Save
Busy. Please wait.
Log in with Clever
or

show password
Forgot Password?

Don't have an account?  Sign up 
Sign up using Clever
or

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CEH ch 1&2

Certified Ethical Handler ch 1&2

TermDefinition
OSI Layer 1 Physical (bits - usb stds, bluetooth)
OSI Layer 2 Data Link (Frame - ARP, CDP, PPP, L2TP, STP)
OSI Layer 3 Network (Packet - IP, ICMP)
OSI Layer 4 Transport (Segment - TCP, UDP)
OSI Layer 5 Session (X.225, SCP, ZIP)
OSI Layer 6 Presentation (AFP, NCP, MIME)
OSI Layer 7 Application (FTP, HTTP, SMTP)
Network Security Zones Internet, DMZ, Production Network, Intranet, Management Network
Production Network Zone (PNZ) A very restricted zone that strictly controls direct access from uncontrolled zones. doesn’t hold users.
Intranet Zone A controlled zone that has little-to-no heavy restrictions. communication requires fewer strict controls internally.
Management Network Zone A highly secured zone with very strict policies. full of VLANs and maybe controlled via IPSec etc.
Common Vulnerability Scoring System (CVSS) a published standard used by organizations worldwide that provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
National Vulnerability Database (NVD) the U.S. government repository of standards based vulnerability management data represented using SCAP. enables automation of vulnerability management, security measurement, and compliance
Vulnerability Categories Misconfiguration, Default Installations, Buffer Overflows, Missing Patches, Design Flaws, Operating System Flaws, Application Flaws, Open Services, Default Passwords.
THREAT MODELING steps: Identify Security Objectives, Application Overview, Decompose Application, Identify Threats, and Identify Vulnerabilities.
Enterprise Information Security Architecture (EISA) a collection of requirements and processes that help determine how an organization’s information systems are built and how they work.
RISK MANAGEMENT PHASES – Identification, Assessment, Treatment, Tracking, and Review.
SECURITY CONTROLS types: preventive, detective, and corrective measures.
ALE (annualized loss expectancy) equals the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy)
SLE equals exposure factor % (EF) x AV (asset value)
Bit flipping a form of an integrity attack. Not interested in learning the entirety of the plain-text message. Instead, bits are manipulated in the cipher text itself to generate a predictable outcome in the plain text once it is decrypted.
COMMON CRITERIA (CC). used for Information Technology Security Evaluation using EAL, TOE, ST, TP
Evaluation Assurance Level (EAL) CC tool, (Levels 1–7) a testing standard designed to reduce or remove vulnerabilities from a product before it is released.
Target of evaluation (TOE) CC tool, What is being tested
Security target (ST) CC tool, The documentation describing the TOE and security requirements
Protection profile (PP) CC tool, A set of security requirements specifically for the type of product being tested
Information Security Policy identifies what company systems MAY AND MAY NOT BE USED FOR, and what the CONSEQUENCES are for breaking the rules. aka Acceptable Use Policy.
Information Protection Policy defines information SENSITIVITY LEVELS and who has access to those levels. It also addresses how data is stored, transmitted, and destroyed.
Types of Attacks OS, Applications, Shrink-wrap code, misconfiguration
Hacking Phases Recon, Scanning and enumerations, Gaining access, Maintaining Access, Covering Tracks
RECONNAISSANCE the hacking steps taken to gather evidence and information on the targets you want to attack. Passive or Active.
SCANNING AND ENUMERATION take the information gathered in recon and actively apply tools and techniques to gather more in-depth information on the targets, e.g., ping sweep or a network mapper, running a vulnerability scanner.
PEN TEST PHASES: preparation, assessment (security evaluation), and conclusion
criminal law a body of rules and statutes that defines conduct prohibited by the government because it threatens and harms public safety and welfare and that establishes punishment to be imposed for the commission of such acts
civil law a body of rules that delineates private rights and remedies as well as governs disputes between individuals in such areas as contracts, property, and family law, distinct from criminal law
common law law based on societal customs and recognized and enforced by the judgments and decrees of the courts
FISMA 2002law requires federal agencies to develop, document, & implement an information security and protection program. part of the larger E-Government Act of 2002 introduced to improve the management of electronic government services and processes.
ECPA (Electronic Communications Privacy Act of 1986) enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications.
