Ceh Final Homemade Flash Cards 3x5

8/8/2019 Ceh Final Homemade Flash Cards 3x5

http://slidepdf.com/reader/full/ceh-final-homemade-flash-cards-3x5 1/583

802.11 standard



The generic name of a family of protocols and standards

used for wireless networking .These standards define the rules for communication .Some, such as 802.11i, are relatively new, whereasothers, such as 802.11a, have been established for

sometime .



802.11i standard



An amendment to the 802.11 standard .802.11i uses Wi-Fi Protected Access (WPA) and

Advanced Encryption Standard (AES) as a replacementfor RC4 encryption .



Acceptable use policy (AUP)



A policy that defines what employees, contractors, andthird parties can and cannot do with the organization's IT

infrastructure and its assets . AUPs are common for access to IT resources, systems,applications, Internet access, email access, and so on .



Access control lists



An access control list (ACL) is a table or list stored by arouter to control access to and from a network by helpingthe device determine whether to forward or drop packets

that are entering or exiting it .



Access creep



Access creep is the result of employees moving from oneposition to another within an organization without losingthe privileges of the old position and at the same time

gaining the additional access privileges of the newposition .

Therefore over time, the employee builds up much moreaccess than he should have .



Access point spoofing



The act of pretending to be a legitimate access point withthe purpose of tricking individuals to pass traffic by the

fake connection so that it can be captured and analyzed .



Accountability



The traceability of actions performed on a system to aspecific system entity or user .



Active fingerprint



An active method of identifying the operating system (OS)of a targeted computer or device that involves injecting

traffic into the network .



Activity blocker



Alerts the user to out of the ordinary or dangerouscomputer operations, but also it can block their activity .



Address resolution protocol (ARP)



Protocol used to map a known Internet Protocol (IP)address to an unknown physical address on the local

network . As an example, IPv4 uses 32-bit addresses,whereas Ethernet uses 48-bit media access control (MAC)

addresses . The ARP process is capable of taking theknown IP address that is being passed down the stackand using it to resolve the unknown MAC address bymeans of a broadcast message . This information is

helpful in an ARP cache .



Ad hoc mode



An individual wireless computer in ad hoc operation modeon a wireless LAN (WLAN) can communicate directly toother client units . No access point is required . Ad hocoperation is ideal for small networks of no more than two

to four computers .



Adware



A software program that automatically forces pop-upwindows of Internet marketing messages to users'

browsers on their workstation devices Adware is differentfrom spyware in that adware does not examine a user's

individual browser usage and does not examine thisinformation on a user's browser .



Algorithm



A mathematical procedure used for solving a problem .Used for the encryption and decryption of information and

data .



Annualized loss expectancy (ALE)



The ALE is an annual expected financial loss to anorganization's IT asset because of a particular threat being

realized within that same calendar year . Single lossexpectancy (SLE) x annualized rate of occurrence (ARO)

= ALE .



Anomaly detection



A type of intrusion detection that looks at behaviors thatare not normal or within standard activity . These unusualpatterns are identified as suspicious . Anomaly detection

has the capability of detecting all kinds of attacks,including ones that are unknown . Its vulnerability is that it

can produce a high rate of false positives .



Appenders



A virus infection type that places the virus code at the endof the infected file .



Assessment



An evaluation and/or valuation of IT assets based onpredefined measurement or evaluation criteria . This

typically requires an accounting or auditing firm to conductan assessment, such as a risk or vulnerability assessment

.



Asset



Anything of value owned or possessed by an individual or business .



Asymmetric algorithm





Audit



A professional examination and verification performed byeither an independent party or internal team to examine acompany's accounting documents and supporting data .

Audits conform to a specific and formal methodology andspecify how an investigation is to be conducted with

specific reporting elements and metrics being examined(such as a financial audit according to Public Accounting

and Auditing Guidelines and Procedures) .



Authentication



A method that enables you to identify someone . Authentication verifies the identity and legitimacy of the

individual to access the system and its resources.Common authentication methods include passwords,

tokens, and biometric systems .



Authorization



The process of granting or denying access to a networkresource based on the user's credentials .



Availability



Ensures that the systems responsible for delivering,storing, and processing data are available and accessibleas needed by individuals who are authorized to use the

resources .



Backdoor





Back orifice





Base64



A coding process used to encode data in some emailapplications . Because it is not true encryption, it can be

easily broken .



Baseline



A consistent or established base that is used to build aminimum acceptable level of security .





A method of verifying a person's identify for authenticationby analyzing a unique physical attribute of the individual,

such as a fingerprint, retinal scanning, or palm print .



Blackbox testing





Block cipher



An encryption scheme in which the data is divided intofixed-size blockseach of which is encrypted independently

of the others .



Blowfish



Blowfish was designed as a replacement for DES or IDEA. Since its release in 1993, it has been gaining

acceptance as a fast strong encryption standard . It takesa variable length key that can range from 32 to 448 bits .



