Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CIT294 Chapter 1

CIT294 Ethical Hacking Chapter 1 Terms

QuestionAnswer
Ethical hacker Security professional who “hacks” into systems/networks using pen testing to id security risks/vulnerabilities so the threat can be mitigated. Act in a professional manner gaining trust, getting permission, working within the federal/states laws.
Cracker Hacker who uses hacking skills and tools for destructive or offensive purposes to compromise or bring down systems and networks. Also known as a malicious hacker.
White hats Ethical hackers; good guys. Use hacking skills to locate weaknesses and implement countermeasures to protect the system or network. Always have permission from the owner.
Black hats Malicious hackers; bad guys. Also known as crackers. Use skills for illegal or malicious purposes.
Gray hats Good or bad guys; depending on the situation. May use hacking tools to gain access to a system or network without permission, but without malicious intent.
Penetration test Testing the security of a system/network using the same tools/steps as the malicious hacker to determine what he can see and do with that information. Includes the details of the hacking methods, and tests performed as well as any vulnerabilities found.
Basic elements of security Confidentiality, Authenticity, Integrity, and Availability
Example of attack on Availability DoS (Denial of Service) attack
Example of attack on Confidentiality Stealing Passwords
Example of attack on Integrity Bit-flipping
Example of attack on Authentication MAC address spoofing
DoS Denial of Service attack is a Availability attack which purpose is to use the system resources or bandwidth until the system fails.
Bit-flipping Integrity attack on a cryptographic cipher; the attacker changes the cipher text in a way that the plain text is changed from the text originally sent. The attacker is unable to read the text, but so is the intended receiver.
MAC address spoofing Authentication attack that allows an unauthorized device to connect to the network by ‘spoofing’ the MAC address of a legitimate client. The intruder can then use the network.
Tiger Team team of specialized ethical hackers hired to test the network and systems to find vulnerabilities. Each member of the team has distinct specialties.
Threat An environment or situation that could lead to a breach of security.
Exploit A piece of software or technology that takes advantage of a bug, vulnerability leading to unauthorized access, privilege escalation, or denial of service on a computer system.
Vulnerability The existence of a software flaw, logic design, or implementation error that can lead to unexpected and undesirable event.
Target of Evaluation (TOE) A system, program, or network that is the subject of a security evaluation or attack. Ethical hackers are concerned with the high value TOEs that contain sensitive information such as passwords, account numbers, SSNs, or other confidential data.
Attack Occurs when a system is compromised based on a vulnerability . Many attacks are perpetrated via an exploit.
Remote exploit Sent over a network and exploits vulnerabilities without prior access to the system. Hacking from outside the corporate network.
Local exploit Exploit delivered directly to the system which requires prior access to the system to increase privileges. Most hacking attempts occur from within an organization by employees, contractors, or other trusted position.
Five Phases of Ethical Hacking Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks
Passive Reconnaissance Gathering information about a potential target without their knowledge. Methods include information gathering and sniffing the network.
Active Reconnaissance Actual probing of the network to find out hosts, IP addresses, and services used on the network. Involves more risk and is also called “Rattling the Doorknob”
Scanning Using the information gathered during Reconnaissance and using it to examine the network. Tools include: dialers, port scanners, ICMP scanners, Ping sweeps, etc. Hackers are looking for; computer names, OS used, IP addresses, services, etc.
Gaining Access Phase 3 is when the vulnerabilities exposed during Phase 1 and 2 are exploited to gain access to the system/network. Also known as “Owning” the system in the hacker world.
Maintaining Access Hackers harden the system from security personnel by installing backdoors, rootkits, and Trojans. Owned system can be known as a zombie system used to launch additional attacks.
Covering Tracks Methods used to avoid detection by security personnel, continue to own the system, to remove evidence of hacking, and avoid legal action.
Malware All forms of malicious software including: Trojans, backdoors, rootkits, viruses, etc.
Four areas of weakness OSs, Apps, Shrink-Wrap code, and Misconfigurations
Shrink-Wrap Code Off the Shelf programs come with special features which can be used to exploit the system.
Remote Network Hack Intruder launching attack over the Internet. Look for vulnerabilities in the outside defenses such as the firewall, proxy, or other router vulnerabilities.
Remote Dial-Up Network Hack Attack is launched against modem pools. War Dialing is process of repetitive dialing to find and open system and is an example of this type of attack.
Local Area Network Hack Someone with physical access gaining additional unauthorized access using the LAN. WLANs fall into this category.
Stolen Equipment Hack Theft of a employee laptop for example which allows the hacker to gain information about the usernames, passwords, security settings, etc.
Social Engineering Hack Checks the security and integrity of the organizations employees by using the telephone or face to face contact. Usually hacker calling help desk and talking the employee into giving out confidential security information.
Physical Entry Hack Hacker gains physical entry and can plant viruses, Trojans, rootkits, or key loggers. Can also plant a rogue devices such as a wireless access point to access the network from a remote location.
Black Box Testing Performing a security evaluation and testing with no prior knowledge of the network infrastructure or system to be tested.
White Box Testing Performing a security evaluation and testing with prior knowledge of the network infrastructure to be tested.
Gray Box Testing Performing a security evaluation and testing internally
Active Attack Alter the system or network they are attacking and affect the availability, integrity, and authenticity of data.
Passive Attack Attempt to gain information from the system or network they are attacking. Passive attacks are breaches of confidentiality.
Inside Attack Attack originates from inside the perimeter of the organization and is a employee or other trusted position that gains access to more resources than they are authorized to use.
Outside Attack Attack originates from outside the organization, such as the Internet or remote access connection.
Vulnerabilities Research Process of discovering vulnerabilities and design weaknesses that could lead to an attack on a system. Passively looking for security holes.
Hacktivism Hacking for a cause. These hackers usually have a social or political agenda.
Created by: Leisac