1000BaseT: - 1,000 Mbps (1 Gbps) baseband Ethernet using twisted pair wire.
10Base5: - 10 Mbps Ethernet using coaxial cable (thicknet) rated to 500 meters.
10BaseT: - 802.3 IEEE Ethernet standard for 10 Mbps Ethernet using coaxial cable
(thinnet) rated to 185 meters.
2.5G: - 2G cellular systems combined with GPRS are often described as 2.5G, that
is, a technology between 2G & 3G.
3G:
3G is the third generation of tele standards and technology for mobile networking,
superseding 2.5G. It is based on the International Telecommunication Union (ITU)
family of standards under the
IMT-2000: 3G networks enable network op's to offer wider range of more adv serv's
while prov more capacity through imprv'd spectral efficiency. Services include
wide-area wireless voice telephony, video calls, and broadband wireless data all
in a mobile environment. Unlike IEEE 802.11 networks, aka Wi-Fi or WLAN networks,
3G networks are wide-area cellular telephone networks that evolved to incorporate
high-speed
Internet access and video telephony.
IEEE 802.11 networks are short range, high-bandwidth networks prim dev for data.
802.10: - IEEE standard that specifies security and privacy access methods for
LANs.
802.11: IEEE standard that specifies 1 Mbps and 2 Mbps wireless connectivity.
Defines aspects of frequency hopping and direct-sequence spread spectrum (DSSS)
systems for use in the 2.4 MHz ISM (industrial,
scientific, medical) band. Also refers to teh IEEE committee responsible for
setting wireless LAN standards.
802.11b: Specifies high-speed wireless connectivity in the 2.4 GHz ISM band up
to 11 Mbps.
802.11b. - Same 2.4 GHz band as microwv, Bluetooth, cordless phones, and baby
monitors interference.
802.1x: IEEE 802.1x is an IEEE Standard for port-based Network Access Control
(port: meaning a single point of attachment to the LAN infrastructure). It is the
protocol used for most wireless
Access modes: Mode set for a user on a volume: Read, write, none.
ACO:
AES-CCMP: - Part of the WPA2 protocol and an optional part of the WPA protocol.
CCMP replaced TKIP & WEP encryption protocols. It's based on AES, obv. Name:
Counter Mode with Cipher Block Chaining Message
AH: - Authentication Header (AH): IPSec uses two protocols for security.
Application Layer The top layer of the OSI model, which is concerned with
application programs. It provides services such as file transfer and email to the
network's end users.
proxy traffic instead of routing it. As it works on the application layer, it may
inspect the contents of the traffic, blocking what the firewall administrator
views as inappropriate content, such as websites,
viruses, att to exp known flaws in client software, etc. An application layer
firewall does not route traffic on the network layer.
ARP - Address Resolution Protocol (ARP): A TCP/IP protocol that binds logical
(IP) addresses to physical addresses.
Basel II - is the second of the Basel Accords (issued by the Basel Committee on
Banking Supervision), init pub in 2004 as an international standard on banking
reserves.
BAT files - In DOS, OS/2, and Microsoft Windows, a batch file is a text file
containing a series of commands intended to be executed by a single command. Flat
files that enable one to automatically check-in, delete, or update many files at
once.
baud rate The number of signal pulses that occur in one second.
The Bell-La Padula model is a state machine used by the DoD for enforcing
access control in gov & mil applications. The model is a formal state transition
model of computer security policy that describes a set of access control rules
that uses labels to characterize objects and clearances to characterize subjects.
binaries
binary file - is a computer file which may contain any type of data, encoded in
binary form for computer storage and processing purposes.
BIOS The Basic Input/Output System (BIOS): The BIOS is the first program to run
when the computer is turned on. BIOS initializes and tests the computer hardware,
loads and runs the operating system, and manages setup for making changes in the
computer.
Blowfish This is a keyed, symmetric block cipher, des in 1993. There has been no
meaningful cryptanalysis exacted on Blowfish. It is solid, however AES now
receives more attention.
encryp
Bridge A network bridge connects multiple network segments at the data link
layer (layer 2) of the OSI model, and the term layer 2 switch is very often used
interchangeably with bridge.
CAM table Content Addressable Memory (CAM) table is a common term usually
referring to the Dynamic Content Addressable Memory on an Ethernet switch. The
table provides the switch with addresses to
forward a recieved signal to, a hub does not - so they all get the passed on or
outbound signal.
Category 1 twisted pair wire Used for early analog telephone communications; not
suitable for data.
Category 2 twisted pair wire Rated for 4 Mbps and used in 802.5 token ring
networks.
Category 3 twisted pair wire Rated for 10 Mbps and used in 802.4 10Base-T Ethernet
networks.
Category 4 twisted pair wire Rated for 16 Mbps and used in 802.5 token ring
networks.