Bluejacking



The act of sending unsolicited messages, pictures, or information to a Bluetooth user .



Bluesnarfing



The theft of information from a wireless device throughBluetooth connection .



Bluetooth





Bollards







A term used to describe robot-controlled workstations thatare part of a collection of other robot-controlled

workstations . These have been created with a Trojan for the purpose of starting up an IRC client and connecting to

an IRC server . Once connected, these devices canlaunch huge amounts of spam or even cause a denial of

service against the IRC server .



Brain virus









Buffer









Business continuity planning



A system or methodology to create a plan for how anorganization will resume partially or completely interrupted

critical functions within a predetermined time after adisaster or disruption occurs . The goal is to keep critical

business functions operational .



Business impact analysis (BIA)



A component of the business continuity plan . The BIAlooks at all the components that an organization relies onfor continued functionality . It seeks to distinguish which

are more crucial than others and requires a greater allocation of funds in the wake of a disaster .



Catastrophe













Challenge handshake authentication protocol (CHAP)



A secure method for connecting to a system . CHAP is a form of authentication that functions by using

an authentication agent, usually a network server, to sendthe client an ID value and a random value that is used

only one time . Both the server and client share apredefined secret . The client concatenates the randomvalue, which is usually called a nonce, the ID, and the

secret and calculates a one-way hash using MD5 . Thisresulting hash value is sent to the server, which builds the

same string and compares the result with the valuereceived from the client . If the values match, the peer is

authenticated .





Plain text or cleartext is what you have before encryption,and ciphertext is the encrypted result that is scrambled

into an unreadable form .





The point at which an alarm threshold or trigger occurs. As an example, a clipping level of three logon attempts

might be set . After three attempted logons, you arelocked out. Therefore, the clipping level was three .



Cloning





Closed-Circuit Television (CCTV)









CNAMES













Combination locks





Computer emergency response team (CERT)





Confidentiality







An agreement that employees, contractors, or third-partyusers must read and sign before being granted access

rights and privileges to the organization's IT infrastructureand its assets .



Contingency planning



The process of preparing to deal with calamities and non-calamitous situations before they occur so that the effects

are minimized .



Cookies





Copyright



The legal protection given to authors or creators thatprotects their expressions on a specific subject from

unauthorized copying . It is applied to books, paintings,movies, literary works, or any other medium of use .





Internal controls designed to resolve problems soon after they arise .



Covert channel



An unintended communication path that enables aprocess to transfer information in such a way that violates

a system's security policy .





A term derived from "criminal hacker," indicating someonewho acts in an illegal manner .



Criminal law



Laws pertaining to crimes against the state or conductdetrimental to society . These violations of criminal

statues are punishable by law and can include monetarypenalties and jail time .



Criticality



The quality, state, degree, or measurement of the highestimportance .



Crossover error rate (CER)



The CER is a comparison measurement for different bio-metric devices and technologies to measure their accuracy . The CER is the point at which False

Acceptance Rate (FAR) and False Rejection Rate (FRR)are equal, or cross over. The lower the CER, the more

accurate the biometric system .



Cryptographic key



The piece of information that controls the cryptographicalgorithm . The key specifies how the cleartext is turnedinto ciphertext or vice versa . For example, a DES key is

a 64-bit parameter consisting of 56 independent bits and 8bits that are used for parity .



Data Encryption Standard (DES)





Defense in depth



The process of multilayered security . The layers can beadministrative, technical, or logical . As an example of logical security, you might add a firewall, encryption,

packet filtering, IPSec, and a demilitarized zone (DMZ) tostart to build defense in depth .



Demilitarized zone (DMZ)



The middle ground between a trusted internal network andan untrusted, external network . Services that internal and

external users must use are typically placed there, suchas HTTP .



Denial of service (DoS)



The process of having network resources, services, andbandwidth reduced or eliminated because of unwanted or

malicious traffic . This attack's goal is to render thenetwork or system non-functional . Some examples

include ping of death, SYN flood, IP spoofing, and Smurf attacks .



Destruction



Destroying data and information or depriving informationfrom the legitimate user .



Detective controls



Controls that identify undesirable events that haveoccurred .



Digital certificate



Usually issued by trusted third parties, a digital certificatecontains the name of a user or server, a digital signature,a public key, and other elements used in authentication

and encryption .X.509 is the most common type of digital certificate .





An electronic signature that can be used to authenticatethe identity of the sender of a message . It is created by

encrypting a hash of a message or document with aprivate key . The message to be sent is passed through ahashing algorithm; the resulting message digest or hash

value is then encrypted using the sender private key .



Digital watermark



A technique that adds hidden copyright information to adocument, picture, or sound file . This can be used toallow an individual working with electronic data to add

hidden copyright notices or other verification messages todigital audio, video, or image signals and documents .



Disaster



A natural or man-made event that can include fire, flood,storm, and equipment failure that negatively affects an

industry or facility .