Patriot Act law grants law enforcement more powers aimed at preventing terrorist attacks. The law also requires the financial industry to report various suspicious customer behaviors as a measure against terrorism-related money laundering.
Privacy Act of 1974, code of fair information practices that governs the collection, maintenance, use, and dissemination of ind. info. kept by feds. requires written consent of the individual, unless the disclosure is pursuant to one of twelve statutory exceptions.
Cyber Intelligence Sharing and Protection Act (CISPA), amendment to the National Security Act of 1947, adds provisions pertaining to cybercrime describing threat intelligence
Consumer Data Security and Notification Act, aims to provide a national standard for financial institution data security and breach notification on behalf of all consumers, and for a series of other purposes.
Computer Security Act of 1987, intended to improve the security and privacy of sensitive information in federal computer systems, establish minimum security practices. Requires comsec plans, training of users or owners where systems display, process or store sensitive information.
OSSTMM (Open Source Security Testing Methodology Manual) a mechanism used to determine the Operational Security ("OpSec") of a target scope
SOX to make corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior. There are 11 titles.
HIPAA Health information privacy act. Sections: (Electronic Transaction and Code Sets, Privacy Rule, Security Rule, National Identifier Requirements, and Enforcement)
COBIT (Control Objects for Information and Related Technology) IT governance framework & toolset for control requirements, technical issues and business risks. domains:  Planning and organization  Acquisition and implementation  Delivery and support  Monitoring and evaluation
ISO/IEC 27001:2013 provides requirements for creating, maintaining, and improving organizational infosec systems. The standard addresses issues such as ensuring compliance with laws as well as formulating internal security requirements and objectives.
Footprinting Gathering information about your intended target - an effort to map out, at a high level, what the landscape looks like. active or passive.
recon an overall, overarching term for gathering information on targets,
four main focuses and benefits of footprinting 1. Know the security posture (footprinting helps make this clear). 2. Reduce the focus area (network range, number of targets, and so on). 3. Identify vulnerabilities (self-explanatory). 4. Draw a network map.
Competitive intelligence the information gathered by a business entity about its competitors’ customers, products, and marketing.
Computer Fraud and Abuse Act (1986) makes conspiracy to commit hacking a crime.
filetype (Google search string) Searches only for files of a specific type (DOC, XLS, and so on). For example, the following will return all Microsoft Word documents- filetype:doc
index of (Google search string) Displays pages with directory browsing enabled, usually used with another operator. For example, the following will display pages that show directory listings containing passwd- "intitle:index of" passwd
info (Google search string) Displays information Google stores about the page itself- info:www.anycomp.com
intitle (Google search string) Searches for pages that contain the string in the title. e.g., will return pages with the word login in the title- intitle: login
allintitle (Google search string) For multiple string searches. Here's an example- allintitle:login password
inurl (Google search string) Displays pages with the string in the URL. For example, the following will display all pages with the word passwd in the URL- inurl:passwd
allinurl (Google search string) For multiple string searches. Here's an example: allinurl:etc passwd
link (Google search string) Displays linked pages based on a search term. Example- link: string.
related (Google search string) Shows web pages similar to webpagename. Example- related: webpagename
Site (Google search string) Displays pages for a specific website or domain holding the search term. For example, the following will display all pages with the text passwds in the site anywhere.com- site:anywhere.com passwds
Metagoofil uses Google hacks and cache to find unbelievable amounts of information hidden in the meta tags of publicly available documents.
SiteDigger uses Google hack searches and other methods to dig up information and vulnerabilities.
*Website Watcher can be used to check web pages for changes, automatically notifying you when there’s an update
www.archive.org and Google Cache Wayback machine to find info posted on a site at some point in the past but has since been updated or removed.
