Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

chapter 12 terms 1

chpt 12 vocabulary

802.11i standard for wireless network encryption and authentication that uses the EAP authentication method,strong encryption,and dynamically assigned keys,which are different for every transmission
802.11i specifies AES encryption and weaves a key into each packet
authentication,authorization,and accounting the name of a category of protocols that establish a clients identity;check the clients credentials and,based on those,allow or deny access to a system or network;and finally track the clients system or network usage
access control lost a list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria
advanced encryption standard a private key encryption algorithim that weaves keys of 128,160,192, or 256 bits through data multiple times
aes replaced des in situations such as military communications,which require high level security.the algorithim used in the most popular form of aes is known as rijndael
authentication header a type of encryption that provides authentication of the ip packets data payload thru public key techniques
authentication service the process that runs on a key distribution center to initially validate a clients logging on.issues a session key to the client and to the service the client wants to access
asymetric encryption type of encryption that uses a different key for encoding data than is used for decoding the ciphertext
authentication protocol a set of rules that governs how servers authenticate clients.
authenticator the users time stamp encrypted with the session key.is used to help the service verify that a users ticket is valid
biorecognition access a method of authentication in which a device scans an individuals unique physical characteristics to verify the users identity
brute force attack an attempt to discover an encryption key or password by trying numerous possible chracter combinations.
certificate authority an organization that issues and maintains disital certificates as part of the public key infrastructure
challenge a random string of text issued from one computer to another in some forms of authentication.is used along with a password to verify the computers credentials
challenge handshake authentication protocol operates over ppp and that requires the authenticator to take the first step by offering the other computer a challenge.requestor responds by combining the challenge with its password.
chap authenticator matches to see if the requestors encrypted string of text matches its own string of characters.if everything matches up the requestor is granted access
ciphertext the unique data block that results when an original piece of data is encrypted
client_hello a message issued from the client to the server that contains information about what level of security the clients browser is capable of accepting and what type of encryption the clients browser can decipher
client_hello establishes a randomly generated number that uniquely identifies the client,plus abother number that identifies the ssl session
content filtering firewall can block designated types of traffic from entering a protected network
cracker a person who uses his knowledge of operating systems and utilities to intentionally damage or destroy data or systems
denial of service attack a security attack caused by a deluge of traffic that disables the victimized systems
data encryption standard a popular private key encryption technique that was developed by ibm in the 1970s
dictionary attack a technique in which hackers run a program that tries a combination of a known user id and,for a password,every word in a dictionary to attempt to gain access to a network
diffie-hellman the first commonly used public,or asymmetric, key algorithim.
digital certificate a password protected and encrypted file that holds an individuals identification information,including a public and private key.
digital certificate the individuals public key is used to verify the senders digital signature,and the private key allows allows the individual to log on to a third party authority who administers digital certificates
demilitarized zone the perimeter of a protected internal network where users,both authorized and unauthorized,from external networks can attempt to access it.firewalls and ids/ips systems are typically placed here.
dns spoofing a security attack in which an outsider forges name server records to falsify his hosts identity
extensible authentication protocol a data layer link protocol defined by the ietf
eap specifies the dynamic distribution of encryption keys and a preauthentication process in which a client and server exchange data via an intermediate node,example an access point on a wireless lan
eap only after they have mutually authenticated can the client and server exchange encrypted data.can be used with multiple authentication and encryption schemes.
encryption the use of an algorithim to scramble data into a format that can be read only by reversing the algorithim,decrypting the data,to keep the information private.
encryption the most popular kind of algorithim weaves a key into the original data bits,sometimes several times in different sequences,to generate a unique data block.
encapsulation security protocol a type of encryption that provides authentication of the ip packets data payload thru public key techniques.encrypts the entire ip packet for added security
flashing a security attack in which an internbet user sends commands to another internet users machine that cause the screen to fill with garbage characters.causes the user to terminate his session
hacker a person who masters the inner workings of operating systems and utilities in an effort to better understand them.is distinguished from a cracker in that a cracker attempts to explloit a networks vulnerabilities for malicious purposes.
handshake protocol allows the client and server to authenticate ,or introduce,each other and establishes terms for how they securely exchange data during and ssl session
host based firewall only protects the computer onwhich it is installed
http over secure sockets layer the url prefix that indicates that a web page requires its data to be exchanged between client and server using ssl encryption.
https uses the port number 443
intrusion dectection system a dedicated service or software running on a host that monitors and flags any unauthorized attempt to access an organizations secured resources on a network or host
internet key exchange the first phase of ipsec authentication,which accomplishes key management.a service that runs on udp port 500
ike established the rules for the type of keys two nodes use,involves its second phase,encryption
intrusion prevention system a dedicated device or software running on a host that automatically reacts to any unauthorized attempt to access an organizations secured resources on a network or host.often combined with ids.
internet protocol security layer 3 protocol that defines encryption,authentication,and key management for tcp/ip transmissions.an enhancement to ipv4 and is native to ipv6.
ips unique among authentication methods in that it adds security information to the ehader of all ip packets
ip spoofing a security attack in which an outsider obtains internal ip addresses,then uses thoses addresses to pretend that he has authority to access a private network from the internet
key distribution center the server that runs the authentication service and the ticket granting service to issue keys and tickets to clients
kerberos a cross platform authentication protocol that uses key encryption to verify the identity of clients and to securely exchange information after a client logs on to a system.its an example of a private key encryption service
key a series of characters that is combined with a block of data during that datas encryption.to decrypty the resulting data,the recipient must also possess the key.
