Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CEH ch 1&2
Certified Ethical Handler ch 1&2
| Term | Definition |
|---|---|
| OSI Layer 1 | Physical (bits - usb stds, bluetooth) |
| OSI Layer 2 | Data Link (Frame - ARP, CDP, PPP, L2TP, STP) |
| OSI Layer 3 | Network (Packet - IP, ICMP) |
| OSI Layer 4 | Transport (Segment - TCP, UDP) |
| OSI Layer 5 | Session (X.225, SCP, ZIP) |
| OSI Layer 6 | Presentation (AFP, NCP, MIME) |
| OSI Layer 7 | Application (FTP, HTTP, SMTP) |
| Network Security Zones | Internet, DMZ, Production Network, Intranet, Management Network |
| Production Network Zone (PNZ) | A very restricted zone that strictly controls direct access from uncontrolled zones. doesn’t hold users. |
| Intranet Zone | A controlled zone that has little-to-no heavy restrictions. communication requires fewer strict controls internally. |
| Management Network Zone | A highly secured zone with very strict policies. full of VLANs and maybe controlled via IPSec etc. |
| Common Vulnerability Scoring System (CVSS) | a published standard used by organizations worldwide that provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. |
| National Vulnerability Database (NVD) | the U.S. government repository of standards based vulnerability management data represented using SCAP. enables automation of vulnerability management, security measurement, and compliance |
| Vulnerability Categories | Misconfiguration, Default Installations, Buffer Overflows, Missing Patches, Design Flaws, Operating System Flaws, Application Flaws, Open Services, Default Passwords. |
| THREAT MODELING steps: | Identify Security Objectives, Application Overview, Decompose Application, Identify Threats, and Identify Vulnerabilities. |
| Enterprise Information Security Architecture (EISA) | a collection of requirements and processes that help determine how an organization’s information systems are built and how they work. |
| RISK MANAGEMENT PHASES – | Identification, Assessment, Treatment, Tracking, and Review. |
| SECURITY CONTROLS types: | preventive, detective, and corrective measures. |
| ALE (annualized loss expectancy) | equals the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy) |
| SLE | equals exposure factor % (EF) x AV (asset value) |
| Bit flipping | a form of an integrity attack. Not interested in learning the entirety of the plain-text message. Instead, bits are manipulated in the cipher text itself to generate a predictable outcome in the plain text once it is decrypted. |
| COMMON CRITERIA (CC). | used for Information Technology Security Evaluation using EAL, TOE, ST, TP |
| Evaluation Assurance Level (EAL) | CC tool, (Levels 1–7) a testing standard designed to reduce or remove vulnerabilities from a product before it is released. |
| Target of evaluation (TOE) | CC tool, What is being tested |
| Security target (ST) | CC tool, The documentation describing the TOE and security requirements |
| Protection profile (PP) | CC tool, A set of security requirements specifically for the type of product being tested |
| Information Security Policy | identifies what company systems MAY AND MAY NOT BE USED FOR, and what the CONSEQUENCES are for breaking the rules. aka Acceptable Use Policy. |
| Information Protection Policy | defines information SENSITIVITY LEVELS and who has access to those levels. It also addresses how data is stored, transmitted, and destroyed. |
| Types of Attacks | OS, Applications, Shrink-wrap code, misconfiguration |
| Hacking Phases | Recon, Scanning and enumerations, Gaining access, Maintaining Access, Covering Tracks |
| RECONNAISSANCE | the hacking steps taken to gather evidence and information on the targets you want to attack. Passive or Active. |
| SCANNING AND ENUMERATION | take the information gathered in recon and actively apply tools and techniques to gather more in-depth information on the targets, e.g., ping sweep or a network mapper, running a vulnerability scanner. |
| PEN TEST PHASES: | preparation, assessment (security evaluation), and conclusion |
| criminal law | a body of rules and statutes that defines conduct prohibited by the government because it threatens and harms public safety and welfare and that establishes punishment to be imposed for the commission of such acts |
| civil law | a body of rules that delineates private rights and remedies as well as governs disputes between individuals in such areas as contracts, property, and family law, distinct from criminal law |
| common law | law based on societal customs and recognized and enforced by the judgments and decrees of the courts |
| FISMA | 2002law requires federal agencies to develop, document, & implement an information security and protection program. part of the larger E-Government Act of 2002 introduced to improve the management of electronic government services and processes. |
| ECPA (Electronic Communications Privacy Act of 1986) | enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications. |
