Shared Flashcard Set

Details

Networking CH11
Chapter 11-Networking
121
Computer Networking
Undergraduate 4
11/01/2012

Additional Computer Networking Flashcards

 


 

Cards

Term
802.11i
Definition
The IEEE standard for wireless network encryption and authenication that uses the EAP authentication method, strong encryption, and dynamically assigned keys, which are different for every transmission. Specifies AES encryption and weaves a key into each packet.
Term
802.1x
Definition
A vendor independent IEEE standard for securing tranmission between nodes according to the tranmission's port, whether physical or logical. Also known as EAPoL, is the authentication standard followed by wireless networks using 802.11i.
Term
AAA
Authentication, Authorization, and Accounting
Definition
The name of a category of protocols that establish a client's identity; check the clients credential's and based on those, allow or deny access to a system or network, and finally track the client's system or network usage.
Term
ACL
Access Control List
Definition
A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria.
Term
AES
Advanced Encryption Standard
Definition
A private key encryption algorithm that weaves keys of 128, 160, 192, or 256 bits through data multiple times. The algorithm used in the most popular form of AES is known as Rijndael. Replaced DES in situations such as military communciations, which require the highest level of security.
Term
AH
Authentication Header
Definition
In the context of IPSec, a type of encryption that provides authentication of the IP packets data payload through public key techniques.
Term
AS
Authentication Service
Definition
In Kerberos terminology, the process that runs on a KDC (Key Distribution Center) to initially validate a client who's logging on. The authentication service issues a session key to the client and to the service the client wants to access.
Term
Asymmetric Encryption
Definition
A type of encryption (such as public key encryption) that uses a different key for encoding data than is used for decoding the ciphertext.
Term
Authentication protocol
Definition
A set of rules that governs how servers clients. Several types of authentication protocols exist.
Term
Authenticator
Definition
In Kerberos authentication, the user's time stamp encrypted with the session key. The authenticator is used to help the service verify that a user's ticket is valid.
Term
Biorecognition Access
Definition
A method of authentication in which a device scans an individual's unique physical characteristics (such as the color patterns in her iris or the geometry of her hand) to verify the user's identity.
Term
Brute Force Attack
Definition
AN attempt to discover an encryption key or password by trying numerous possible character combinations. Usually, brute force attack is performedrapidly by a program designed for that purpose.
Term
CA
Certificate Authority
Definition
An organization that issues and maintains digital certificates as part of the public-Key infrastructure.
Term
Challenge
Definition
A random string of text issued from one computer to another in some form of authentication. It is used, along with the password (or other credential), in a response to verify the computer's credentials.
Term
CHAP
Challenge Handshake Authentication protocol
Definition
AN authentication protocol that operates over PPP and that requires the authenticator to take the first step by offering the other computer a challenge. The requestor responds by combining the challenge with its password, encrypting the new string of characters and sending it to the authenticator. The authenticator matches to see if the requestor's encrypted string text matches its own encrypted string of characters. If so, the requestor is authenticated and granted access to secured resources.
Term
Ciphertext
Definition
The unique data block that results when a signal piece of data (such as text) is encrypted (for example, by using a key).
Term
Client_hello
Definition
In the context of SSL encrytpion, a message issued from the client to the server that contains information about what level of security the client's browser is capable of accepting and what ype of encryption the client's browser can decipher (for example, RSA or Diffie-Hellman). This message also establishes a randomly generated number that uniquely identifies the client, plus another number that identifies the SSL session.
Term
Content-Filtering Firewall
Definition
A firewall that can block designated types of traffic from entering a protected network.
Term
Denial-of-service-Attack
Definition
A security attack in which a system becomes unable to function because it has been inundated with requests for services and can't respond to any of them. As a result, all data transmissions are disrupted.
Term
DES
Data Encryption Standard
Definition
A popular private key encryption technique that was developed by IBM in the 1970's.
Term
Dictionary Attack
Definition
A technique in which attackers run a program that tries a combination of a known user ID and, for a password, every word in the dictionary to attempt to gain access to a network.