Discretionary access control (DAC)



An access policy that allows the resource owner todetermine access .



Distributed denial of service (DDoS)



Similar to denial of service (DoS), except that the attack islaunched from multiple, distributed agent IP devices .





A hierarchy of Internet servers that translate alphanumericdomain names into IP addresses and vice versa .

Because domain names are alphanumeric, it's easier toremember these names than IP addresses .



Droppers



A Trojan horse or program designed to drop a virus to theinfected computer and then execute it .





The standard of conduct taken by a reasonable andprudent person . When you see the term due care, thinkof the first letter of each word and remember "do correct"

because due care is about the actions that you take toreduce risk and keep it at that level .



Due diligence



The execution of due care over time . When you see theterm due diligence, think of the first letter of each word

and remember "do detect" because due diligence is aboutfinding the threats an organization faces . This is

accomplished by using standards, best practices, andchecklists .



Dumpster diving



The practice of rummaging through the trash of a potentialtarget or victim to gain useful information .



Eavesdropping



The unauthorized capture and reading of network traffic or other type of network communication device .



Echo reply



Used by the ping command to test networks . The secondpart of an Internet Control Message Protocol (ICMP) .

Ping, officially a type 0 .



Echo request



Makes use of an ICMP Echo request packet, which will beanswered to using an ICMP Echo Reply packet . The first

part of ICMP Ping, which is officially a type 8 .



EDGAR database



EDGAR is the Electronic Data Gathering, Analysis andRetrieval System used by the Securities and Exchange

Commission for storage of public company filings . It is apotential source of information by hackers .



Electronic Code Book (ECB)



A symmetric block cipher that is one of the modes of Dataencryption standard (DES) . ECB is considered the

weakest mode of DES . When used, the same plain-textinput will result in the same encrypted text output .



Electronic serial number



A unique ID number embedded in a cell phone by themanufacturer to minimize chance of fraud and to identify aspecific cell phone when it is turned on and a request to

join a cellular network is sent over the air .



Encryption



The science of turning plain text into cipher text .





This is the software license that software vendors createto protect and limit their liability, as well as hold thepurchaser liable for illegal pirating of the software

application . The EULA typically contains language thatprotects the software manufacturer from software bugs

and flaws and limits the liability of the vendor .



Enterprise vulnerability management



The overall responsibility and management of vulnerabilities within an organization and how that

management of vulnerabilities will be achieved throughdissemination of duties throughout the IT organization .



Ethical hack



A term used to describe a type of hack that is done to helpa company or individual identify potential threats on the

organization's IT infrastructure or network . Ethicalhackers must obey rules of engagement, do no harm, and

stay within legal boundaries .



Ethical hacker



A security professional who legally attempts to break in toa computer system or network to find its vulnerabilities .



Evasion



The act of performing activities to avoid detection .



Exploit



An attack on a computer system, especially one that takesadvantage of a particular vulnerability that the system

offers to intruders .



Exposure factor



This is a value calculated by determining the percentageof loss to a specific asset because of a specific threat . Asan example, if a fire were to hit the Houston data center that has an asset value of $250,000, it is believed thatthere would be a 50% loss or exposure factor . Adding

additional fire controls could reduce this figure .





A method of authentication that can support multipleauthentication methods, such as tokens, smart card,

certificates, and onetime passwords .



F Fail safe



In the logical sense, fail safe means the process of discovering a system error, terminating the process, andpreventing the system from being compromised . In the

physical realm, it could be that an electrical powered door relay remains in the locked position if power is lost .





This measurement evaluates the likelihood that abiometric access control system will wrongly accept an

unauthorized user .



False rejection rate (FRR)



This measurement evaluates the likelihood that abiometric access control system will reject a legitimate

user .



Fast infection





First in First Out (FIFO)



A method of data and information storage in which thedata stored for the longest time will be retrieved first .



File infector



A type of virus that copies itself into executable programs .



Finger



On some UNIX systems, finger identifies who is logged onand active and sometimes provides personal information

about that individual .



Firewall



Security system in hardware or software form that is usedto manage and control both network connectivity and

network services . Firewalls act as chokepoints for trafficentering and leaving the network, and prevent unrestricted

access . Firewalls can be stateful or stateless .



Flooding



The process of overloading the network with traffic so thatno legitimate traffic or activity can occur .



G Gap analysis



The analysis of the differences between two differentstates, often for the purpose of determining how to getfrom point A to point B; therefore, the aim is to look at

ways to bridge the gap . Used when performing auditsand risk assessments .



Gentle scan





Graphical Identification and Authentication (GINA)



Used by Microsoft during the login and authenticationprocess . GINA is a user-mode DLL that runs in the

Winlogon process and that Winlogon uses to obtain auser's name and password or smart card PIN .



Graybox testing



Testing that occurs with only partial knowledge of thenetwork or that is performed to see what internal users

have access to .