key management the method whereby two nodes using key encryption agree on common parameters for the keys they will use to encrypt data
key pair the combination of a public and private key used to decipher data that was encrypted using public key encryption
man in the middle attack a security threat that relies on intercepted transmissions.can take on several forms.a person redirects or captures secure data traffic while in transit
microsoft challenge authentication protocol version 2 follows the chap model but uses stronger encryption,uses different encryption keys for transmission and reception,and requires mutual authentication between two computers
mutual authentication a scheme in which both computers verify the credentials of each other
network based firewall configured and positioned to protect an entire network
network key a key or character string required for a wireless station to associate with an access point using wep.
openssh an open source version of the ssh suite of protocols
packet filtering firewall a router that operates at the data link layer and transport layers of the osi model,examing the header of every packet of data that it receives to determine whether that type of packet is authorized to continue to its destination.also known as screening
password authentication protocol operates over the ppp.using pap a client issues its credentials in a request to authenticate,and the server responds with a confirmation or denial of authentication after comparing the credentials to thoses in its database.not very secure and rarely used
pretty good privacy a key based encryption system for email that uses a two step verification process
phishing a practice in which a person attempts to glean access or authentication information by posing as someone who needs the information
public key infrastructure the use of certificate authorities to associate public keys with certain users
port authentication a technique in which a clients identity is verified by an authentication server before a port,whether physical or logical,is opened for the clients layer 3 traffic.
port forwarding the process of redirecting traffic from its normally assigned port to a different port,either on the client or server.can send data exchanges that are normally insecure thru encrypted tunnels.
port mirroring a monitoring technique in which one port on a switch is configured to send data a copy of all its traffic to a second port
port scanner software that searches a server,switch,router,or other device for open ports,which can be vulnerable to attack.
principal a user or client
private key encryption the sender and receiver use a key to which only they have access.also known as symmetric encryption
proxy server a network host that runs a proxy service.also known as gateways
proxy service a software application on anetwork host that acts as an intermediary between the external and internal networks,screening all incoming and outgoing traffic and providing one address to the outside world,instead of revealing the address of internal lan
public key encryption data is encrypted using two keys.one key is known only to the user.the other key is associated with the user and that can be obtained from a public source,such as a key server.also known as asymmetric encryption
public key server a publicly available host,internet host,that provides free access to a list of users public keys
remote authentication dial in user service a protocol that uns over udp and provides centralized network autherntication and accounting for multiple users.commonly used with dial up networking,vpn,and wireless connections
radius server offers centralized authentication services to a networks access server,vpn server,or wireless access point
rc4 an asymmetric key encryption technique that weaves a key with data multiple times as a computer issues the stream of data.can be as long as 2084 bits.highly secure and fast
rijndael the algorithim used for aes encryption
rsa an encryption algorithim that creates a key by randomly choosing two large prime numbers and multiplying them together.popular for ecommerce transactions
secure cpPy a method for copying files securely between hosts.
security audit an assessment of an organizations security vulnerabilities.
security policy a document or plan that identifies an organizations security goals,risks,levels of authority,designated security coordinator and team members,responsibilities of each tean member and employee,specifies how to address security breaches
server_hello a message from the server to the client that confirms the information the server received in the client_hello message.agrees to certain terms of encryption based on the options the client supplied.
session key a key issued to both the client and the server by the authentication service that uniquely identifies their session
secure file transfer protocol available with the proprietary version of ssh that copies files between hosts securely
sftp first establishes a connection with a host and then allows a remote user to browse directories,list files,and copy files.encrypts data before transmitting it
smurf attack a threat to network hosts in which the host is flooded with broadcast ping messages.a type of denial of service attack
social engineering the act of manipulating personal relationships to circumvent network security measures and gain access to a system
secure shell a connection utility that provides authentication and encryption.you can securely log onto a host,execute commands on the host,copy files to or from the host.encrypts data exchange thru the session.
secure sockets layer a method of encrypting tcp/ip transmissions,including web pages and data entered into web forms,en route between the client and server using public key encryption technology.
ssl session an association between the client and server that is defined by an agreement on a specific set of encryption techniques.
ssl session allows the client and server to continue to exchange data securely as long as the client is still connected to the server.established by the ssl handshake protocol
stateful firewall capable of monitoring a data stream from end to end.
stateless firewall capable of only examing packets individually.perform more quickly than stateful firewalls,not as sophisticated
symmetric encryption requires the same key to encode the data as is used to decode the ciphertext.
terminal access controller access control system a centralized authentication system for remote access ervers that is similiar to but older then radius.
ticket granting service an application that runs on the kdc that issues ticket granting tickets to clients so that they need not request a new ticket for each new service they want to access
three way handshake an authentication process that involves three steps
ticket a temporary set of credentials that a client uses to prove that its identity has been validated by an authenticated service
temporal key integrity protocol an encryption key generation and management scheme used by 802.11i
transport layer security uses slightly different encryption algorithims that ssl but is very similiar to the most recent version of ssl
triple des weaves a 56 bit key thru data three times,each time using a different key
vpn connector a specialized device that authenticates vpn clients and establishes tunnels for vpn connections
war driving the act of driving while running a laptop configured to detect and capture wireless data transmission
wired equivalent privacy a key encryption technique for wireless networks that uses keys both to authenticate network clients and to encrypt data in transit.
wi-fi alliance an international non profit organization dedicated to ensuring the interoperability of 802.11 capable devices
wi-fi protected access a wireless ecurity method considered a subset of the 802.11i standard
wpa authentication follows the same standard as 802.111. only difference is that wpa specifies rc4 encryption rather then aes.
wpa2 includes support for the older wpa security method.
Created by: cgeaski