Term
Diffie-Hellman
Definition
The firts commonly used public, or asymmetric, key algorithm. Diffie-Hellman was released in 1975 by its creators, Whitfield Diffie and Martin Hellman.
Term
Digital Certificate
Definition
A password protected and encrypted file that holds an individuals identification information, including a public key and a private key. The individuals public key is used to verify the sender's digital signature, and the private key allows the individual to log on to a third party authority who administers these.
Term
DMZ
Demilitarized Zone
Definition
The perimeter of a protected, internal network where users, both authorized and unauthorized , from external netwrks can attempt to access it. Firewalls and IDS/IPS systems are typically placed in the DMZ.
Term
DNS Spoofing
Definition
A security attack in which an outsider forges name server records to falsify his host's identity.
Term
EAP
Extensible Authentication Protocol
Definition
A data link layer protocol defined by the IETF that specifies the dynamic distribution of encryption keys and a pre-authentication process in which a client and serer exchange data via intermediate node (for example, an access point on a wireless LAN). Only after they have mutually authenticated can the client and server exchange encrypted data. This can be used with multiple authentication and encryption schemes.
Term
Encryption
Definition
The use of an algorithm to scramble data into a format that can be read only by reversing the algorithm-decrypting the data-to keep the information private. The most popular kind of encryption algorithm weaves a key into the original data's bits, sometimes several times in different sequences, to generate a unique data block.
Term
Encryption Devices
Definition
Computers or specialized adapters inserted into other devices, such as routers or servers, that perform encryption.
Term
ESP
Encapsulated Security Payload
Definition
In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. In addition, this also encrypts the entire IP packet for added security.
Term
Evil Twin
Definition
An exploit in which a rogue access point masquerades as a legitimate access point, using the same SSID and potentially other identical settings.
Term
Exploit
Definition
In the context of network security, the means by which a hacker takes advantage of a vulnerability.
Term
Flashing
Definition
A security attack in which an internet user sends commands to another Internet user's machine that the screen to fill with garbage characters. A flashing attack causes the user to terminate her session.
Term
FTP Bounce
Definition
A security exploit in which an FTP client specifies a different host's IP address and port number for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code. to thwart FTP bounce attacks, most modern FTP servers will not issue data to hosts other than the client that originated the request.
Term
Hacker
Definition
Traditionally, a person who masters the inner workings of operating systems and utilities in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent.
Term
Handshake Protocol
Definition
One of several protocols within SSL, and perhaps the most significant. As its name implies, allows the client and server to authenticate (or introduce) each other and establishes terms for how they securely exchange data during an SSL session.
Term
HIDS
Host Based intrusion detection
Definition
A type of intrusion detection that runs on a single computer, such as a client or server, that has access to and allows access from the Internet.
Term
HIPS
Host based Intrusion prevention
Definition
A type of intrusion prevention that runs on a single computer, such as a client or server, that has access to and allows access from the Internet.
Term
Honeynet
Definition
A network of honeypots
Term
Honeypot
Definition
A decoy system isolated from legitimate systems and designed to be vulnerable to security exploits for the purposes of learning more about hacking techniques or nabbing a hacker in the act.
Term
Host-Based Firewall
Definition
A firewall that only protects the computer on which it's installed.
Term
HTTPS
HTTP Over Secure Sockets Layer
Definition
The URL prefix that indicates that a web page requires its data to be exchanged between client and server using SSL encryption. This uses the TCP port number 443.
Term
IDS
Intrusion Detection System
Definition
A dedicated device or software running on a host that monitors, flags, and logs any unauthorized attempt to access an organization's secured resources on a network or host.
Term
IKE
Internet Key Exchange
Definition
The first phase of IPsec authentication, which accomplishes key management. This is a service that runs on UDP port 500. After this has established the rules for the type of keys two nodes use, IPsec invokes its second phase, encryption.
Term
IPS
Intrusion Prevention System
Definition
A dedicated device or software running on a host that automatically reacts to any unauthorized attempt to access an organization's secured resources on a network or host. This is often combined with IDS.
