Week 2-3

avatar
Created by
Daniel Shogun

Cards (44)

  • Confidentiality - Prevent unauthorized users from gaining information about the network
  • Availability - Users has access to information services and network resources.
  • Functionality - Preventing attackers from altering the capabilities, or normal operation of the network
  • Access Control - It keep attackers, or unauthorized employees, from accessing internal resources.
  • Death of the Perimeter - It is a phrase used by network administrators to convey the idea that creating a 100 percent network is impossible.
  • The Castle Model - It is a network defense had the good guys on the inside and the attackers on the outside
  • The City Model - It has no distinct perimeter, and there are multiple ways of entering the network. These are much more complex than the security requirements for a castle.
  • Intrusion Detection System - It is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered.
  • Virtual LAN - It is a logical overlay network that groups together a subset of devices that share a physical LAN, isolating the traffic for each group.
  • Central Authentication Service - It is a single sign-on protocol for the web and its purpose is to permit a user to access multiple applications while providing their credentials only once.
  • Encrypted Internal Traffic - Encryption is a data security practice that converts normal, readable information intro an unintelligible cypher.
  • Denial-of-Service Attack - This attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets.
  • Direct DOS Attack - It occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer.
  • Indirect DOS Attack - It tries to flood the victim computer in the same way, but the attacker's IP adress is spoofed and the attack appears to come from another computer.
  • Intermediary - It typically referred to as bots, are actually compromised hosts running malware controlled by the attacker
  • The DOS Attack begins when the botmaster, the attacker who controls the bots, sends a signal for the bots to attack the victim
  • Botnet - It is a network of infected computer that work together to carry out an attacker's goals.
  • Handlers - These are an additional layer of compromised hosts that are used to manage large groups of bots.
  • Handlers sometimes known as command-and-control-servers , make coordinating an attack easier and less conspicuous.
  • Reflected Attack - It uses responses from legitimate services to flood a victim
  • Smurf Flood - It is a variation of a reflected attack that takes advantage of an incorrectly configured network device to flood a victim.
  • Sending Malformed Packets - It used by attackers to send mal formed packets that will cause the victim to crash
  • Ping of Death - It uses an illegaly large IP packet to crash the victim's operating system and it is rarely used anymore.
  • Flooding - It work by sending a vast number of message whose processing consumes some key resourse at the target
  • Spoofing - The direct attacks are rare and attackers do not likely to directly attack victims because their source IP address is shown on all incoming packet. They hid their IP address.
  • Backscatter - It is a side effect of an attacker spoofing an IP address. it occurs when a victim sends responses to the spoofed IP address used by the attacker, and inadvertently floods an unintended victim.
  • SYN - It is a TCP packet sent to another computer requesting that a connection be established between them.
  • SYN-ACK - It is a message from the server back to the client
  • SYN Flood - A victim is flooded with SYN packets is an attempt to make many half-open TCP connections.
  • Ping Flood - A victim is flood with ICMP packets also known as echo requests that appear to be normal supervisory traffic.
  • HTTP Flood - A victim, typically a webserver, is flooded with application layer web requests.
  • Black Holing - Dropping all IP packets from an attacker and it is not a good long term stragery because attackers can quickly change source IP addresses.
  • Validating the Handshake - Some firewalls adress SYN floods by pre-validating the TCP handshake
  • Validating the Handshake - This is done by creating false opens. Whenever a SYN segment arrives, the firewall itself sends back a SYN/ACK segment, without passing the SYN segmenet on to the target server.
  • Rate Limiting - For more subtle DoS attacks, it can be used to reduce a certain type of traffic to a reasonable amount
  • Address Resolution Protocol - It is a protocol that enables network communications to reach specific device on the network. It translates to a Media Access Control.
  • ARP Poisoning - It is a man in the middle attack that allows attackers to intercept communication between network devices.
  • Access Control for Networks - LANs within corporate sites also require additional protection to ensure confidentiality of data as it is sent across internal networks.
  • Access Control Threats - Wireless LANs have even deeper access threats than wired LANs and an intruder can connect by radio to an unprotected wireless access point.
  • Drive-by Hacker - They can sit in a car outsited the corporate walls. With a high-gain antenna, in fact, the intruder can be far enough away to be invisible from the building