Category 5 twisted pair wire Rated for 100 Mbps and used in 100BaseT Ethernet
networks.
CDDI Copper Data Distributed Interface: A version of FDDI specifying the use of
unshielded twisted pair wiring.
CDMA Code Division Multiple Access, a cellular tech that competes with GSM tech
for global domination.
CDPD Cellular Digital Packet Data (CDPD): A technology that never made it due to
being relatively expensive. It was/is unique in that it would harnessed unused but
open frequencies of a band.
CERIAS The Center for Education and Research in Information Assurance and
Security (CERIAS): a well-known leader in research in computer, network, and
information security and information assurance.
Checksum Synonymous with message digest, hash, hash value, hash total, CRC,
fingerprint, checksum, and digital ID.
CNAME - DNS Records: (canonical name) Provides additional names or aliases for the
address record
Collission domain Aka - Shared Ethernet hub. A component that provides Ethernet
connections among multiple stations sharing a common collision domain.
COM - Common Object Model: A model that allows two software components to
communicate with each other independent of their platforms' operating systems and
languages of implementation. As in the object-oriented paradigm, COM works with
encapsulated objects.
Common & practical defenses against SQL injection 1. Perform input validation;
2. Limit account privileges.
Companion files Supporting system files like DLL and INI files
Ethernet 802.3, the station continues to wait for a time, and checks to see if the
channel is still free. If it is free, the station transmits, and waits for an
acknowledgment signal that the packet was received. Collision avoidance is used on
WLAN's because it is not possible to listen while sending, so CA is used over CD.
DB-9 A standard 9-pin connector commonly used with RS-232 serial interfaces on
portable computers. The DB-9 connector does not support all RS-232 functions.
DBMS Database Management System (DBMS) Architecture: a variety exists today, but
the majority of current sys's implement a technology known as relational database
management systems (RDBMSs).
DCOM A distributed object model that is similar to the Common Object Request
Broker Architecture (COBRA). DCOM is the distributed version of COM that supports
remote objects as if the objects reside in the client's address space. A COM
client can access a COM object through the use of a pointer to one of the object's
interfaces and then invoke methods through that pointer.
DICOM Dumper
DICOM Dumper is a simple utility for decoding and dumping the content of DICOM 3.0
files
Difference between network address and ip address - To determine what the network
address is for any given IP address, you merely have to convert both octal
addresses into binary, and do a bitwise AND
operation. An example using an IP address of 156.154.81.56 used with a network
mask of 255.255.255.240 follows:
IP Address: 10011100.10011010.01010001.00111000
Kerberos with Directory Services, each an SSO. Directory services and Kerberos are
examples of SSO mechanism.
DLL - The Data Link Layer is responsible for producing Ethernet frames from
bytes and bytes from bits.
DLL Data Link Layer: The OSI level that performs the assembly and transmission
of data packets, including error control.
DQDB - The IEEE 802.6 standard that provides full-duplex 155 Mbps operation
between nodes in a metropolitan area network.
EAL - Evaluation Assurance Level (EAL): In the Common Criteria, the degree of
examination of the product to be tested. EALs range from EA (functional testing)
to EA7 (detailed testing and formal design verification).
EDGE - Enhanced Data Rates for GSM Evolution (EDGE): '99 release. First
generation.
Ethernet - An industry-standard local area network media access method that uses
a bus topology and CSMA/CD. IEEE 802.3 is a standard that specifies Ethernet.
Ethernet switch - More intelligent than a hub, with the capability to connect the
sending station directly to the receiving station.
FBA - Forms Based Authentication (FBA): simply use a form to send encrypted
authentication credentials via HTTPS.
FDDI - Fiber distributed data interface (FDDI) provides a standard for data
transmission in a local area network that can extend in range up to 200
kilometers. Alth, FDDI protocol is a token ring network, it
does not use the IEEE 802.5 token ring protocol as its basis. FDDI-II adds the
capability to add circuit-switched service to the network so that it can also
handle voice and video signals.
FDMA - A digital radio technology that divides the available spectrum into
separate radio channels. FDMA is generally used in conjunction with time division
multiple access (TDMA) or code division multiple
access (CDMA).
FDX Full-duplex.
FHSS - A method used to share the avail bandwidth in 802.11b WLANs. FHSS takes
the data signal and modulates it with a carrier signal that hops from frequency to
frequency on a cyclical basis over a wide band of frequencies. FHSS in the 2.4 GHz
frequency band will hop between 2.4 GHz and 2.483 GHz. The receiver must be set to
the same hopping code.
Fiestel cipher An iterated block cipher that encrypts by breaking a plaintext
block into two halves and, with a subkey, applying a "round" transformation to one
of the halves. The output of this transformation is then XOR'd with the remaining
half. The round is completed by swapping the two halves.