| Patriot Act | law grants law enforcement more powers aimed at preventing terrorist attacks. The law also requires the financial industry to report various suspicious customer behaviors as a measure against terrorism-related money laundering. |
| Privacy Act of 1974, | code of fair information practices that governs the collection, maintenance, use, and dissemination of ind. info. kept by feds. requires written consent of the individual, unless the disclosure is pursuant to one of twelve statutory exceptions. |
| Cyber Intelligence Sharing and Protection Act (CISPA), | amendment to the National Security Act of 1947, adds provisions pertaining to cybercrime describing threat intelligence |
| Consumer Data Security and Notification Act, | aims to provide a national standard for financial institution data security and breach notification on behalf of all consumers, and for a series of other purposes. |
| Computer Security Act of 1987, | intended to improve the security and privacy of sensitive information in federal computer systems, establish minimum security practices. Requires comsec plans, training of users or owners where systems display, process or store sensitive information. |
| OSSTMM (Open Source Security Testing Methodology Manual) | a mechanism used to determine the Operational Security ("OpSec") of a target scope |
| SOX | to make corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior. There are 11 titles. |
| HIPAA | Health information privacy act. Sections: (Electronic Transaction and Code Sets, Privacy Rule, Security Rule, National Identifier Requirements, and Enforcement) |
| COBIT (Control Objects for Information and Related Technology) | IT governance framework & toolset for control requirements, technical issues and business risks. domains: Planning and organization Acquisition and implementation Delivery and support Monitoring and evaluation |
| ISO/IEC 27001:2013 | provides requirements for creating, maintaining, and improving organizational infosec systems. The standard addresses issues such as ensuring compliance with laws as well as formulating internal security requirements and objectives. |
| Footprinting | Gathering information about your intended target - an effort to map out, at a high level, what the landscape looks like. active or passive. |
| recon | an overall, overarching term for gathering information on targets, |
| four main focuses and benefits of footprinting | 1. Know the security posture (footprinting helps make this clear). 2. Reduce the focus area (network range, number of targets, and so on). 3. Identify vulnerabilities (self-explanatory). 4. Draw a network map. |
| Competitive intelligence | the information gathered by a business entity about its competitors’ customers, products, and marketing. |
| Computer Fraud and Abuse Act (1986) | makes conspiracy to commit hacking a crime. |
| filetype (Google search string) | Searches only for files of a specific type (DOC, XLS, and so on). For example, the following will return all Microsoft Word documents- filetype:doc |
| index of (Google search string) | Displays pages with directory browsing enabled, usually used with another operator. For example, the following will display pages that show directory listings containing passwd- "intitle:index of" passwd |
| info (Google search string) | Displays information Google stores about the page itself- info:www.anycomp.com |
| intitle (Google search string) | Searches for pages that contain the string in the title. e.g., will return pages with the word login in the title- intitle: login |
| allintitle (Google search string) | For multiple string searches. Here's an example- allintitle:login password |
| inurl (Google search string) | Displays pages with the string in the URL. For example, the following will display all pages with the word passwd in the URL- inurl:passwd |
| allinurl (Google search string) | For multiple string searches. Here's an example: allinurl:etc passwd |
| link (Google search string) | Displays linked pages based on a search term. Example- link: string. |
| related (Google search string) | Shows web pages similar to webpagename. Example- related: webpagename |
| Site (Google search string) | Displays pages for a specific website or domain holding the search term. For example, the following will display all pages with the text passwds in the site anywhere.com- site:anywhere.com passwds |
| Metagoofil | uses Google hacks and cache to find unbelievable amounts of information hidden in the meta tags of publicly available documents. |
| SiteDigger | uses Google hack searches and other methods to dig up information and vulnerabilities. |
| *Website Watcher | can be used to check web pages for changes, automatically notifying you when there’s an update |
| www.archive.org and Google Cache | Wayback machine to find info posted on a site at some point in the past but has since been updated or removed. |
