Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

SBOLC Security

SBOLC Flash Cards From the list of study terms from Class

QuestionAnswer
A Socket The primary method used to communicate with services and applications such as the Web and Telnet. The socket is a programming construct that enables communcation by mapping between ports and addresses.
Disaster Recovery Plan (DRP) A plan outlining the procedure by which data is recovered after a disaster.
Denial of Service Attack (DoS Attack) A type of attack that prevents any users, even legitimate ones, from using a system.
Risk Assessment An evaluation of how much risk you and your organization are willing to take. An assessment must be performed before any other actions, such as how much to spend on security in terms of dollars and manpower, can be decided.
Penetration Testing A form of vulnerability scan that is performed by a special team of trained white hat security specialists rather than by an internal security administrator using an automated tool
Access Control Lists (ACLS) A table or data file that specifies whether a user or group has access to a specific resource on a computer or network
Java Runtime A set of programming tools for developing java applications. It provides the minimum requirements for executing a java application, it consists of a java virtual machine (JVM), core classes, and supporting files
Sandbox A set of rules used when creating a Java applet that prevents certain functions when the applet is sent as part of a web page
Packet Filtering Firewall A firewall technology that accepts or rejects packets baed on their content
Stateful Packet Filtering Firewall Inspections that occur at a ll levels of the network and provide additional secutiy using a state table that tracks ever communications channel
Chain of Custody The log of the history of evidence that has been collected.
A Honey Pot A bogus system setup to attract and slow down a hacker. A honey pot can also be used to learn of the hacking techniques and methods that hackers employ.
Netstumbler A program used for War Driving, which can be used to find and analyze wireless networks
RSA One of the providers of cryptography systems to industry and government. RSA stands for the initials of the 3 founders of RSA Security Inc. Rivest, Shamir, and Adleman. RSA maintains a list of standards for public key cryptography Standards (PKCS)
Elliptical Curve Cryptosystem (ECC) A type of public key cryptosystem that requires a shorter key length than normal other cryptosystems (including the defacto industry standard, RSA)
Wired Equivalent Privacy (WEP) A security protocol for 802.11b(wireless) networks that attempts to establish the same security for them as would be present in wired network... Easily Hacked, constantly broadcasting the key.
Incremental Backup Strategy A type of backup in which only new files or files that have changed since the last full backup or the last incremental backup are included. Incremental backups clear the archive bits on files upon their completetion
Smurf Attack An attack where a lot of ICMP echo requests (pings) are broadcast on the network with the source address of the broadcast has been spoofed to appear like it came from the target. When all the network responds, the target cant handle all the data
Fraggle Attack The attack consists of the attacker serving as a client sending a final ACK packet
WTLS: The security layer of the Wireless Applications Protocol (WAP). WTLS provides authentication, encryption, and data integrity for wireless devices Wireless transport Layer Security. Was responsible for the failure of WAP.
Digital Signature An asymetrically engrypted signature whose sole purpose is to authenticate the sender.
Hashing Algorithm The process of transforming characters into other characters that represent (but are not) the originals. traditionally, the results are smaller and more secure than the original.
Private key The key from the public key cryptography key pair set that is designed to be kept secured locally and accesible only to the one individual to whom it belongs. Used to unlock the communication sent using the corresponding public key
Public key The key from the public key cryptography key pair set that is designed to be sent out into the public. Anyone can obtain a persons public key and use it for secure comm. w/ that person. Public key is derived from the private key, but it can't be reversed.
Pretty Good Privacy (PGP) Can be used to encrypt and digitally sign e-mails. It's a public-private key system that uses a variety of encryption algorithms to encrypt files and mail. Not a standard, but is an independently developed product that has internet grass-roots support
Lightweight Directory Access Protocol (LDAP) A set of protocols that was derived from X.500 and operates at port 389
Secure Socket layer (SSL) A protocol that secures messages by operating between the Application Layer (HTTP) and the transport Layer
Directory Services A network service that provides access to a central database of information, which contains detailed information about the resources available on a network.
X.509 The International telecommunications union (ITU) Standard for defining digital signatures.
X.500 The international Telecommunications Union(ITU) standard for directory Services in the later 1980's
A Signed Java Applet A java applet that has been signed by a trusted authority/company. A signed java Applet can have escalated permission access, possibly even out of the sandbox environment.
ActiveX Components A microsoft technology that allows customized controls, icons, to the features to increase the usability of the web-enabled systems
Discretionary Access Control A Method of restricting access to objects based on the identity of the subjects or the groups to which they belong.
Mandatory Acess Control (MAC) A security policy where labels identify sensitivity of objects, the label is checked to see if access should be allowed. "Mandatory" since labels are applied to all data automatically. Unlike "Discretionary" where the user to chooses label the data or not
