Term
|
Definition
(SINGLE VIRTUAL DISK)
-Functions as a single virtual disk
-Usually software over Level 5 hardware
-Enables the drive array to continue to operate if any disk or any path to any disk fails. |
|
|
Term
|
Definition
| (Source Site) Sends spoofed network request to large network (bounce site) all machines respond to the (target site). IP broadcast addressing. |
|
|
Term
|
Definition
-Attacks the buffer space during a Transmission Control Protocol (TCP)
-Attacker floods the target system’s ‘in-process’ queue with connection requests causing the system to time-out. |
|
|
Term
|
Definition
-Compact Disk (CD) – permanent backups, longer shelf life than tape
-ZIP – JAZZ – Common
-Tape Array – 32 to 63 Tape Array using RAID technology
HSM – Hierarchical. Provides a continuous on-line backup by using optical or tape ‘jukeboxes’, similar to WORMs. |
|
|
Term
|
Definition
-DAT – Digital Audio Tape
-QIC – Quarter Inch Cartridge – Small and slow
-8mm Tape – Superceded by DLT
-DLT – Digital Linear Tape – 4mm tape – large and fast |
|
|
Term
| FDDI – Fiber Distributed Data Interface |
|
Definition
-Dual rings fault tolerance (if first ring fails, the secondary ring begins working)
-Sometimes uses second ring for improved performance |
|
|
Term
| RAID – Redundant Array of Inexpensive Disks |
|
Definition
-Fault tolerance against server crashes
-Secondary – improve system performance
-Striping – Caching and distributing on multiple disks
-Employs the technique of striping, which involves partitioning each drive's storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order.
-Hardware and software implementation |
|
|
Term
|
Definition
-Filling hard drive space with email attachments
-Sending a message that resets a targets host subnet mask causing routing disruption
-Using up all of the target’s resources to accept network connections |
|
|
Term
|
Definition
-Gives an intruder a road map of the network for DoS attack
-Gives a list of available services
-Traffic analysis via ‘sniffers’ which scans the host for available services
-Like a telephone wiretap allows the *FBI to listen in on other people's conversations, a "sniffing" program lets someone listen in on computer conversations.
-Tools: Telnet (manual), vulnerability scanners (automatic). |
|
|
Term
|
Definition
-Group of independent servers managed as a single system
-Load Balancing
-Improves performance
-“Server Farm”
-Microsoft Cluster Server |
|
|
Term
| Computer Emergency Response Team, aka as CIRT |
|
Definition
-Manage the company’s response to events that pose a risk
-Coordinating information
-Mitigating risk, minimize interruptions
-Assembling technical response teams
-Management of logs
Management of resolution |
|
|
Term
|
Definition
-Mirroring
-Duplicates data on other disks (usually one to one ratio)
-Expensive (doubles cost of storage) |
|
|
Term
|
Definition
-Modifying the length of the fragmentation fields in the IP Packet
-When a machine receives this attack, it is unable to handle the data and can exhibit behavior ranging from a lost Internet connection to the infamous blue screen of death. Becomes confuse and crashes. |
|
|
Term
|
Definition
-Only files that have been changed or added recently
-Only files with their archive bit set are backed up.
-This method is fast and uses less tape space but has some inherent vulnerabilities, one being that all incremental backups need to be available and restored from the date of the last full backup to the desired date should a restore be needed.
-Restore = last full backup plus each incremental |
|
|
Term
|
Definition
-Only files that have changed since the last backup
-All files to the full backup (additive)
-Restore = full backup plus the last differential |
|
|
Term
|
Definition
-Primary Server mirrors to secondary server
-Fail-over or rollover to secondary in the event of a failure
-Server fault tolerance can be warm or hot |
|
|
Term
| Failure Resistant Disk Systems Plus(FRDS+) |
|
Definition
-Protect from disk failure – can reconstruct disks by automatically hot swapping while server is running
-Includes environmental
-Adds hazard warnings |
|
|
Term
|
Definition
-Public switched WAN
-Highly Fault Tolerant
-Bad segment diverts packets
-Can use multiple vendors for high availability |
|
|
Term
|
Definition
-Slow transfer of data to backup
-Retrieval time to restore
a.Off hour processing and monitoring
b.Server disk space expands over time
-Loss of data between last back up
-Physical security of tapes |
|
|
Term
|
Definition
-When a process receives much more data than expected.
-Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. |
|
|
Term
|
Definition
0 – Striping
1 – Mirroring
2 – Hamming code parity
3 – Byte level parity
4 – Block level parity
5 – Interleave parity
7 – Single Virtual Disk |
|
|
Term
|
Definition
| A series of minor computer crimes that are part of a larger crime. |
|
|
Term
|
Definition
| An attack that involves nothing more than forging one's source address. It is the act of using one machine to impersonate another. Class E network intrusion |
|
|
Term
|
Definition
| Attack using another users connection. Class E network intrusion |
|
|
Term
|
Definition
| Attack via dial up or external connection. Class E network intrusion |
|
|
Term
|
Definition
BYTE LEVEL PARITY) RAID 4 (BLOCK LEVEL PARITY)
-RAID 3 – Byte level
-RAID 4 – Block level
-Stripe across multiple drives
-Parity information on a parity drive
-Provides redundancy
-Can affect performance with single parity drive |
|
|
Term
|
Definition
|
|
Term
| CIRT – Computer Incident Response Team |
|
Definition
CIRT performs
Analysis of event
Response to incident
Escalation path procedures
Resolution – post implementation follow up |
|
|
Term
|
Definition
| Cable length is a common failure. The difference between the two has to do with the tightness the copper wires are wound. Tightness determines its resistance to interference. CAT3 is older. |
|
|
Term
|
Definition
Class A – unauthorized access through circumvention of security access controls.
Class B – non-business use of systems
Class C – Eavesdropping
Class D – Denial of Service Saturation of network services
Class E – Network Intrusion – penetration (externally)
Class F – Probing |
|
|
Term
|
Definition
| Commonly reside on a discrete network segment and monitor the traffic on that network segment. |
|
|
Term
|
Definition
| Controlled Access protection |
|
|
Term
|
Definition
| Covertly monitoring or listening to transmissions that is unauthorized. CLass C network abuse |
|
|
Term
|
Definition
| Discretionary Security Protection |
|
|
Term
|
Definition
|
|
Term
| Trivial File Transfer Protocol (TFTP |
|
Definition
| Good tool for router configuration |
|
|
Term
|
Definition
HAMMING CODE PARITY)
-Multiple disks
-Parity information created using a hamming code
-Can be used in 39 disk array 32 Data and 7 recovery
-Not used, replaced by more flexible levels |
|
|
Term
| Protocol field has a value of 1 |
|
Definition
|
|
Term
| Protocol field has a value of 2 |
|
Definition
|
|
Term
|
Definition
INTERLEAVE PARITY)
-Most popular
-Stripes data and parity information across all drives
-Uses interleave parity
-Reads and writes performed concurrently
-Usually 3-5 drives. If one drive fails, can reconstruct the failed drive by using the information from the other 2. |
|
|
Term
| Network Interface Card (NIC) |
|
Definition
| If set at wrong speed or in error state can bring the network down. |
|
|
Term
|
Definition
| Immune to EMI. Longer usable length (upto 2kms). Drawback is costs. |
|
|
Term
|
Definition
| Intruder sends a PING that consists of an illegally modified and very large IP datagram, thus overfilling the system buffers and causing the system to reboot or hang. |
|
|
Term
|
Definition
| Is used to convince a system that it is communicating with a known entity that gives an intruder access. IP spoofing involves altering the packet at the TCP level. The attacker sends a packet with an IP source address of a known, trusted source. E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Many workstations or servers attached to the same segment of cable, which creates a single point of failure if it is broken (similar to cable TV cabling). Exceeding cable length is a source of failure. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Most popular; extremely resistance to failure, especially in a star-wired config |
|
|
Term
| Remote Node Authentication |
|
Definition
PAP – Password Authentication Protocol – clear text
CHAP – Challenge Handshake Authentication Protocol – protects password |
|
|
Term
|
Definition
| Packet Internet Groper – uses ICMP – Internet Control Message Protocol, it is used some times in a Buffer Overflow attack |
|
|
Term
| Failure Resistant Disk Systems (FRDS) |
|
Definition
| Provides the ability to reconstruct the contents of a failed disk onto a replacement disk |
|
|
Term
| Remote Access Authentication |
|
Definition
RADIUS – Remote Access Dial-In User Server
TACACS – Terminal Access Controller Access Control Server |
|
|
Term
|
Definition
| Refers to the physical interception of a transmission medium (like splicing of cable). Class C network abuse |
|
|
Term
|
Definition
|
|
Term
|
Definition
Signature based
Pros - Low False Alarms
Alarms Standardized
Cons- Resource Intensive
New or unique attacks not found |
|
|
Term
|
Definition
Statistical Anomaly
Pros - Dynamically adapts
Not as operating system specific
Cons - High False Alarm rates
User activity may not be static enough to implement |
|
|
Term
|
Definition
|
|
Term
|
Definition
| T1 and ISDN – go with multiple vendors to reduce failures |
|
|
Term
| Protocol field has a value of 6 |
|
Definition
|
|
Term
|
Definition
| Tampering with a transmission to create a covert signaling channel or probing the network. Class C network abuse. |
|
|
Term
|
Definition
| The "smurf" attack's cousin, uses UDP echo packets in the same fashion as the ICMP echo packet. |
|
|
Term
|
Definition
