Term
|
Definition
| An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to failopen mode. |
|
|
Term
|
Definition
| When a switch broadcasts data on all ports the way a hub does. |
|
|
Term
|
Definition
Content Addressable Memory Table
A table that is in a switch’s memory that contains ports and their corresponding MAC addresses. |
|
|
Term
|
Definition
Network Address Translation
The process of changing an IP address while it is in transit across a router. This is usually so one larger address space (private) can be remapped to another address space, or single IP address (public). |
|
|
Term
|
Definition
Static Network Address Translation
When a single private IP address translates to a single public IP address. This is also called one-to-one mapping. |
|
|
Term
|
Definition
Port Address Translation
Like NAT, but it translates both IP addresses and port numbers. |
|
|
Term
|
Definition
Demilitarized Zone
A special area of the network (sometimes referred to as a subnetwork) that houses servers that host information accessed by clients or other networks on the Internet. |
|
|
Term
|
Definition
| A type of DMZ where a firewall has three legs that connect to the LAN, Internet, and the DMZ. |
|
|
Term
|
Definition
| A type of DMZ where the DMZ is located between the LAN and the Internet. |
|
|
Term
|
Definition
Network Access Control
Sets the rules by which connections to a network are governed. |
|
|
Term
|
Definition
| A way of offering on-demand services that extend the capabilities of a person’s computer or an organization’s network. |
|
|
Term
|
Definition
Software as a Service
A cloud computing service where users access applications over the Internet that are provided by a third party. |
|
|
Term
|
Definition
Infrastructure as a Service
A cloud computing service that offers computer networking, storage, load balancing, routing, and VM hosting. |
|
|
Term
|
Definition
Platform as a Service
A cloud computing service that provides various software solutions to organizations especially the ability to develop applications without the cost or administration of a physical platform. |
|
|
Term
|
Definition
Virtual Local Area Network Hopping
The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another. |
|
|
Term
|
Definition
| The act of scanning telephone numbers by dialing them one at a time and adding them to a list, in an attempt to gain access to computer networks. |
|
|
Term
|
Definition
Transmission Control Protocol Reset Attack
Sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately. |
|
|
Term
|
Definition
| Denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource. For example, when a device denies all traffic unless a rule is made to open the port associated with the type of traffic desired to be let through. |
|
|
Term
|
Definition
Transmission Control Protocol/Internet Protocol Hijacking
When a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access. |
|
|
Term
|
Definition
Man-in-the-Middle Attack
A form of eavesdropping that intercepts all data between a client and a server, relaying that information back and forth. |
|
|
Term
|
Definition
Cross-Site Scripting
A type of vulnerability found in web applications used with session hijacking. |
|
|
Term
|
Definition
Denial of Service
A broad term given to many different types of network attacks that attempt to make computer resources unavailable. |
|
|
Term
|
Definition
| A ping flood, also known as an ICMP flood attack, is when an attacker attempts to send many ICMP echo request packets (pings) to a host in an attempt to use up all available bandwidth. |
|
|
Term
|
Definition
| A type of DoS that sends large amounts of ICMP echoes, broadcasting the ICMP echo requests to every computer on its network or subnetwork. The header of the ICMP echo requests will have a spoofed IP address. That IP address is the target of the Smurf attack. Every computer that replies to the ICMP echo requests will do so to the spoofed IP. |
|
|
Term
|
Definition
| A type of DoS similar to the Smurf attack, but the traffic sent is UDP echo traffic as opposed to ICMP echo traffic. |
|
|
Term
|
Definition
Permanent DoS Attack
Generally consists of an attacker exploiting security flaws in routers and other networking hardware by flashing the firmware of the device and replacing it with a modified image. |
|
|
Term
|
Definition
Ping of Death
A type of DoS that sends an oversized and/or malformed packet to another computer. |
|
|
Term
|
Definition
| An attack that works by creating a large number of processes quickly to saturate the available processing space in the computer’s operating system. It is a type of wabbit. |
|
|
Term
|
Definition
| A type of DoS where an attacker sends a large amount of SYN request packets to a server in an attempt to deny service. |
|
|
Term
|
Definition
| A type of DoS that sends mangled IP fragments with overlapping and oversized payloads to the target machine. |
|
|
Term
|
Definition
Distributed Denial of Service
An attack in which a group of compromised systems attack a single target, causing a DoS to occur at that host, usually using a botnet. |
|
|
Term
|
Definition
| When an attacker masquerades as another person by falsifying information. |
|
|
Term
|
Definition
| The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. |
|
|
Term
|
Definition
| An attack in which valid data transmission is maliciously or fraudulently repeated or delayed. |
|
|
Term
|
Definition
| A random number issued by an authentication protocol that can only be used once. |
|
|
Term
|
Definition
| When used by an attacker, a malicious connection to the Windows interprocess communications share (IPC$). |
|
|
Term
|
Definition
| The process of deleting a domain name during the five-day grace period (known as the add grace period or AGP) and immediately reregistering it for another five-day period to keep a domain name indefinitely and for free. |
|
|
Term
|
Definition
Domain Name System Poisoning
The modification of name resolution information that should be in a DNS server’s cache. |
|
|
Term
|
Definition
| When an attacker redirects one website’s traffic to another bogus and possibly malicious website by modifying a DNS server or hosts file. |
|
|
Term
|
Definition
Address Resolution Protocol
An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination. |
|
|
Term
|
Definition
User Datagram Protocol Attack
A similar attack to the Fraggle. It uses the connectionless User Datagram Protocol. It is enticing to attackers because it does not require a synchronization process. |
|
|