Term
IPSec
Internet Protocol Security
Definition
A layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. This is an enhancement to IPv4 and is native yo IPv6. IPSec is unique among authentication methods in that it adds security information tot he header of all the IP packets.
Term
IP Spoofing
Definition
A security attack in which an outsider obtains internal IP addresses and then uses those addresses to pretend that he has the authority to access a private network from the Internet.
Term
ISAKMP
Internet security Association and Key Management Protocol
Definition
A service for setting policies to verify the identity and the encryption methods nodes will use in IPSec transmission.
Term
KDC
Key distribution center
Definition
In Kerberos terminology, the server that runs the authentication service and the ticket Granting service to issue keys and tickets to clients.
Term
Kerberos
Definition
A cross platform authentication protocol that uses key encryption to verify the identity of clients and to securely exchange information after a client logs on to a system. It is an example of a private key encryption service.
Term
Key
Definition
A series of characters that si combined with a block of data during the data's encryption. To decrypt the resulting data, the recipient must also possess the key.
Term
Key Management
Definition
The method whereby two nodes using key encryption agree on common parameters for the keys they will use to encrypt data.
Term
Key Pair
Definition
The combination of public and private key used to decipher data that was encrypted using public key encryption.
Term
Mani-In-The-Middle-Attack
Definition
A security threat that relies on intercepted tranmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit.
Term
Metasploit
Definition
A penetration testing tool that combines known scanning techniques and exploits to result in potentially new types of exploits.
Term
MS-CHAP
Microsoft Challenge Handshake Authentication Protocol
Definition
An authentication protocol provided with Windows operating system that uses a three way handshake to verify a client's credentials and encrypts passwords with a challenge text.
Term
MS-CHAPv2
Microsoft Challenge handshake Authentication Protocol, version 2
Definition
An authentication protocol provided with Windows operating systems that follows the CHAP model, but uses stronger encryption, uses different encryption keys for transmission and reception, and requires mutual authentication between two computers.
Term
Multifactor Authentication
Definition
An authentication process that requires the client to provide two or more pieces of information, such as a password, fingerprint scan, and security token.
Term
Mutual Authentication
Definition
An authentication scheme in which both computers verify the credentials of each other.
Term
Nessus
Definition
A pentration testing tool from Tenable Security that performs sophisticated scans to discover information about hosts, ports, services, and software.
Term
Network-Based Firewall
Definition
A firewall configured and positioned to protect an entire network.
Term
Network key
Definition
A key ( or character string) required for a wireless station to associate with an access point using WEP.
Term
NIDS
Network Based intrusion detection
Definition
A type of intrusion detection that occurs on devices that are situated at the edge of the network or that handle aggregated traffic.
Term
NMAP
Network Mapper
Definition
A scanning tool designed to assess large networks quickly and provide comprehensive, customized information about a network and its hosts. NMAP, which runs on virtually any modern operating system, is available for download at no cost.
Term
OpenSSH
Definition
An open source version of the SSH suite of protocols.
Term
Packet-Filtering Wall
Definition
A router that examines the header of every packet of data that it receives to determine whether that type of packet is authorized to continue to its destination. Packet filtering firewalls are also called screening firewalls.
Term
PAP
Password Authentication Protocol
Definition
A simple authentication protocol that operates over PPP, using this a client issues its credentials in a request to authenticate and the server responds with confirmation or denial of authentication after comparing the credentials with those in its database. This is not very secure and is therefore rarely used on modern networks.
Term
PGP
Pretty Good Privacy
Definition
A key based encryption system for e-mial that uses a two step verification process.
Term
Phishing
Definition
A practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.
Term
PKI
Public Key Infrastructure
Definition
The use of certificate authorities to associate public keys with certain users.
Term
Port Authentication
Definition
A technique in which a client's identity is verified by an authentication server before a port, whether physical or logical, is opened for the client's layer 3 traffic.
Term
Port Forwarding
Definition
The process of redirecting traffic from its normally assigned port to a different port, either on the client or server. In the case of using SSH, this can send data exchanges that are normally insecure through encrypted tunnels.