Role Based Access Control (RBAC) A type of control where the levels of security closely follow the structure of an organization. The role the person plays in the organization corresponds to the level of security access they have to data
Cookies A plaintext file stored on your machine that contains information about you (and your preferences) and is used by a database server.
Asymmetric Encryption in which two keys must be used. One key is used to encrypt data and the other is needed to decrypt the data. Asymmetric encryption is the opposite of symmetric encryption where a single key is used both for encrypting and decrypting
Buffer Overflow Attack A type of Denial of Service Attack (DoS Attack) that occurs when more data is put into a buffer than it can hold. Thereby overflowing it.
SQL Injection Attack Using unexpected input to a web application. However, instead of using this input to attempt to fool a user, SQL injection attacks use it to gain unauthorized to an underlying database.
Cross Site Scripting Attack A form of malicious code injection attack where an attacker is able to compromise a web server and inject their own malicious code into the content sent to other visitors.
Promiscuous A mode where a network interface card (NIC) intercepts all traffic crossing the network and not just the traffic intended for it.
SYN Flooding A DoS attack in which the hacker sends a barrage of spoofed SYN packets. The receiving station tries to respond to each SYN request for a connection, tying up all the resources. All incoming connections are rejected.
ICMP An attack that occurs by triggering a response from the internet control message protocol (ICMP) Whit it responds to a seemingly legitimate maintenance request.
Simple Network Management Protocol (SNMP) The management protocol created for sending information about the health of the network-to-network management consoles
TCP/IP A set of protocols (including TCP) developed for the internet in the 1970s to get data from one network device to another
Phishing A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via e-mail
Pharming The malicious redirection of a valid websites URL or IP address to a fake website that hosts a false version of the original, valid site.
Spam Unwanted, unsolicited e-mail sent in bulk
Simple Mail Transfer Protocol (SMTP) A standard for e-mail transmission across IP networks. SMTP is specified for outgoing mail transport and uses TCP port 25
Encapsulating Security Payload (ESP) A header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination w/ the IP authentication header(AH)
Security Association (SA) The establishment of shared security attributes between 2 network entities to support secure comm. An SA may include attributes such as cryptographic algorithm mode, traffic encryption key, parameters for the network data to be passed over the connection
Security Parameter Index (SPI) 32-bit number used to uniquely identify security associations. It is defined during the establishment of an SA and carried either in the Authentication Header or ESP
Authentication Header (AH) A security protocol that provides data authentication and optional anti-replay services. AH protects thae full IP packet including the header. AH uses IP protocol number 50. (not to be confused w/ port number)
Tunnel Mode This refers to the IPSec mode in which the entire IP packet is encrypted and/or authenticated. The IP packet is then encapsulated into a new IP packet w/ a new IP header. This is most commonly used for network-network VPNs
Transport Mode this refers to the IPSec mode in which only the payload (the data you transfer) of the IP packet is encrypted and/or authenticated
Point-to-Point Tunneling Protocols (PPTP) A method for implementing Virtuan Private Networks. PPTP uses a control channel over TCP and GRE tunnel operating to encapsulate PPP packets.
Secure Shell (SSH) A network protocol that allows data to be exchanged using a secure channel between 2 devices. There are 2 versions of the protocol SSH-1, & SSH-2. Replaces Telnet, uses encryption to provide confidentiality and integrity of data over an unsecure network.
Secure Socket Layer (SSL) A protocol that secures messages by operating between the Application Layer (HTTP) and the Transport Layer
Layer 2 Tunneling Protocol (L2TP) A tunneling protocol that adds functionality to Point-to-Point-Protocol(PPP). this protocol was created by Microsoft Cisco, & is often used with VPNs
Extensible Authentication Protocol (EAP) An authentication framework frequently used wireless networks and point-to-point connections
Data Encrytpion Algorithim The application of cryptography solution to protect data on shared devices
IP Spoofing An attack in which a hacker tries to gain access to a network by pretending their interface has the same network address as the internal network
Social Engineering An attack that uses others by deceiving them.
Logic Bomb Any code that is hidden within an application and causes something unexpected to happen based on criteria being met. (Think Office Space virus for money)
Mean-Time-Between-Failures (MTBF) The measure of the anticipated incidence of failure of a system or component
Service Level Agreement (SLA) An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and Mean Time To Repair (MTTR) as performance measurements in the SLA.
Mean-Time-To-Repair (MTTR) The measurement of how long it takes to repair a system or component once a failure occurs
Backdoor An opening left in a program (usually by the developer)that allows additional acess to data. typically these are created for debugging purposes and aren't documented. Before the product ships, backdoors should be closed, otherwise its a security loophole
Dictionary Attack The act of attempting ot crack a password by testing them against a list of dictionary terms/words
Brute Force Attack A type of attack that relies purely on trial and error, (tries 00000, then 00001, then 00002, etc. until it is right)
Birthday Attack A probability method of finding collision in hash functions (collisions are where more than one value hashes to the same key)
Replay Attack Any attack where the data is retransmitted repeatedly (often fraudulently or maliciously). In one such possibility, a user can replay a web session and visit sites intended only for the original user
Created by: tuxnerd