Guidelines



Much like standards, these are recommendation actionsand operational guides for users .



H Hardware keystroke logger



A form of key logger that is a hardware device . Onceplaced on the system, it is hard to detect without a

physical inspection .It can be plugged in to the keyboardconnector or built in to the keyboard .





A mathematical algorithm used to ensure that atransmitted message has not been tampered with . Aone-way algorithm which maps or translates one set of

bits into a fixed length value that can be used to uniquelyidentify data .







Heuristic scanning



A form of virus scanning that looks at irregular activity byprograms . As an example, a heuristic scanner would flaga word processing program that attempted to format the

hard drive, as that is not normal activity .



Honeypot



An Internet-attached server that acts as a decoy, luring inpotential hackers to study their activities and monitor how

they are able to break in to a system .



I Internet Assigned Number Authority (IANA)



A primary governing body for Internet networking . IANAoversees three key aspects of the Internet: top-level

domains (TLDs), IP address allocation, and port number assignments . IANA is tasked with preserving the centralcoordinating functions of the Internet for the public good.Used by hackers and security specialists to track down

domain owners and their contact details .



Identify theft



An attack in which an individual's personal, confidential,banking, and financial identify is stolen and compromised

by another individual or individuals . Use of your socialsecurity number without your consent or permission might

result in identify theft .



Impact



This term can be best defined as an attempt to identify theextent of the consequences should a given event occur .



Inference



The ability to deduce information about data or activities towhich the subject does not have access .





This form of attack relies on the attacker's ability to makelogical connections between seemingly unrelated pieces

of information .



Information technology security evaluation criteria(ITSEC)



A European standard that was developed in the 1980s toevaluate confidentiality, integrity, and availability of an

entire system .



Infrastructure mode



A form of wireless networking in which wireless stationscommunicate with each other by first going through an

access point .



Initial sequence number (ISN)



A number defined during a Transmission Control Protocol(TCP) startup session . The ISN is used to keep track of

how much information has been moved and is of particular interest to hackers, as the sequence number is used in

session hijacking attacks .



Insecure computing habits





Integrity



One of the three items considered part of the securitytriad; the others are confidentiality and availability .

Integrity is used to verify the accuracy and completenessof an item .



Internet control message protocol (ICMP)



Part of TCP/IP that supports diagnostics and error control. ICMP echo request and ICMP echo reply are subtypes of

the ICMP protocol used within the PING utility .



Intrusion detection



A key component of security that includes prevention,detection, and response . It is used to detect anomalies or

known patterns of attack .



Intrusion detection system (IDS)



A network-monitoring device typically installed at Internetingress/egress points used to inspect inbound and

outbound network activity and identify suspicious patternsthat might indicate a network or system attack fromsomeone attempting to break in to or compromise a

system .



Inverse SYN cookies



A method for tracking the state of a connection, whichtakes the source address and port, along with the

destination address and port, and then through a SHA-1hashing algorithm . This value becomes the initial

sequence number for the outgoing packet .



ISO 17799



A comprehensive security standard that is divided into 10sections . It is considered a leading standard and a code

of practice for information security management .



IPSec



Short for IP Security . An IETF standard used to secureTCP/IP traffic . It can be implemented to provide integrity

and confidentiality .



IT asset criticality



The act of putting a criticality factor or importance value(Critical, Major, or Minor) in an IT asset .



IT asset valuation



The act of putting a monetary value to an IT asset .



IT infrastructure



A general term to encompass all information technologyassets (hardware, software, data), components, systems,

applications, and resources .



IT security architecture and framework



A document that defines the policies, standards,procedures, and guidelines for information security .



K Key exchange protocol



A protocol used to exchange secret keys for the facilitationof encrypted communication .Diffie-Hellman is an example

of a key exchange protocol .



L Lehigh



An early file infector virus that only infected command.com. It didn't increase the size of the program, as it writes

information in slack space . It is a destructive virus in thatit destroys the disk when a counter reaches a specific

number of infections .



Level I assessments



This type of vulnerability assessment examines thecontrols implemented to protect information in storage,

transmission, or being processed . It involves no hands-on testing . It is a review of the process and procedures in

place and focuses on interviews and demonstrations .



Level II assessments



This type of assessment is more in depth than a level I .Level II assessments include vulnerability scans and

hands-on testing .



Level III assessments



This type of assessment is adversarial in nature and isalso known as a penetration test or red team exercise . Itis an attempt to find and exploit vulnerabilities . It seeks to

determine what a malicious user or outsider could do if intent on damaging the organization . Level III

assessments are not focused on documentation or simplevulnerable scans; they are targeted on seeking how

hackers can break into a network .



Last in First Out (LIFO)





Limitation of liability and remedies



A legal term that limits the organization from the amount of financial liability and the limitation of the remedies the

organization is legally willing to take on .