Term
Port Mirroring
Definition
A monitoring technique in which one port on a switch is configured to send a copy of all its traffic to a second port.
Term
Port Scanner
Definition
Software tat searches a server, switch, router, or other device for open ports, which can be vulnerable to attack.
Term
Posture Assessment
Definition
An assessment of an organizations security vulnerabilities. This should be performed at least annually and preferably quarterly-or sooner if the network has undergone significant changes. for each risk found, it should rate the severity of a potential breach, as well as its likelihood.
Term
Principal
Definition
In Kerberos terminology, a user or client
Term
Private Key Encryption
Definition
A type of key encryption in which the sender and receiver use a key to which only they have access. DES (Data encryption Standard), which was developed by IBM in the 1970's, is a popular example of a private key encryption technique. private key encryption is also known as symmetric encryption.
Term
Proxy Server
Definition
A network host that runs on a proxy service. They may also be called gateways.
Term
Proxy Service
Definition
A software application on a network host that acts as an intermediary between the external and the internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the address of internal LAN devices.
Term
Public Key Encryption
Definition
A form of key encryption in which data is encrypted using two keys. One is a key known only to a user,a nd the other is a key associated with the user and that can be obtained from a public source, such as a public key server. Some examples of this include RSA and Diffie-hellman. This is also known as asymmetric encryption.
Term
Public Key Server
Definition
A publicly available host (such as an internet host) that provides free access to a list of user's public keys (for use in public key encryption).
Term
RADIUS
Remote Authentication Dial-In User Service
Definition
A popular protocol for providing centralized AAA (authentication, authorization, and accounting)for multiple users. RADIUS runs over UDP and can use one of several authentication protocols.
Term
RADIUS Server
Definition
A server that offers centralized authentication services to a network's access server, VPN server, or wireless access point via the RADIUS Protocol.
Term
RC4
Definition
An asymmetric key encryption technique that weaves a key with data multiple times as a computer issues the stream of data. RC4 keys can be as long as 2048 bits. In addition to being highly secure, this is is fast.
Term
RSA
Definition
An encryption algorithm that creates a key by randomly choosing two large prime numbers and multiplying them together. RSA is named after its creators, Ronald Rivest, Adi Shamir, and Leonard Adleman. This was first released in 1977, but remains popular today for e-commerce transactions.
Term
SCP
Secure Copy
Definition
A method for copying files securely between hosts. SCP is part of the OpenSSH package, which comes with modern UNIX and Linux operating systems. third party SCP applications are available for Windows based computers.
Term
Security Audit
Definition
An assessment of an organizations security vulnerabilities performed by an accredited network security firm.
Term
Security Policy
Definition
A document or plan that identifies an organizations security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee. In addition, it specifies how to address security breaches.
Term
Security token
Definition
Adevice or piece of software used for authentication that stores or generates information such as a series of numbers or letters, known only to its authorized user.
Term
Server_hello
Definition
In the context of SSL encryption, a message issued from the server to the client that confirms the information the server received in the client_hello message. It also agrees to certain terms of encryption based on the options the client supplied. Depending on the Web server's preferred encryption method, the server may choose to issue your browser a public key or a digital certificate at this time.
Term
Session key
Definition
In the context of Kerberos authentication, a key issued to both the client and the server by the authentication service uniquely identifies their session.
Term
SFTP
Secure File Transfer protocol
Definition
A protocol available with the proprietary version of SSH that copies files between hosts securely. like FTP, this first establishes a connection with a host and then allows a remote user to browse directories, list files, and copy files. Unlike FTP, this encrypts data before transmitting it.
Term
Single-Sign-on
Definition
A form of authentication in which a client signs on once to access multiple systems or resources.
Term
Smurf Attack
Definition
A threat to networked hosts in which the host is flooded with broadcast ping messages. This attack is a type of denial-of-service attack.
Term
Social Engineering
Definition
The act of manipulating personal relationships to circumvent network security measures and gain access to a system.
Term
SSH
Secure Shell
Definition
A connection utility that provides authentication and encryption. With this, you can securely log on to a host, execute commands on that host, and copy files to or from that host. This encrypts data exchanged throughput the session.
