click below
click below
Normal Size Small Size show me how
Chapter 9 Terms
Security+ SY0-501 7th Edition Terms (Chapter 9)
Question | Answer |
---|---|
Address Resolution Protocol (ARP) | Protocol used to map known IP addresses to unknown physical addresses. |
Address Resolution Protocol (ARP) poisoning | An attack that convinces the network that the attacker’s MAC (Media Access Control) address is the one associated with an allowed address so that traffic is wrongly sent to attacker’s address. |
adware | Software that gathers information to pass on to marketers or that intercepts personal data such as credit card numbers and makes it available to third parties. |
antivirus software | Software that identifies the presence of a virus and is capable of removing or quarantining the virus. |
armored virus | A virus that is protected in a way that makes disassembling it difficult. The difficulty makes it “armored” against antivirus programs that have trouble getting to, and understanding, its code. |
ARP spoofing | More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked. |
attack | Any unauthorized intrusion into the normal operations of a computer or computer network. The attack can be carried out to gain access to the system or any of its resources. |
attack surface | The area of an application that is available to users—those who are authenticated and, more importantly, those who are not. |
attack surface reduction (ASR) | Minimizing the possibility of exploitation by reducing the amount of code and limiting potential damage. |
backdoor | An opening left in a program application (usually by the developer) that allows additional access to data. Created for debugging purposes and is not documented. Before the product ships, they are closed; when they aren’t closed, security loopholes exist. |
bot | An automated software program (network robot) that collects information on the web. In its malicious form, a bot is a compromised computer being controlled remotely. |
buffer overflow | A type of denial-of-service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it (as the name implies). |
clickjacking | Using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page. |
companion virus | A virus that creates a new program that runs in the place of an expected program of the same name. |
cross-site request forgery (XSRF) | A form of web-based attack in which unauthorized commands are sent from a user that a website trusts. |
cross-site scripting (XSS) | Running a script routine on a user’s machine from a website without their permission. |
denial-of-service (DoS) | A type of attack that prevents any users—even legitimate ones—from using a system. |
dictionary attack | The act of attempting to crack passwords by testing them against a list of dictionary words. |
distributed denial-of-service (DDoS) | A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target to reduce its availability to the public. This can be accomplished through the use of compromised systems, botnets, and other means. |
DNS poisoning | An attack method in which a daemon caches DNS reply packets, which sometimes contain other information (data used to fill the packets). The extra data can be scanned for information useful in a break-in or man-in-the-middle attack. |
DNS spoofing | The DNS server is given information about a name server that it thinks is legitimate when it isn’t. |
Domain Name System (DNS) | The network service used in TCP/IP networks that translates hostnames to IP addresses. |
integer overflow | Putting too much information into too small of a space that has been set aside for numbers. |
IP spoofing | Making the data look as if it came from a trusted host when it didn’t (thus spoofing the IP address of the sending host). |
least privilege | A permission method in which users are granted only the privileges necessary to perform their job function. |
least privilege policy | The policy of giving a user only the minimum permissions needed to do the work that must be done. |
logic bomb | Any code that is hidden within an application and causes something unexpected to happen based on some criteria being met. |
macro virus | A software exploitation virus that works by using the macro feature included in many applications, such as Microsoft Office. |
malicious code | Any code that is meant to do harm. |
malicious insider threat | A threat from someone inside the organization intent on doing harm. |
man-in-the-middle | An attack that occurs when someone/something that is trusted intercepts packets and retransmits them to another party. Man-in-the-middle attacks have also been called TCP/IP hijacking in the past. |
multipartite virus | A virus that attacks a system in more than one way. |
password attacks | Attempting to ascertain a password that you should not know. |
phage virus | A virus that modifies and alters other programs and databases. |
ping of death | A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host’s buffer. A ping of death usually causes the remote host to reboot or hang. |
polymorphic | An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to the viruses. |
privilege escalation | The result when a user obtains access to a resource that they wouldn’t normally be able to access. It can be done inadvertently by running a program with Set User ID (SUID) or Set Group ID (SGID) permissions or by temporarily becoming another user. |
ransomware | Software that demands payment before restoring the data or system infected. |
replay attack | An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection. |
retrovirus | A virus that attacks or bypasses the antivirus software installed on a computer. |
rogueware | A form of malware that tries to convince the user to pay for a fake threat. |
rootkit | Software program that has the ability to obtain root-level access and hide certain things from the operating system. |
scareware | Software that tries to convince unsuspecting users that a threat exists. |
shim | A small library that is created to intercept API calls transparently. |
spoofing | An attempt by someone or something to masquerade as someone/something else. |
spyware | Software programs that work—often actively—on behalf of a third party. |
stealth virus | A virus that attempts to avoid detection by masking itself from applications. |
Trojan horse | Any application that masquerades as one thing in order to get past scrutiny and then does something malicious. One of the major differences between Trojan horses and viruses is that Trojan horses tend not to replicate themselves. |
typo squatting | Creating domains that are based on the misspelling of another. |
URL hijacking | Registering domains that are similar to those for a known entity but based on a misspelling or typographical error. |
virus | A program intended to damage a computer system. |
watering hole attack | Identifying a site that is visited by those whom they are targeting, poisoning that site, and then waiting for the results. |
Xmas attack | An advanced attack that tries to get around detection and send a packet with every single option enabled. |
zero-day exploit | An attack that begins the very day an exploit is discovered. |
zombie | Any system taking directions from a master control computer. Zombies are often used in distributed denial-of-service (DDoS) and botnet attacks. |