File system journaling - A file system that logs changes to a journal (usu in a
cicular log) before committing them to the main file system. Such systems are less
likely to become corrupted in the event of a system crash.
FIN Scan - A FIN scan is similar to an XMAS scan but sends a packet with just
the FIN flag set. FIN scans receive the same response and have the same
limitations as XMAS scans.
FIPS - Federal Information Processing Standard.
firewall - A network device that shields the trusted network from unauthorized
users in the untrusted network by blocking certain specific types of traffic. Many
types of firewalls exist, including packet
filtering and stateful inspection.
FISA - Federal Intelligence Surveillance Act (FISA) of 1978: An act that limited
wiretapping for national security purposes as a result of the Nixon
Administration's history of using illegal wiretaps.
Flag meaning: ACK? Acknowledge. This flag is used to indicate the sender of
the ACK flag has established a connection, from his/her own side of the
connection.
form data Data captured in an HTML or XHTML form, hence "form data.
"
FSK - frequency shift keying (FSK): A modulation scheme for data communication
using a limited number of discrete frequencies to convey binary information.
Full duplex - If transmit data and receive data are separate circuits, transmission
can occur in a concurrent flow in both directions: full duplex.
Gateway - Gateways work on all seven OSI layers. The main job of a gateway is
to convert protocols among communications networks. A router by itself transfers,
accepts and relays packets only across networks using similar protocols. A gateway
can accept a packet in protocol A and convert it to B before forwarding it. A
network component that provides interconnectivity at higher network layers.
gigahertz
Google hacking - examples? passwords, credit card numbers, medical records and
other confidential information
GPG - GNU Privacy Guard: G(eneral Public License) Privacy Guard allows one to
encrypt and sign one's data.
GSM - Global System for Mobile (GSM) communications: The most popular standard
for mobile phones in the world. The GSM logo serves to identify compatible
devices. Both voice and data transmission is transmitted in the digital format.
Global System for Mobile (GSM) Communications: The wireless analog of the ISDN
landline system.
guard - A processor that provides a filter between two disparate systems operating
at different security levels or between a user terminal and a database to prevent
unauth access.
HDLC ?
high-level data link control - An ISO protocol for link synchronization and error
control.
high-speed encryption chips - Self-evident. The U.S. fed government in '90 began
using the services of Newbridge Networks for their high-speed public key data
encryption system (which was orig produced by
hotfixes - A hotfix was originally the term applied to software patches that
were applied live, i.e., to still running programs. Similar use the term can be
seen in Hot Swappable Disk Drives. A patch: single, comprehensive file.
How can you stop a DoS or DDoS attack? - Use the same commands an attacker would
use to stop the attack.
How do you prevent ARP spoofing? - To prevent ARP spoofing, permanently add the
MAC address of the gateway to the ARP cache on a system. You can do this on a
Windows system by using the
ARP -s command at
the command line and appending the gateway’s IP and MAC addresses.
How many types of packets? - Each logical network uses discrete data messages
called packets. The logical network packet at the generic level consists of
information about the source, destination, and data payload.
Hping2
Hping - is a free packet generator and analyzer for the TCP/IP protocol.
HTML, purpose of A standard used on the Internet for defining hypertext links
between documents.
IA - Information Assurance
IAC - Inquiry access code; used in inquiry procedures. The IAC can be one of two
types: a dedicated IAC for specific devices or a generic IAC for all devices.
IADS - Integrated Access Device (IAD): is a customer premises device that
provides access to wide area networks and the Internet. Specifically, it
aggregates multiple channels of information including voice
and data across a single shared access link to a carrier or service p PoP. The
access link may be a T1 line, a DSL connection, a cable network, a broadband
wireless link, or a metro-Ethernet connection.
IBE - Identity-Based Encryption: The IBE concept proposes that any string can be
used as an individual's public key, including his or her email address.
ICANN The Internet Corporation for Assigned Names and Numbers Whois, DNslookup
IDEA - International Data Encryption Algorithm (IDEA): IDEA is a block cipher adv
in 1991 to replace DES. It is licensed in all countries where it is patented by
MediaCrypt. type encryption
ID
IDLE scan - An IDLE scan uses a spoofed IP address to send a SYN packet to a
target. Depending on the response, the port can be determined to be open or
closed. IDLE scans determine port scan response by
monitoring IP header sequence numbers.
IETF - Internet Engineering Task Force (IETF): develops and promotes Internet
standards, cooperating closely with the W3C and ISO/IEC standard bodies and
dealing in particular with standards of the TCP/IP and
N.S.A.
IP Address: 10011100.10011010.01010001.00111000
Result: 10011100.10011010.01010001.00110000
As you can see, the network address for the IP address and subnet mask in question
is 156.154.81.48. To determine the how many hosts are possible to be on this same
subnet, it is a simple operation. Count the number of bits from the right until
you get to the first "1" in the binary network address display. That number will
be the power you raise 2 to for the calculation of possible number of hosts. You
must also subtract two from the result because one address is reserved for
broadcast and network addresses. This leaves you with the final algorithm of 2^n-
2. In this case there are 4 bits of 0 in the network address, leaving you with
2^4-2 hosts possible, or 14 hosts. This means that your network address is
156.54.81.48, that you have a range of addresses available to hosts from
156.154.81.49 - 156.154.81.62, and that the broadcast address for this network is
156.154.81.63.
IKE - Internet key exchange (IKE): is the protocol used to set up a security
association in the IPSec protocol suite. IKE uses a Diffie-Hellman key exchange to
set up a shared session secret, from which
crypto keys are derived. IKE was orig est in '98.
In MAC OS X, what kind of DNS record is created when you add an alias in Server
Admin? CNAME
increment value size in bytes?
INI files - The de facto standard for configuration files. INI files are simple
text files with a basic structure. Windows files.
IPv4 - Internet Protocol version 4 is the 4th iteration of the Internet Protocol
and it is the first version of the protocol to be widely used. This is the now
currently used format - and it is 20 years old.
The current first version of IP, in which an IP address has 2 parts. The 1st is
the network ID and the 2nd is the host ID. IPv4 is a four byte, 32 bit IP address
of the form: 255.255.255.255.
IPX - A routing protocol. Routing protocols are located at the Network layer:
layer 3.
IR - infrared light (IR): light waves that range in length from about 0.75 to
1,000 microns; this is a lower frequency than the spectral colors but a higher
frequency than radio waves.
IRC - Internet Relay Channel (IRC): A chat sys fin in the late '80s. IRC
technology was novel because it allowed for more than 2 people to chat. IRC is an
app that one installs on one's computer and it sends
& rec's to/from an IRC server. It is a known security liability.
IRQ - users of online services, such as sports scores, etc. look up better
definition.
ISM - industrial, scientific, and medicine bands (ISM): Radio frequency bands
authorized by the FCC for wireless LANs. The ISM bands are located at 902 MHz,
2.400 GHz, and 5.7 GHz. The transmitted power is commonly less than 600mw. No FCC
license is req to send/receive in these bands.
ISN - Initial Sequence Number
ITV-T standard X.509 is an ITV-T standard for a public key infrastructure (PKI)
for single-sign on and privilege management.
IVC - Integrity check value; In WEP encryption, the frame is run through an
integrity algorithm, and the generated IVC is placed at the end of the encrypted
data in the frame.
knowledge base Refers to the rules and facts of the particular problem domain in
an expert system.
Land - A DoS attack that consists of sending a special poison spoofed packet to a
computer, causing it to lock up. ?same ip & port: no idea what this is
LAPB - Link Access Procedure Balanced (LAPB): is a data link layer protocol in
the x.25 protocol stack.
LAPB - is a bit-oriented protocol derived from HDLC that ensures that frames are
error free and in the
right sequence. LAPB is specified in ITU-T.
LDAP - Lightweight Directory Access Protocol (LDAP): most directory services are
based on LDAP. A directory functions much like in reality: It serves as a legend
to find system resources.
LEAF - A key exchange mechanism known as the Law Enforcement Access Field (LEAF).
LEAP - An early alt to WEP was WiFi Protected Access (WPA). It is based on the
LEAP and TKIP cryptosystem & emp a secr passphrase. Unfortunately, the use of a
single static passphrase is the downfall of WPA.
An attacker can just brute-force attack it to break it; it's time prohibitive, but
theoretically possible.
least privilege - The principle that requires each subject be granted the most
restrictive set of privileges needed to perform authorized tasks.
Mbps - Megabits per second (Mbps): One million bits per second.
Medium access - The Data Link Layer (DLL) function that controls how devices
access a shared medium.
The Metasploit Freeware framework tool to penetration test operating systems &
web server software.
MOSS - MIME Object Security Services (MOSS): a standard for encrypted messages
second to the S/MIME protocol.
Most common way to hijack a session? Send server a packet with RST or FIN flag
set and then coordinate communication with client.
multipath - The signal variation caused when radio signals take multiple paths
from transmitter to receiver.
multiplexer - A network component that combines multiple signals into one composite
signal in a form suitable for transmission over a long-haul connection, such as
leased 56 Kbps or T1 circuits.
MUX - multiplexing (MUX): a process whereby multiple analog message signals or
digital data streams are combined into one signal over a shared medium.
MX DNS Records: (mail exchange) Identifies the mail server for the domain
Name of message in layer 1? - bits: by this point the data has been converted
into bits for trans over the physical connection medium.
NCSC - Stands for National Computer Security Center, an initiative of the NSA
focused on information security.
NIC - Network Interface Card (NIC): An electronic computer chip that can
transmit and receive information in specified protocols
Nmap - Free open-source tool that can quickly & efficiently ping sweep, port
scan, service identification, IP address detection, OS detection. Nmap can scan a
large # of machines in a single session. It is
supported by many OS's: Unix, Windows, Linux, etc.
Nmap Free security scanner for network exploration & security: downloads for
Windows, UNIX, FreeBSD, Linux, Redhat, etc.
Nmap scan - TCP connect The attacker makes a full TCP connection to the target
system.
Nmap scan: Ack scan - This type of scan is used to map out firewall rules. ACK
scan only works on UNIX.
Nmap scan: Windows scan This type of scan is similar to the ACK scan and can
also detect open ports.
Metasploit Project and can be launched with the Metasploit framework on Windows.
Server message block. Designed to share file & printer.
NS - DNS Records: (name server) Identifies other name servers for the domain
NTLM - (NT LAN Manager) is a Microsoft authentication protocol used with the SMB
protocol.
NTFS - NTFS (dev by Microsoft) file system replacement for FAT file systems: impr
support for metadata, imp performance, allowance of ACL's, journaling, etc.
NTLM - NTLM (NT LAN Manager), not to be conf with LAN Manager, is a Microsoft
auth protocol used with the SMB protocol. The protocol uses a challenge-response
sequence iss'g 3 msg's bet client & server (node
req'ing auth). Uses tokens.
Null scan - This is an advanced scan that may be able to pass through firewalls
undetected or modified. Null scan has all flags off or not set. It only works on
UNIX systems. It is similar to XMAS and FIN scans in its limitations and response.
OCX - OCX is a file format. This file format is a Windows file format and is
easily infected with hazardous code. Object linking and Embedding (OLE) Control
Extension.
ODBC - Open Database Connectivity (ODBC) is a database (proxy like) feature that
allows applications to communicate with other & different databases without being
programmed specifically to do so.
one-time pad In crypto, the one-time pad (OTP) is an encryption algo where the
plaintext is combined with a random key or "pad" that is as long as the plaintext
and used only once. If the key generated is
truly random, and kept abs confidential, never re-used, then it provides perfect
secrecy.
OOB - Out-of-band
Open port - Open means that the target machine is accepting incoming requests on
that port.
OSI model - The Open Systems Interconnection Reference Model (OSI Reference Model
or OSI Model) is an abstract description for layered communications and computer
network protocol design. It was developed
as part of the Open Systems Interconnection (OSI) initiative. In its most basic
form, it divides network architecture into 7 layers. A layers is a collection of
conceptually similar functions that prov serv to the layer above it.
packet switch - A packet switch is a node used to build a network that utilizes
the packet switching paradigm for data communication. Can op at a # of diff
layers. One common class of contemp p switches: bridge, hub and router. Gen packet
switches only perf communication-rel functions.
connector (type DB-25) and is used to connect printers. A newer type of parallel
port is known as: Enhanced Parallel Port (EPP) or Extended Capabilities Port
(ECP).
Parser - Parsing is analysis of semantics at a fine granularity. The most
common use of a parser is as a component of a compiler or interpreter. This
compiles the source code of a computer prog lang to craete some form of internal
rep.
Passive sniffing -To capture only data that comes one's way is passive sniffing.
patch management - choosing how patches are to be installed and verified and
testing those patches on a nonproduction network prior to installation.
Patch management techniques - A process for testing, applying and logging patches
to a system should be defined and followed.
PCDP - Packet data convergence protocol one protocol in radio packet stack in
UMTS.
PCI DSS - PCI DSS: stands for Payment Card Industry Data Security Standard, and
is a worldwide security standard assembled by the Payment Card Industry Security
Standards Council (PCI SSC). PCI consists of
operational & technical standards to prevent fraud and hacking.
PDC-P Packet Data Convergence Protocol (PDCP): It is one of the layers of the
Radio Traffic Stack in UMTS and performs IP header compression and decompression,
transfer of user data and maintenance of
sequence numbers for Radio Bearers.
PEM - Privacy Enhanced Mail (PEM): an email encryption mechanism that provides
authentication, integrity, confidentiality, and nonrepudiation. PEM uses RSA, DES,
and X.509. encryp
PGP - Pretty good protection, an encryption suite for mail and possibly other
purposes.
PHP A language designed specifically implemented specifically on the server
side.
PHS - Psuedo-Hilbert Scan algorithm (PHS): This algo is used in digital image
processing, image compression, and pattern recognition.
PKCS
PMIs - have Sources of Authority (SOAs) and Attribute Authorities (AAs) that issue
Attribute Certificates (ACs) to users, instead of Certification Authorities (CAs)
that issue PKCs to users.
Port sweep scanning multiple hosts searching for a single specific port
Precomputation - Re Dictionary attack: Hashing out a bunch of dictionary entries
prior to beginning an attack so as to expedite the process.
protocols A set of rules and formats, semantic and syntactic, that permits
entities to exchange information.
Protocols that don't encrypt: name a few. HTTP, POP3, SNMP, FTP
Proxy firewall
Purpose of a signed message - To verify sender's identity and ensure that the
message wasn't tampered with in transit.
RC4 - Rivest Cipher 4 (RC4): RC4 is based on RSA. WEP employs RC4. WEP supports
only one-way authentication: client ->access point.
Relational database - A database that groups data using common attributes found
in the set. The resulting "clumps" of data are much easier for people to
understand. Basically, this is a standard expectation
like searching a set of houses in a database for val > 250k & size > 5k sq. ft.
RFC - Request for comment (RFC): In comp network engin, RFC is a memorandum
published by the Internet Engineering Task Force (IETF) describing methods,
behaviors, research or innovations applicable to the
working of the Internet and Internet-connected systems.
Rijndael - AES adv by these two Belgian cryptographers. The U.S. gov adopted
this algo. It is also used extensively all over the world. This algo was adv in
2001 and won a 5-year contest amongst contenders. guy who advanced encryp
theorem?
ring protection scheme - A new technology introduced by ITU to reduce ARP cache
spoofing. It sets up nodes so that IPs are consistent.
ring topology - A topology in which a set of nodes are joined in a closed loop.
RIP - Routing Information Protocol (RIP): A common type of routing protocol. RIP
bases its routing path on the distance (number of hops) to the destination. RIP
maintains optimum routing paths by sending out routing update messages if the
network topology changes.
Roaming - A general term that ref to extending connectevity beyond the home
location where the service was registered. The term "roaming" originated from the
GSM sphere (Global System for Mobile Communications) and the term can also be
applied to CDMA.
RS-232 (Recommended Standard 232) is a standard for serial binary data signals
connecting between a DTE (Data Terminal Equipment) and a DCE (Data Circuit-
terminating Equipment). It is commonly used in computer serial ports. A similar
ITU-T standard is V.24.
RS-449.
Samba - A Mac application that allows for interaction with Microsoft Server
Message Block (SMB) networking: file & printer sharing.
Scalar processor - Represents the simplest class of processors and takes one data
item at a time. Differences between scalar and vector processors is analogous to
vector and scalar arithmetic, as seen in calculus and other maths.
SCSI Port - A parallell port used by MAC. It is more flexible than traditional
parallel ports.
SDLC - Synchronous data link control security kernelThe hardware, firmware, and
software elements of a Trusted Computer Base (TCB) that implement the reference
monitor concept.
Session hijacking steps 1. identify an open session & predict the sequence number
of the next packet; 2. desynchronize the connection; & 3. packet injection
Session Layer - One of the seven OSI model layers. Establishes, manages, and
terminates sessions between applications.
SET - Open protocol with the potential to 'set the standard.' It defines Secure
Electronic Transactions
SHA-1:5 - The successors to the Secure Hash Algorithm (SHA), SHA-1 and SHA-2,
make up the gov STANDARD MESSAGE DIGEST FUNCTION.
shared key authentication - A type of authentication that assumes each station
has received a secret key through a secure channel, independent from an 802.11
network.
SID - Sound Interface Device (SID): a sound card. The Commodore 64 was one of
the original machines carrying SID.
Skipjack - An algorithm that was approved for use by the U.S. government in
Federal Information Processing Standard (FIPS) 185, the Escrowed Encryption
Standard (EES). Skipjack is unusual in that it
supports the escrow of encryption keys. In cryptography, Skipjack is a block
cipher — an algorithm for encryption — developed by the U.S. National Security
Agency (NSA). Initially classified, it was originally intended for use in the
controversial Clipper chip. Subsequently, the algorithm was declassified and now
provides a unique insight into the cipher designs of a government intelligence
agency.
SLIP - Serial Line Internet Protocol (SLIP): An Internet protocol used to run IP
over serial lines and dial-up connections.
smart cards - A smart card, chip card, or integrated circuit card (ICC), is defined
as any pocket-sized card with embedded integrated circuits which can process data.
This implies that it can receive input which is processed - by way of the ICC
applications - and delivered as an output. There are 2 broad categ's of ICC. 1)
Memory cards contain only non-volatile mem storage components and per some spec
sec logic; & 2) Microprocessor cards that contain volatile memory and
microprocessor components.
SMBSID - ?
SMTP - Simple Mail Transfer Protocol (SMTP): The Internet email protocol.
SNMP - Protocol Simple Network Management Protocol (SNMP): The network management
protocol of choice for TCP/IP-based Internets. Widely implemented with 10BASE-T
Ethernet. A network management protocol that
defines information transfer among 'management information bases (MIBs): 1. agent;
2. management station
SOA - DNS Records: (Start of Authority) Identifies the DNS server responsible
for the domain information
SPKI - Simple Public Key Infrastructure: Does not deal with public authentication
of public key information; this is known as SPKI.
