click below
click below
Normal Size Small Size show me how
chapter 12 terms 1
chpt 12 vocabulary
Question | Answer |
---|---|
802.11i | standard for wireless network encryption and authentication that uses the EAP authentication method,strong encryption,and dynamically assigned keys,which are different for every transmission |
802.11i | specifies AES encryption and weaves a key into each packet |
authentication,authorization,and accounting | the name of a category of protocols that establish a clients identity;check the clients credentials and,based on those,allow or deny access to a system or network;and finally track the clients system or network usage |
access control lost | a list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria |
advanced encryption standard | a private key encryption algorithim that weaves keys of 128,160,192, or 256 bits through data multiple times |
aes | replaced des in situations such as military communications,which require high level security.the algorithim used in the most popular form of aes is known as rijndael |
authentication header | a type of encryption that provides authentication of the ip packets data payload thru public key techniques |
authentication service | the process that runs on a key distribution center to initially validate a clients logging on.issues a session key to the client and to the service the client wants to access |
asymetric encryption | type of encryption that uses a different key for encoding data than is used for decoding the ciphertext |
authentication protocol | a set of rules that governs how servers authenticate clients. |
authenticator | the users time stamp encrypted with the session key.is used to help the service verify that a users ticket is valid |
biorecognition access | a method of authentication in which a device scans an individuals unique physical characteristics to verify the users identity |
brute force attack | an attempt to discover an encryption key or password by trying numerous possible chracter combinations. |
certificate authority | an organization that issues and maintains disital certificates as part of the public key infrastructure |
challenge | a random string of text issued from one computer to another in some forms of authentication.is used along with a password to verify the computers credentials |
challenge handshake authentication protocol | operates over ppp and that requires the authenticator to take the first step by offering the other computer a challenge.requestor responds by combining the challenge with its password. |
chap | authenticator matches to see if the requestors encrypted string of text matches its own string of characters.if everything matches up the requestor is granted access |
ciphertext | the unique data block that results when an original piece of data is encrypted |
client_hello | a message issued from the client to the server that contains information about what level of security the clients browser is capable of accepting and what type of encryption the clients browser can decipher |
client_hello | establishes a randomly generated number that uniquely identifies the client,plus abother number that identifies the ssl session |
content filtering firewall | can block designated types of traffic from entering a protected network |
cracker | a person who uses his knowledge of operating systems and utilities to intentionally damage or destroy data or systems |
denial of service attack | a security attack caused by a deluge of traffic that disables the victimized systems |
data encryption standard | a popular private key encryption technique that was developed by ibm in the 1970s |
dictionary attack | a technique in which hackers run a program that tries a combination of a known user id and,for a password,every word in a dictionary to attempt to gain access to a network |
diffie-hellman | the first commonly used public,or asymmetric, key algorithim. |
digital certificate | a password protected and encrypted file that holds an individuals identification information,including a public and private key. |
digital certificate | the individuals public key is used to verify the senders digital signature,and the private key allows allows the individual to log on to a third party authority who administers digital certificates |
demilitarized zone | the perimeter of a protected internal network where users,both authorized and unauthorized,from external networks can attempt to access it.firewalls and ids/ips systems are typically placed here. |
dns spoofing | a security attack in which an outsider forges name server records to falsify his hosts identity |
extensible authentication protocol | a data layer link protocol defined by the ietf |
eap | specifies the dynamic distribution of encryption keys and a preauthentication process in which a client and server exchange data via an intermediate node,example an access point on a wireless lan |
eap | only after they have mutually authenticated can the client and server exchange encrypted data.can be used with multiple authentication and encryption schemes. |
encryption | the use of an algorithim to scramble data into a format that can be read only by reversing the algorithim,decrypting the data,to keep the information private. |
encryption | the most popular kind of algorithim weaves a key into the original data bits,sometimes several times in different sequences,to generate a unique data block. |