Web page mirroring tools  HTTrack (www.httrack.com)  Black Widow ( (www.calluna-software.com)  Teleport Pro (www.tenmax.com)  GNU Wget (www.gnu.org)  Backstreet Browser (http://spadixbd.com)
*SRV Service DNS record type - defines the hostname and port number of servers providing specific services, such as a Directory Services server.
*SOA Start of Authority DNS record type - identifies the primary name server for the zone. contains the hostname of the server responsible for all DNS records within the namespace, as well as the basic properties of the domain.
*PTR Pointer DNS record type - maps an IP address to a hostname (providing for reverse DNS lookups). You don't absolutely need a PTR record for every entry in your DNS namespace, but these are usually associated with e-mail server records.
*NS Name Server DNS record type - defines the name servers within your namespace. respond to requests for name resolution.
*MX Mail Exchange DNS record type - This record identifies your e-mail servers within your domain.
*CNAME Canonical Name DNS record type - provides for domain name aliases. For example, you may have an FTP service and a web service running on the same IP address. CNAME records could be used to list both within DNS for you.
*A Address DNS record type - maps an IP address to a hostname and is used most often for DNS lookups.
Name resolvers DNS servers that simply answer requests.
Authoritative servers DNS servers that hold the records for a namespace, given from an administrative source, and answer accordingly.
DNS poisoning change the cache on the local name server to point to a bogus server instead of the real address. mitigation is to restrict the amount of time records can stay in cache before they’re updated
*Domain Name System Security Extensions (DNSSEC) a suite of IETF specifications for securing certain kinds of information provided by DNS. extensions ensure that DNS results are cryptographically protected.
SOA record contents Source host Hostname; Contact e-mail; Serial number; Refresh time 3600 sec. default; Retry time default value is 600 seconds; Expire time default value is 86,400 seconds; TTL The minimum "time to live"
regional Internet registries (RIRs) American Registry for Internet Numbers (ARIN); Asia-Pacific Network Information Center (APNIC); Réseaux IP Européens (RIPE) Europe, Middle East, Central Asia/Northern Africa. Latin America and Caribbean Network (LACNIC); (AfriNIC)
whois started in Unix, now ubiquitous. It queries the registries and returns information, including domain ownership, addresses, locations, and phone numbers.
*nslookup zone transfer nslookup (DNS) lookup pulls every record from the DNS server instead of just the one, or one type, you’re looking for. use ls -d"
dig is used to test a DNS query and report the results. The basic syntax for the command looks like - dig @server name type
packet capture Type 11, Code 0 TTL Expired for packet
packet capture Type 3, Code 13 packet Administratively Blocked
traceroute tools Magic NetTrace, Network Pinger, GEO Spider, and Ping Plotter.
traceroute Linux (UDP) that tracks a packet across the Internet and provides the route path and transit times. It accomplishes this by using ICMP ECHO packets to report information on each "hop" (router) from the source to the destination.
tracert Windows (ICMP only) tracks a packet across the Internet and provides the route path and transit times. It accomplishes this by using ICMP ECHO packets to report information on each "hop" (router) from the source to the destination.
OSRFramework open source research framework in Python that helps with user profiling by making use of different OSINT tools . web-based GUI with libraries.
OSRFramework - Open Source Intelligence (OSINT) tools usufy.py; mailfy.py; searchfy.py; domainfy.py; phonefy.py; entify.py.
Web spiders applications that crawl a website and report. Defend against standard web crawlers using robots.txt files at the root of their site, but many sites remain open to spidering.
Maltego an open source intelligence and forensics application designed explicitly to demonstrate social engineering (and other) weaknesses for your environment.
Social Engineering Framework (SEF) tools that can automate things such as extracting e-mail addresses out of websites and general preparation for social engineering. has ties into Metasploit payloads for easy phishing attacks.
Shodan designed to help you find specific types of computers (routers, servers, and so on) connected to the Internet.
robots.txt used by web administrators to defend against standard web crawlers at the root of their site
Competitive intelligence tools include: Google Alerts, Yahoo! Site Explorer, SEO for Firefox, SpyFu, Quarkbase, and DomainTools.com.
Created by: CountChocula7623
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards