to provide a solution for it. |
|
|