Spoofing - Spoofing involves artificial identification of a packet's source
address, where that IP address is often deduced from sniffed network traffic.
SSDP provides a mechanism which network clients can use to discover network
services. Clients can use SSDP with little or no static configuration.
SSDP uses UDP unicast and multicast packets to advertise their services.
SSL - Secure Sockets Layer (old, basically replaced by TLS): SSL can be used for
HTTPS traffic.
SSL attacks: name some - prevention: install a proxy server & term SSL at the
proxy; 2. install a hardware SSL accelerator & term SSL at this layer.
ST connector - An optical fiber connector that uses a bayonet plug and socket.
storage object - An object that supports both read and write access.
stream cipher - A symmetric key cipher where plaintext bits are combined with a
pseudoramdom cipher bit stream. Stream ciphers are faster and than block ciphers
and have lighter hardware requirements.
Subnet mask - A mask used to determine what subnet an IP address belongs to. An IP
address has two components, the network
address and the host address. For example, consider the IP address
150.215.017.009. Assuming this is part of a Class B network, the first two numbers
(150.215) represent the Class B network address, and the second two numbers
(017.009) identify a particular host on this network.
Subnetting enables the network administrator to further divide the host part of
the address into two or more subnets. In this case, a part of the host address is
reserved to identify the particular subnet.
This is easier to see if we show the IP address in binary format. The full address
is:
The Class B network part is: 10010110.11010111
00010001.00001001
SV Stability verifier
Symmetric key Serves only to keep data confidential. Large keys can prove very
difficult to break. Not used for authentication.
SYN (aka: stealth scan) This is also known as half-open scanning. The hacker sends
a SYN packet and receives a SYN-ACK back from the server. It's stealthy because a
full TCP connection isn't opened. If a SYN/
ACK frame is received back, then it's assumed the target would complete the
connect & the port is listening. If recieve RST, then it's assumed the port isn't
active or is closed. The adv of the SYN stealth
SYN cookies - SYN Cookies are the key element of a technigue used to guard against
SYN flood attacks.
Syscolumns - An SQL database command that returns a row for each column of an
object that has a column.
Sysobjects - Contains one row for each object created within a database.
TCP Wrapper - A TCP Wrapper is a host-based networking ACL system used to filter
work access to Internet Protocol servers on (UNIX-like) operating systems like
Linux or BSD. This is a program & "code" comes as a "tarball."
TCP/IP Layers - The Internet Protocol Suite (commonly known as TCP/IP) is the
set of communications protocols used for the Internet and other similar networks.
It is named after 2 of the more important protocols that fall in its purview.
TCP/IP were advanced in the '60s. The TCP/IP Model consists of four layers: 1) the
Application Layer; 2) the Transport Layer; 3) the Internet Layer; & 4) the Link
Layer.
TCP/UDP layer aka Transport layer
Telnet and Secure Shell Intrusion is what kind of attack? Web server
TFTP - Trivial File Transfer Protocol (TFTP): When updating access lists on a
Cisco router, you will create your lists on a TFTP server and then download them
to your router. This way you can use a text editor to see your work easily.
TKIP/MIC - Temporal Key Integrity Protocol (TKIP): TKIP ensures that every data
packet is sent with a unique encryption key.
TOE - Target of Evaluation (TOE): In the Common Criteria, TOE refers to the
product to be tested.
tranquility - A security model rule stating that an object's security level cannot
change while the object is being processed by an AIS.
transceiver - A device for transmitting and receiving packets between the computer
and the medium.
Transmission Control Protocol (TCP): A commonly used protocol for establishing and
maintaining communications between applications on different computers. TCP
provides full-duplex, acknowledged, and flow-controlled service to upper-layer
protocols and applications.
Transport Layer OSI model layer that provides mechanisms for the establishment,
maintenance, and orderly termination of virtual circuits while shielding the
higher layers from the network implementation details.
Tunneling - Protocol tunneling: the term is used to describe when one network
protocol referred to as the payload protocol is encapsulated within a different
delivery protocol. Reasons to use tunneling include carrying a payload over an
incompatible delivery network, or to provide a secure path through an untrusted
network.
U.S. Patriot Act of October 26, 2001 - A law that permits the following: 1)
Subpoena of electronic records; 2) Monitoring of Internet communications; 3)
Search and seizure of information on live systems (routers, servers, backups,
etc); & 4) Reporting cash wires of 10k+. Under the Patriot Act, gov can monitor
Internet traffic, force cooperation of ISPs, and network operators. This
monitoring even extends to private businesses.
UDP - User Datagram Protocol (UDP): User datagram protocol. Uses the underlying
IP protocol to transport a message in an unmanageable and directionless scheme: no
acknowledgements, no feedback control.