| Web page mirroring tools | HTTrack (www.httrack.com) Black Widow ( (www.calluna-software.com) Teleport Pro (www.tenmax.com) GNU Wget (www.gnu.org) Backstreet Browser (http://spadixbd.com) |
| *SRV | Service DNS record type - defines the hostname and port number of servers providing specific services, such as a Directory Services server. |
| *SOA | Start of Authority DNS record type - identifies the primary name server for the zone. contains the hostname of the server responsible for all DNS records within the namespace, as well as the basic properties of the domain. |
| *PTR | Pointer DNS record type - maps an IP address to a hostname (providing for reverse DNS lookups). You don't absolutely need a PTR record for every entry in your DNS namespace, but these are usually associated with e-mail server records. |
| *NS | Name Server DNS record type - defines the name servers within your namespace. respond to requests for name resolution. |
| *MX | Mail Exchange DNS record type - This record identifies your e-mail servers within your domain. |
| *CNAME | Canonical Name DNS record type - provides for domain name aliases. For example, you may have an FTP service and a web service running on the same IP address. CNAME records could be used to list both within DNS for you. |
| *A | Address DNS record type - maps an IP address to a hostname and is used most often for DNS lookups. |
| Name resolvers | DNS servers that simply answer requests. |
| Authoritative servers | DNS servers that hold the records for a namespace, given from an administrative source, and answer accordingly. |
| DNS poisoning | change the cache on the local name server to point to a bogus server instead of the real address. mitigation is to restrict the amount of time records can stay in cache before they’re updated |
| *Domain Name System Security Extensions (DNSSEC) | a suite of IETF specifications for securing certain kinds of information provided by DNS. extensions ensure that DNS results are cryptographically protected. |
| SOA record contents | Source host Hostname; Contact e-mail; Serial number; Refresh time 3600 sec. default; Retry time default value is 600 seconds; Expire time default value is 86,400 seconds; TTL The minimum "time to live" |
| regional Internet registries (RIRs) | American Registry for Internet Numbers (ARIN); Asia-Pacific Network Information Center (APNIC); Réseaux IP Européens (RIPE) Europe, Middle East, Central Asia/Northern Africa. Latin America and Caribbean Network (LACNIC); (AfriNIC) |
| whois | started in Unix, now ubiquitous. It queries the registries and returns information, including domain ownership, addresses, locations, and phone numbers. |
| *nslookup zone transfer | nslookup (DNS) lookup pulls every record from the DNS server instead of just the one, or one type, you’re looking for. use ls -d" |
| dig | is used to test a DNS query and report the results. The basic syntax for the command looks like - dig @server name type |
| packet capture Type 11, Code 0 | TTL Expired for packet |
| packet capture Type 3, Code 13 | packet Administratively Blocked |
| traceroute tools | Magic NetTrace, Network Pinger, GEO Spider, and Ping Plotter. |
| traceroute | Linux (UDP) that tracks a packet across the Internet and provides the route path and transit times. It accomplishes this by using ICMP ECHO packets to report information on each "hop" (router) from the source to the destination. |
| tracert | Windows (ICMP only) tracks a packet across the Internet and provides the route path and transit times. It accomplishes this by using ICMP ECHO packets to report information on each "hop" (router) from the source to the destination. |
| OSRFramework | open source research framework in Python that helps with user profiling by making use of different OSINT tools . web-based GUI with libraries. |
| OSRFramework - Open Source Intelligence (OSINT) tools | usufy.py; mailfy.py; searchfy.py; domainfy.py; phonefy.py; entify.py. |
| Web spiders | applications that crawl a website and report. Defend against standard web crawlers using robots.txt files at the root of their site, but many sites remain open to spidering. |
| Maltego | an open source intelligence and forensics application designed explicitly to demonstrate social engineering (and other) weaknesses for your environment. |
| Social Engineering Framework (SEF) | tools that can automate things such as extracting e-mail addresses out of websites and general preparation for social engineering. has ties into Metasploit payloads for easy phishing attacks. |
| Shodan | designed to help you find specific types of computers (routers, servers, and so on) connected to the Internet. |
| robots.txt | used by web administrators to defend against standard web crawlers at the root of their site |
| Competitive intelligence tools include: | Google Alerts, Yahoo! Site Explorer, SEO for Firefox, SpyFu, Quarkbase, and DomainTools.com. |
Created by:
CountChocula7623
Popular Computers sets