| Token is passed by every station on the ring, can be a single point of failure. |
|
|
Term
|
Definition
| Tricks the target in believing that it’s connected to a trusted host and then hijacks the session by predicting the target’s choice of an initial TCP Sequence number. Then it’s used to launch various other attacks on other hosts. |
|
|
Term
| Protocol field has a value of 17 |
|
Definition
|
|
Term
|
Definition
| Use small programs, which reside on a host computer. Detect inappropriate activity only on the host computer, not the network segment. |
|
|
Term
|
Definition
| Using a hidden unauthorized communication. Class C network abuse |
|
|
Term
| Securing External Remote Connections |
|
Definition
VPN – Virtual Private Network
SSL – Secure Socket Layer
SSH – Secure Shell |
|
|
Term
|
Definition
xDSL – Digital Subscriber Line
Cable modem
Wireless (PDAs)
ISDN – Integrated Services Digital Network |
|
|
Term
|
Definition
| Functionally Tested - provides an evaluation of the TOE (Target of Evaluation) as made available to the customer, including independent testing against a specification, and an examination of the guidance documentation provided |
|
|
Term
|
Definition
| Structurally Tested - requires the cooperation of the developer in terms of the delivery of design information and test results, but should not demand more effort on the part of the developer than is consistent with good commercial practice |
|
|
Term
|
Definition
| Methodically Tested and Checked - permits a conscientious developer to gain maximum assurance from positive security engineering at the design stage without substantial alteration of existing sound development practices. |
|
|
Term
|
Definition
| Methodically Designed, Tested, and Reviewed - permits a developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. |
|
|
Term
|
Definition
| Semiformally Designed and Tested - permits a developer to gain maximum assurance from security engineering based upon rigorous commercial development practices supported by moderate application of specialist security engineering techniques. |
|
|
Term
|
Definition
| Semiformally Verified Design and Tested - permits developers to gain high assurance from application of security engineering techniques to a rigorous development environment in order to produce a premium TOE for protecting high value assets against significant risks |
|
|
Term
|
Definition
| Formally Verified Design and Tested - applicable to the development of security TOEs for application in extremely high risk situations and/or where the high value of the assets justifies the higher costs. |
|
|
Term
|
Definition
Computer security is most effective when multiple layers of security are used:
1) Security Policies, procedures, standards and guidelines
2)Permimeter security including routers and firewalls
3)Hardware/Sofware host security productes
4)Auditing, monitoring, IDS and response |
|
|
Term
| Session Hijacking Attacks |
|
Definition
-IP Spoofing
-C2MYAZZ
-TCP Sequence Number Attacks
-DNS Poisoning |
|
|
Term
|
Definition
-War dialing
-Demon dialing
-Toneloc |
|
|
Term
|
Definition
Periodic scans to identify weaknessess
-Discovery Scanning
-Workstation Scanning
-Server Scanning |
|
|
Term
|
Definition
-Computer Oracale and Password Systems (COPS)
-HPing and HPing2
-Legion
-Nessus
-NMap
-Remote Access e Scanner (RAPS)
-Security Administrator Integrated Tool (SAINT)
-System Administrator Tool for Analyzing Networks (SATAN)
-TCPView
-Snort |
|
|
Term
|
Definition
Process of sending data packets to a port to gather information about the state of that port
-ICMP scanning
-TCP or UDP scanning
-DNS queries
-O/S identification and testing
-Application identification and testing |
|
|
Term
|
Definition
| File Transfer Protocol (FTP) |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Simple Network Management Protocol |
|
|
Term
|
Definition
|
|
Term
| Issues with Vulnerability Scanning |
|
Definition
-False Positive
-Heavy Traffic
-False negatives
-System crash
-Unregistered port numbers |
|
|
Term
|
Definition
Term describing exploits used to commit identify theft via
- social engineering through email and brand spoofing
-infected web sites and cookies
-torjan horses and spyware
-browswer hijacking and redirection
-keyloggers and spybots |
|
|
Term
|
Definition
| Change web browser settings to switch home pages or hijack search functions |
|
|
Term
|
Definition
| Web servers that repond to requests for their DOS 8.3 file name are vulnerable to attacks. |
|
|
Term
|
Definition
-Adware
-Keyloggers
-Web Bugs
-Spambots
-Pop-up
-Drive-by
-Bogus spyware removal programs
-multistage and blended threats |
|
|
Term
|
Definition
| Malicious self-replicating computer program designed to infect multiple remote computers in attempt to deliver a destructive payload |
|
|
Term
|
Definition
| Malicious code added to an existing application to be executed at a later date |
|
|
Term
|
Definition
| A program in which malicious or harmful code is contained inside apparently harmless programming or data |
|
|
Term
|
Definition
-Tinoo
-Back Office
-NetBus
-Bagle
-Hearse
-SubSeven |
|
|
Term
|
Definition
| Attempt to hide from the O/S and Anitvirus software by changing their size, date, or encrypting themselves |
|
|
Term
|
Definition
-Difficult to detect as they change with each infection
-3 main parts:
1 Scrambled Virus body
2 Decryption routine
3 Mutation engine |
|
|