M MAC filtering



A method controlling access on a wired or wirelessnetwork by denying access to a device that has a MAC

address that does not match a MAC address in apreapproved list .



MacMag



An early example of an Apple-Mac virus . MacMagdisplays a message of universal peace when triggered .



Macro infector



A type of computer virus that infects macro files . I LoveYou and Melissa are both examples of macro viruses .



Man-in-the-middle attack



A type of attack in which the attacker can read, insert, andchange information that is being passed between two

parties, without either party knowing that the informationhas been compromised .



Man made threats



Threats that are caused by humans, such as hacker attack, terrorism, or destruction of property .



Mandatory access control (MAC)



A means of restricting access to objects based on thesensitivity (as represented by a label) of the information

contained in the objects and the formal authorization (suchas clearance) of subjects to access information of such

sensitivity .



Mantrap



A turnstile or other gated apparatus used to detain anindividual between a trusted state and an untrusted state

for authentication .



Master boot record infector



A virus that infects a master boot record .



The Matrix



A movie about a computer hacker who learns frommysterious rebels about the true nature of his reality and

his role in the Matrix machine .



A favorite movie of hackers! Media access control(MAC)



The hard-coded address of the physical layer device thatis attached to the network . In an Ethernet network, the

address is 48-bits or 6-bytes long .



MD5





Methodology



A set of documented procedures used for performingactivities in a consistent, accountable, and repeatable

manner .



Minimum acceptable level of risk



The stake in the ground that an organization defines for the seven areas of information security responsibility .Depending on the goals and objectives for maintaining

confidentiality, integrity, and availability of the ITinfrastructure and its assets, the minimum level of

acceptable risk will dictate the amount of informationsecurity .



Moore's law



The belief that processing power of computers will doubleabout every 18 months .



Multipartite virus



A virus that attempts to attack both the boot sector andexecutable files .



N Natural threats



Threats posed by Mother Nature, such as fire, floods, andstorms .



NetBus



A backdoor Trojan that allows an attacker completecontrol of the victim's computer .



Network address translation (NAT)



A method of connecting multiple computers to the Internetusing one IP address so that many private addresses are

being converted to a single public address .



Network operations center (NOC)



An organization's help desk or interface to its end users inwhich trouble calls, questions, and trouble tickets are

generated .



NIST 800-42



The purpose of this document is to provide guidance onnetwork security testing . It deals mainly with techniques

and tools used to secure systems connected to theInternet .



Non-attribution



The act of not providing a reference to a source of information .



Non-repudiation



A system or method put in place to ensure that anindividual cannot deny his own actions .



NSA IAM



The National Security Agency (NSA) Information Security Assessment Methodology (IAM) is a systematic processused by government agencies and private organizations

for the assessment of security vulnerabilities .



nslookup



A standard UNIX, Linux, and Windows tool for queryingname servers .



Null session



A Windows feature in which anonymous logon users canlist domain usernames, account information, and

enumerate share names .



O One-time pad



An encryption mechanism that can be used only once,and this is, theoretically, unbreakable . One-time pads

function by combining plain text with a random pad that isthe same length as the plain text .



Open source



Open-source software is based on the GNU GeneralPublic License . Software that is open source is released

under an open-source license or to the public domain .The source code can be seen and can be modified . Its

name is a recursive acronym for "GNU's Not UNIX."



OS (Operating System) identification



The practice of identifying the operating system of anetworked device through either passive or active

techniques .



P Packet filter



A form of stateless inspection performed by some firewallsand routers . Packet filters limit the flow of traffic based onpredetermined access control lists (ACLs) . Parameters,

such as source, destination, or port, can be filtered or blocked by a packet filter .



Paper shredders



A hardware device used for destroying paper anddocuments by shredding to prevent dumpster diving .



Passive fingerprint



A passive method of identifying the operating system (OS)of a targeted computer or device . No traffic or packets

are injected into the network; attackers simply listen to andanalyze existing traffic .



Password authentication protocol (PAP)



A form of authentication in which clear-text usernamesand passwords are passed .



Pattern matching



A method of identifying malicious traffic used by IDSsystems . It is also called signature matching and works

by matching traffic against signatures stored in a database.



Penetration test



A method of evaluating the security of a network or computer system by simulating an attack by a malicious

hacker without doing harm and with the owner's consent .



Personal area networks



Used when discussing Bluetooth devices . Refers to theconnection that can be made with Bluetooth between

these various devices .



Phishing



The act of misleading or conning an individual intoreleasing and providing personal and confidential

information to an attacker masquerading as a legitimateindividual or business . Typically, this is done by sendingsomeone an email that requests the victim to follow a link

to a bogus website .



Piggybacking



A method of gaining unauthorized access into a facility byfollowing an authorized employee through a controlled

access point or door .



Ping sweep



The process of sending ping requests to a series of devices or to the entire range of networked devices .



Policy



A high-level document that dictates managementintentions toward security .



Polymorphic virus



A virus capable of change and self mutation .