encapsulation security protocol | a type of encryption that provides authentication of the ip packets data payload thru public key techniques.encrypts the entire ip packet for added security |
flashing | a security attack in which an internbet user sends commands to another internet users machine that cause the screen to fill with garbage characters.causes the user to terminate his session |
hacker | a person who masters the inner workings of operating systems and utilities in an effort to better understand them.is distinguished from a cracker in that a cracker attempts to explloit a networks vulnerabilities for malicious purposes. |
handshake protocol | allows the client and server to authenticate ,or introduce,each other and establishes terms for how they securely exchange data during and ssl session |
host based firewall | only protects the computer onwhich it is installed |
http over secure sockets layer | the url prefix that indicates that a web page requires its data to be exchanged between client and server using ssl encryption. |
https | uses the port number 443 |
intrusion dectection system | a dedicated service or software running on a host that monitors and flags any unauthorized attempt to access an organizations secured resources on a network or host |
internet key exchange | the first phase of ipsec authentication,which accomplishes key management.a service that runs on udp port 500 |
ike | established the rules for the type of keys two nodes use,involves its second phase,encryption |
intrusion prevention system | a dedicated device or software running on a host that automatically reacts to any unauthorized attempt to access an organizations secured resources on a network or host.often combined with ids. |
internet protocol security | layer 3 protocol that defines encryption,authentication,and key management for tcp/ip transmissions.an enhancement to ipv4 and is native to ipv6. |
ips | unique among authentication methods in that it adds security information to the ehader of all ip packets |
ip spoofing | a security attack in which an outsider obtains internal ip addresses,then uses thoses addresses to pretend that he has authority to access a private network from the internet |
key distribution center | the server that runs the authentication service and the ticket granting service to issue keys and tickets to clients |
kerberos | a cross platform authentication protocol that uses key encryption to verify the identity of clients and to securely exchange information after a client logs on to a system.its an example of a private key encryption service |
key | a series of characters that is combined with a block of data during that datas encryption.to decrypty the resulting data,the recipient must also possess the key. |
key management | the method whereby two nodes using key encryption agree on common parameters for the keys they will use to encrypt data |
key pair | the combination of a public and private key used to decipher data that was encrypted using public key encryption |
man in the middle attack | a security threat that relies on intercepted transmissions.can take on several forms.a person redirects or captures secure data traffic while in transit |
microsoft challenge authentication protocol version 2 | follows the chap model but uses stronger encryption,uses different encryption keys for transmission and reception,and requires mutual authentication between two computers |
mutual authentication | a scheme in which both computers verify the credentials of each other |
network based firewall | configured and positioned to protect an entire network |
network key | a key or character string required for a wireless station to associate with an access point using wep. |
openssh | an open source version of the ssh suite of protocols |
packet filtering firewall | a router that operates at the data link layer and transport layers of the osi model,examing the header of every packet of data that it receives to determine whether that type of packet is authorized to continue to its destination.also known as screening |
password authentication protocol | operates over the ppp.using pap a client issues its credentials in a request to authenticate,and the server responds with a confirmation or denial of authentication after comparing the credentials to thoses in its database.not very secure and rarely used |
pretty good privacy | a key based encryption system for email that uses a two step verification process |
phishing | a practice in which a person attempts to glean access or authentication information by posing as someone who needs the information |
public key infrastructure | the use of certificate authorities to associate public keys with certain users |
port authentication | a technique in which a clients identity is verified by an authentication server before a port,whether physical or logical,is opened for the clients layer 3 traffic. |
port forwarding | the process of redirecting traffic from its normally assigned port to a different port,either on the client or server.can send data exchanges that are normally insecure thru encrypted tunnels. |
port mirroring | a monitoring technique in which one port on a switch is configured to send data a copy of all its traffic to a second port |
port scanner | software that searches a server,switch,router,or other device for open ports,which can be vulnerable to attack. |
principal | a user or client |
private key encryption | the sender and receiver use a key to which only they have access.also known as symmetric encryption |