Term
SSL
Secure Sockets Layer
Definition
A method of encrypting TCP/IP transmissions-including Web pages and data entered into Web forms-en route between the client and server using public key encryption technology.
Term
SSL Session
Definition
In the context of SSL encryption, an association between the client and server that is defined by an agreement on a specific set of encryption techniques. An SSL session allows the client and server to continue to exchange data securely as long as the client is still connected to the server. SSL sessions are established by the SSL handshake protocol.
Term
Stateful firewall
Definition
A firewall capable of monitoring a data stream from end to end.
Term
Stateless Firewall
Definition
A firewall capable only examining packets individually. These firewalls perform more quickly than stateful firewalls, but are not as sophisticated.
Term
Symmetric Encryption
Definition
A method of encryption that requires the same key to encode the data as is used to decode the ciphertext.
Term
TACACS+
Terminal Access Controller Access Control System Plus
Definition
A Cisco proprietary protocol for AAA. Like radius, this may use one of many authentication protocols. Unlike Radius, this relies on TCP at the network layer and allows for separation of the AAA services.
Term
TGS
Ticket Granting Service
Definition
In Kerberos terminology, an application that runs on the KDC that issues this to clients so that they need not request a new ticket for each new service they want to access.
Term
Three-way handshake
Definition
An authentication process that involves three steps.
Term
Ticket
Definition
In kerberos terminology, a temporary set of credentials that a client uses to prove that its identity has been validated by the authentication service.
Term
TKIP
Temporal Key Integrity Protocol
Definition
An encryption key generation and management scheme used by 802.11i.
Term
TLS
Transport Layer Protocol
Definition
Aversion of SSL being standardized by the IETF. With this, the IETF aims to create a version of SSL that encrypts slightly different encryption algorithms than SSL, but otherwise is very similar to the most recent version of SSL.
Term
Triple DES
3DES
Definition
The modern implementation of DES, which weaves a 56 bit key through data three times, each time using a different key.
Term
Two Factor Authentication
Definition
A process in which clients must supply two pieces of information to verify their identity and gain access to a system.
Term
VPN Concentrator
Definition
A specialized device that authenticates VPN clients and establishes tunnels for VPN connections.
Term
Vulnerability
Definition
A weakness of a system, process, or architecture that could lead to comprised information or unauthorized access to a network.
Term
War Chalking
Definition
The use of chalk to draw symbols on a sidewalk or wall within range of an access point. the symbols, patterned after that hobos devised to indicate hospitable places for food or rest, indicate the access point's SSID and whether it's secured.
Term
War Driving
Definition
The act of driving while running a laptop configured to detect and capture wireless data transmissions.
Term
WEP
Wired Equivalent Privacy
Definition
A key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit.
Term
WEP Cracking
Definition
A security exploit in which a hacker uses a program to discover this key.
Term
WI-FI Alliance
Definition
An international, non-profit organization dedicated to ensuring the interoperability of 802.11-capable devices.
Term
WPA
Wi-FI Protected Access
Definition
A wireless security method endorsed by the WI-FI Alliance that is considered a subset of the 802.11i standard. In this, authentication follows the same mechanism specified in 802.11i. The main difference between this and 802.11i is that this specifies RC4 encryption rather than AES.
Term
WPA2
Definition
The name given to the 802.11i security standard by the WI-FI Alliance. The only difference between this and 802.11i is that this includes support for the older security method.
Term
WPA2-Enterprise
Definition
An authentication scheme for WI-FI networks that combines WPA2 with RADIUS.
Term
WPA Cracking
Definition
A security exploit in which a hacker uses a program to discover a WPA Key.
Term
WPA-Enterprise
Definition
An authentication scheme for WI-FI- networks that combines WPA with RADIUS.
Term
Zero Day Exploit
Definition
An exploit that takes advantage of a software vulnerability that has not yet become public, and is known only to the hacker who discovered it. This exploits are particularly dangerous, because the vulnerability is exploited before the software developer has the opportunity to provide a solution for it.
Supporting users have an ad free experience!