POP



POP (Post Office Protocol) is a commonly implementedmethod of delivering email from the mail server to the

client machine . Other methods include Internet Message Access Protocol (IMAP) and Microsoft Exchange .



Ports



Ports are used by protocols and applications . Portnumbers are divided into three ranges including: Well

Known Ports, Registered Ports, and the Dynamic and/or Private Ports . Well Known Ports are those from 01023 .

Registered Ports are those from 102449151, and Dynamicand/or Private Ports are those from 4915265535 .



Port knocking





Port redirection



The process of redirecting one protocol from an existingport to another .



Prependers



A virus type that adds the virus code to the beginning of existing executables .



Preventative controls



Controls that reduce risk and are used to preventundesirable events from happening .



Probability



The likelihood of an event happening .



Procedure



A detailed, in-depth, step-by-step document that lays outexactly what is to be done and how it is to be

accomplished .



Promiscuous mode



The act of changing your network adapter from its normalmode of examining traffic that only matches its address toexamining all traffic . Promiscuous mode enables a singledevice to intercept and read all packets that arrive at theinterface in their entirety; these packets may or may not

have been destined for this particular target .



Proxy server



Proxy servers stand in place of, and are a type of, firewall. They are used to improve performance and for added

security . A proxy server intercepts all requests to the realserver to see if it can fulfill the requests itself . If not, it

forwards the request to the real server .



Public key infrastructure (PKI)



Infrastructure used to facilitate e-commerce and build trust. PKI is composed of hardware, software, people,

policies, and procedures; it is used to create, manage,store, distribute, and revoke public key certificates . PKI is

based on public-key cryptography .



Q Qaz



A Trojan program that infects Notepad .



Qualitative analysis



A weighted factor or non-monetary evaluation andanalysis based on a weighting or criticality factor valuation

as part of the evaluation or analysis .



Qualitative assessment



An analysis of risk that places the probability results intoterms such as none, low, medium, and high .



Qualitative risk assessment



A scenariobased assessment in which one scenario isexamined and assessed for each critical or major threat to

an IT asset .



Quantitative analysis



A numerical evaluation and analysis based on monetaryor dollar valuation as part of the evaluation or analysis .



Quantitative risk assessment





R Redundant Array of Independent Disks (RAID)



A type of fault tolerance and performance improvement for disk drives that employ two or more drives in combination

.



RAM resident infection



A type of virus that spreads through RAM .



Red team



A group of ethical hackers who help organizations toexplore network and system vulnerabilities by means of

penetration testing .



Rijndael



A symmetric encryption algorithm chosen to be the Advanced Encryption Standard (AES) .



Risk



The exposure or potential for loss or damage to IT assetswithin that IT infrastructure .



Risk acceptance



An informed decision to suffer the consequences of likelyevents .



Risk assessment



A process for evaluating the exposure or potential loss or damage to the IT and data assets for an organization .



Risk avoidance



A decision to take action to avoid a risk .



Risk management



The overall responsibility and management of risk withinan organization . Risk management is the responsibility

and dissemination of roles, responsibilities, andaccountabilities for risk in an organization .



Risk transference



Shifting the responsibility or burden to another party or individual .



Rogue access point



A 802.11 access point that has been set up by an attacker for the purpose of diverting legitimate users so that their

traffic can be sniffed or manipulated .



Routing Information Protocol (RIP)



A widely used distance-vector protocol that determines thebest route by hop count .



Role-based access control



A type of discretionary access control in which users areplaced into groups to facilitate management . This type of

access control is widely used by Microsoft ActiveDirectory, Oracle DBMS, and SAP R/3 .



Rule-based access control



A type of mandatory access control that matches objectsto subjects . It dynamically assigns roles to subjects

based on their attributes and a set of rules defined by asecurity policy .



S Scope creep



This is the uncontrolled change in the project's scope . Itcauses the assessment to drift away from its originalscope and results in budget and schedule overruns .



Script kiddie



The lowest form of cracker who looks for easy targets or well-worn vulnerabilities .



Security breach or security incident



The result of a threat or vulnerability being exploited by anattacker .



Security bulletins



A memorandum or message from a software vendor or manufacturer documenting a known security defect in the

software or application itself . Security bulletins aretypically accompanied with instructions for loading a

software patch to mitigate the security defect or softwarevulnerability .



Security by obscurity



The controversial use of secrecy to ensure security .



Security controls



Policies, standards, procedures, and guideline definitionsfor various security control areas or topics .



Security countermeasure



A security hardware or software technology solution that isdeployed to ensure the confidentiality, integrity, and

availability of IT assets that need protection .



Security defect



A security defect is usually an unidentified andundocumented deficiency in a product or piece of software

that ultimately results in a security vulnerability beingidentified .





A team of professionals who usually encompasses HumanResources, Legal, IT, and IT Security to appropriatelyrespond to critical, major, and minor security breaches

and security incidents that the organization encounters .