proxy server | a network host that runs a proxy service.also known as gateways |
proxy service | a software application on anetwork host that acts as an intermediary between the external and internal networks,screening all incoming and outgoing traffic and providing one address to the outside world,instead of revealing the address of internal lan |
public key encryption | data is encrypted using two keys.one key is known only to the user.the other key is associated with the user and that can be obtained from a public source,such as a key server.also known as asymmetric encryption |
public key server | a publicly available host,internet host,that provides free access to a list of users public keys |
remote authentication dial in user service | a protocol that uns over udp and provides centralized network autherntication and accounting for multiple users.commonly used with dial up networking,vpn,and wireless connections |
radius server | offers centralized authentication services to a networks access server,vpn server,or wireless access point |
rc4 | an asymmetric key encryption technique that weaves a key with data multiple times as a computer issues the stream of data.can be as long as 2084 bits.highly secure and fast |
rijndael | the algorithim used for aes encryption |
rsa | an encryption algorithim that creates a key by randomly choosing two large prime numbers and multiplying them together.popular for ecommerce transactions |
secure cpPy | a method for copying files securely between hosts. |
security audit | an assessment of an organizations security vulnerabilities. |
security policy | a document or plan that identifies an organizations security goals,risks,levels of authority,designated security coordinator and team members,responsibilities of each tean member and employee,specifies how to address security breaches |
server_hello | a message from the server to the client that confirms the information the server received in the client_hello message.agrees to certain terms of encryption based on the options the client supplied. |
session key | a key issued to both the client and the server by the authentication service that uniquely identifies their session |
secure file transfer protocol | available with the proprietary version of ssh that copies files between hosts securely |
sftp | first establishes a connection with a host and then allows a remote user to browse directories,list files,and copy files.encrypts data before transmitting it |
smurf attack | a threat to network hosts in which the host is flooded with broadcast ping messages.a type of denial of service attack |
social engineering | the act of manipulating personal relationships to circumvent network security measures and gain access to a system |
secure shell | a connection utility that provides authentication and encryption.you can securely log onto a host,execute commands on the host,copy files to or from the host.encrypts data exchange thru the session. |
secure sockets layer | a method of encrypting tcp/ip transmissions,including web pages and data entered into web forms,en route between the client and server using public key encryption technology. |
ssl session | an association between the client and server that is defined by an agreement on a specific set of encryption techniques. |
ssl session | allows the client and server to continue to exchange data securely as long as the client is still connected to the server.established by the ssl handshake protocol |
stateful firewall | capable of monitoring a data stream from end to end. |
stateless firewall | capable of only examing packets individually.perform more quickly than stateful firewalls,not as sophisticated |
symmetric encryption | requires the same key to encode the data as is used to decode the ciphertext. |
terminal access controller access control system | a centralized authentication system for remote access ervers that is similiar to but older then radius. |
ticket granting service | an application that runs on the kdc that issues ticket granting tickets to clients so that they need not request a new ticket for each new service they want to access |
three way handshake | an authentication process that involves three steps |
ticket | a temporary set of credentials that a client uses to prove that its identity has been validated by an authenticated service |
temporal key integrity protocol | an encryption key generation and management scheme used by 802.11i |
transport layer security | uses slightly different encryption algorithims that ssl but is very similiar to the most recent version of ssl |
triple des | weaves a 56 bit key thru data three times,each time using a different key |
vpn connector | a specialized device that authenticates vpn clients and establishes tunnels for vpn connections |
war driving | the act of driving while running a laptop configured to detect and capture wireless data transmission |
wired equivalent privacy | a key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit. |
wi-fi alliance | an international non profit organization dedicated to ensuring the interoperability of 802.11 capable devices |
wi-fi protected access | a wireless ecurity method considered a subset of the 802.11i standard |
wpa | authentication follows the same standard as 802.111. only difference is that wpa specifies rc4 encryption rather then aes. |
wpa2 | includes support for the older wpa security method. |