Security kernel



A combination of software, hardware, and firmware thatmakes up the Trusted Computer Base (TCB) . The TCBmediates all access, must be verifiable as correct, and is

protected from modification .



Security workflow definitions



Given the defense-in-depth, layered approach toinformation security roles, tasks, responsibilities, and

accountabilities, a security workflow definition is aflowchart that defines the communications, checks and

balances, and domain of responsibility and accountabilityfor the organization's IT and IT security staff .



Separation of duties



Given the seven areas of information securityresponsibility, separation of duties defines the roles, tasks,

responsibilities, and accountabilities for informationsecurity uniquely for the different duties of the IT staff and

IT security staff .



Service level agreements (SLAs)



A contractual agreement between an organization and itsservice provider . SLAs define and protect the

organization with regard to holding the service provider accountable for the requirements as defined in an SLA .



Service Set ID (SSID)



The SSID is a sequence of up to 32 letters or numbersthat is the ID, or name, of a wireless local area network

and is used to differentiate networks .



Session splicing



Used to avoid detection by an Intrusion Detection System(IDS) by sending parts of the request in different packets .



SHA-1



A hashing algorithm that produces a 160-bit output . SHA-1 was designed by the National Security Agency (NSA)

and is defined in RFC 3174 .



Sheepdip



The process of scanning for viruses on a standalonecomputer .



Shoulder surfing



The act of looking over someone's shoulder to steal their password, capturing a phone pin, card number, and other

type of information as well .



Signature scanning



One of the most basic ways of scanning for computer viruses, it works by comparing suspect files and programs

to signatures of known viruses stored in a database .



Simple Network Monitoring Protocol (SNMP)



An application layer protocol that facilitates the exchangeof management information between network devices .

The first version of SNMP, V1, uses well-knowncommunity strings of public and private . Version 3 offers

encryption .



Single loss expectancy (SLE)



A dollar-value figure that represents an organization's lossfrom a single loss or loss of this particular IT asset .



Site survey



The process of determining the optimum placement of wireless access points . The objective of the site survey isto create an accurate wireless system design/layout and

budgetary quote .



Smurf attack



A distributed denial of service (DDoS) attack in which anattacker transmits large amounts of Internet Control

Message Protocol (ICMP) echo request (PING) packets toa targeted IP destination device using the targeted

destination's IP source address . This is called spoofingthe IP source address . IP routers and other IP devices

that respond to broadcasts will respond back to thetargeted IP device with ICMP echo replies, which

multiplies the amount of bogus traffic .



Sniffer



A hardware or software device that can be used tointercept and decode network traffic .



Social engineering



The practice of tricking employees into revealing sensitivedata about their computer system or infrastructure . This

type of attack targets people and is the art of humanmanipulation . Even when systems are physically well

protected, social engineering attacks are possible .



Software bugs or software flaws



An error in software coding or its design that can result insoftware vulnerability .



Software vulnerability standard



A standard that accompanies an organization'sVulnerability Assessment and Management Policy . Thisstandard typically defines the organization's vulnerabilitywindow definition and how the organization is to providesoftware vulnerability management and software patch

management throughout the enterprise .



Spamming



The use of any electronic communication's medium tosend unsolicited messages in bulk . Spamming is a major

irritation of the Internet era .



Spoofing



The act of masking your identity and pretending to besomeone else or another device . Common spoofingmethods include Address Resolution Protocol (ARP),

Domain Name Server (DNS), and Internet Protocol (IP) .Spoofing is also implemented by email in what is

described as phishing schemes .



Spyware



Any software application that covertly gathers informationabout a user's Internet usage and activity and then

exploits this information by sending adware and pop-upads similar in nature to the user's Internet usage history .



Stateful inspection



An advanced firewall architecture that works at thenetwork layer and keeps track of packet activity . Statefulinspection has the capability to keep track of the state of the connection . For example, if a domain name service

(DNS) reply is being sent into the network, statefulinspection can check to see whether a DNS request had

previously been sent, as replies only follow requests .Should evidence of a request not be found by statefulinspection, the device will know that the DNS packetshould not be allowed in and is potentially malicious .



Steganography



A cryptographic method of hiding the existence of amessage . A commonly used form of steganography

places information in pictures .



Stream cipher



Encrypts data typically one bit or byte at a time .



Symmetric algorithm



Both parties use the same cryptographic key .



Symmetric encryption



An encryption standard requiring that all parties have acopy of a shared key . A single key is used for both

encryption and decryption .



SYN flood attack



A distributed denial of service (DDoS) attack in which theattacker sends a succession of SYN packets with a spoof address to a targeted destination IP device but does notsend the last ACK packet to acknowledge and confirm

receipt . This leaves half-open connections between theclient and the server until all resources are absorbed,

rendering the server or targeted IP destination device asunavailable because of resource allocation to this attack .



Synchronize sequence number





T TACACS



A UDP-based access-control protocol that providesauthentication, authorization, and accountability .



Target of engagement (TOE)



The TOE is a term developed for use with common criteriaand is used by EC-Council to define the target of the

assessment or pen test target .



TCP handshake



A three-step process computers go through whennegotiating a connection with one another . The processis a target of attackers and others with malicious intent .



Threat



Any agent, condition, or circumstance that couldpotentially cause harm, loss, damage, or compromise to

an IT asset or data asset .



Time-to-live (TTL)



A counter used within an IP packet that specifies themaximum number of hops that a packet can traverse . After a TTL is decremented to 0, a packet expires .



Tini



A small Trojan program that listens on port 777 .



Traceroute



A way of tracing hops or computers between the sourceand target computer you are trying to reach . Gives the

path the packets are taking .



Transmission control protocol (TCP)



Is one of the main protocols of the TCP/IP protocol suite. .It is used for reliability and guaranteed delivery of data .



Transient electromagnetic pulse emanation standard(TEMPEST)



A method of shielding equipment to prevent the capabilityof capturing and using stray electronic signals and

reconstructing them into useful intelligence .



Trapdoor function



One-way function that describes how asymmetricalgorithms function . Trapdoor functions are designed sothat they are easy to compute in one direction but difficultto compute in the opposing direction . Trapdoor functionsare useful in asymmetric encryption and examples include

RSA and Diffie-Hellman



Trojan



A Trojan is a program that does something undocumentedwhich the programmer or designer intended, but that the

end user would not approve of if he knew about it .



Trusted Computer Base (TCB)



All the protection mechanisms within a computer system .This includes hardware, firmware, and software

responsible for enforcing a security policy .



Trusted computer system evaluation criteria (TCSEC)



U.S . Department of Defense (DoD) Trusted Computer System Evaluation Criteria, also called the Orange Book .

TCSEC is a system designed to evaluate standalone

systems that places systems into one of four levels: A, B,C, and D .

Its basis of measurement is confidentiality .



Tumbling



The process of rolling through various electronic serialnumbers on a cell phone to attempt to find a valid set to

use .



Turnstiles



A one-way gate or access control mechanism that is usedto limit traffic and control the flow of people .



Uber hacker



An expert and dedicated computer hacker .



Uniform resource locator (URL)



The global address on the Internet and World Wide Webin which domain names are used to resolve IP addresses .





A connectionless protocol that provides few error recoveryservices, but offers a quick and direct way to send and

receive datagrams .



Vandalism



The willful destruction of property .



Videocipher II satellite encryption system



Encryption mechanism used to encrypt satellite videotransmissions .



Virtual private network (VPN)



A private network that uses a public network to connectremote sites and users .



Virus



A computer program with the capability to generate copiesof itself and thereby spread . Viruses require the

interaction of an individual and can have rather benignresults, flashing a message to the screen, or rather

malicious results that destroy data, systems, integrity, or availability .



Virus hoax



A chain letter designed to trick you into forwarding tomany other people warning of a virus that does not exist.

The Good Times virus is an example .



Vulnerability



The absence or weakness of a safeguard in an asset .



Vulnerability assessment



A methodical evaluation of an organization's ITweaknesses of infrastructure components and assets andhow those weaknesses can be mitigated through proper

security controls and recommendations to remediateexposure to risks, threats, and vulnerabilities .



Vulnerability management



The overall responsibility and management of vulnerabilities within an organization and how that

management of vulnerabilities will be achieved throughdissemination of duties throughout the IT organization .



War chalking



The act of marking on the wall or sidewalk near a buildingto indicate that wireless access is present .



War dialing



The process of using a software program to automaticallycall thousands of telephone numbers to look for anyone

who has a modem attached .





The process of driving around a neighborhood or area toidentify wireless access points .



Warm site



An alternative computer facility that is partially configuredand can be made ready in a few days .



Whitebox



A security assessment of penetration test in which allaspects of the network are known .



Whois



An Internet utility that returns information about thedomain name and IP address .



Wi-Fi Protected Access (WPA)



A security standard for wireless networks designed to bemore secure than Wired Equivalent Privacy (WEP) .



Wired Equivalent Privacy (WEP)



WEP is based on the RC4 encryption scheme . It wasdesigned to provide the same level of security as that of awired LAN . Because of 40-bit encryption and problemswith the initialization vector, it was found to be insecure .



Worm



A self-replicating program that spreads by inserting copiesof itself into other executable codes, programs, or

documents . Worms typically flood a network with trafficand result in a denial of service .



Wrappers



A type of program used to bind a Trojan program to a

legitimate program . The objective is to trick the user intorunning the wrapped program and installing the Trojan .



Written authorization



One of the most important parts of the ethical hack . Itgives you permission to perform the tests that have been

agreed on by the client .



Zone transfer

Documents

Ceh Final Homemade Flash Cards 3x5