User Datagram Protocol - UDP uses the underlying Internet protocol (IP) to
transport a message. This is an unreliable, connectionless delivery scheme. It
does not use acknowledgments to ensure that messages arrive and does not provide
feedback to control the rate of information flow. UDP messages can be lost,
duplicated, or arrive out of order.
WAN - wide area network (WAN): A network that interconnects users over a wide
area, usually encompassing different metropolitan areas.
WAP - Wireless Application Protocol (WAP): A standard commonly used for the
development of applications for wireless Internet devices.
WBS - work breakdown structure (WBS): A diagram of the way a team will
accomplish the project at hand by listng all tasks the team must perform and the
products they must deliver.
WDP - A file format that is susceptible to buffer overflow attacks. The DLL
field of a WDP project file is the route to conduct the overflow.
Web spider - Bot that crawls the web looking for data, usually email addresses for
spammers.
WEP - Wired Equivalency Privacy (WEP): The algorithm of the 802.11 wireless LAN
standard that is used to protect transmitted information from disclosure. WEP
generates secret shared encryption keys that both
source and destination stations use to alter frame bits to avoid disclosure to
eavesdroppers.
What are the 3 types of scanning? - Port, network and vulnerability scanning.
What are the layers of the TCP/IP stack? 1) Physical; 2) Data Link; 3) Network; 4)
Transport; 5) Session; 6) Presentation;
7) Application
What can you spoof? - TCP packets, MAC IDs, IPs, and ...
What do buffer overflow attacks exploit? - Buffer overflow attacks exploit a lack
of bounds checking on the size of input being stored in a buffer array.
What is and name protocols, respectively: flooding - DoS attacking: UDP, ICMP,
TCP
What is a blacklist server? - A server that provides a list of known open relay
servers.
What is a proxy server? - A type of firewall that intercepts all messages entering
and leaving the network. The proxy server effectively hides the true network
address.
Which one of the following is a layer of the ring protection scheme that is not
normally imple-mented in practice? - Layers 1 and 2 contain device drivers but are
not normally implemented in practice. Layer 0 always contains the security kernel.
Layer 3 contains user applications. Layer 4 does not exist.
Wi-Fi The Wi-Fi alliance, founded in 1999, as Wireless Ethernet Comp Alliance:
WECA.
Win2k - Windows 2000 - a line of operating systems produced by Microsoft for use
on business desktops, successor to Windows NT 4.0. It was succeeded by Win XP for
desktops in 2001 and Windows Server 2003 for servers in 2003. Microsoft touted it
as the most robust platform ever and as a result hackers gunned for it hard and
prevailed.
WLAN - Wireless local area network: A wireless local area network that links two
or more computers or dev using spread-spectrum or OFDM modulation technology to
enable communication between devices in a limited area.
WML - Wireless Markup Language, based on XML. A markup language intended for
devices that implement the Wireless Application Protocol (WAP) specification, such
as mobile phones, and preceded the use of other markup languages now used with
WAP, such as XHTML and even standard HTML - these two latter markup lang's are
increasing in pop as mobile device processing power is increasing.
Work Factor - An estimate of the effort or time needed by a potential intruder who
has specified expertise and resources to overcome a protective measure.
WPA - Wi-Fi Protected Access (WPA & WPA2): a certification program admin'd by
the Wi-Fi Alliance to indicate compliance with the security protocol Wi-Fi adv.
WEP didn't cut it.
WPAII - Improvement on WPA, which uses inferior RC4 like WEP. WPA is only an
implementation of a subset of 802.11i. WPA2 is a full implementation.
WSP Wireless Session Protocol. The session layer protocol fam in the WAP
architecture is called WSP. WSP provides the upper-level application layer of WAP
with a consistent interface for two session services.
WTLS Wireless Transport Layer Security (WTLS): a security protocol, part of the
Wireless Application Protocol (WAP) stack. It sits between the WTP and WDP layers
in the WAP communications stack.
WTP - WTP is known as Eclipse: A multi-language software development platform
written in Java and comprising an IDE and a plug-in system to extend it. It is
used to dev app's in Java, and through plug-ins, app's in C, C++, Python, Cobol,
Perl, PHP, more. In its default form, it is meant for Java developers and consists
prim of Java Development Tools (JDT). Released under the Eclipse Public License,
Eclipse is free and open source.
X.12 or ASC X12 OR ANSI ASC X.12 - X.12 or ASC X12 is the official designation
of the U.S. national standards body for the development and maintenance of the
Electronic Data Interchange (EDI) standards.
ASC X 12 has sponsored more than 315 X12-based EDI standards and a growing
collection of X12 XML schemas for health care, insurance, government,
transportation, finance, more.
X.509 v3 - Version 3 of X.509 includes more flexibility than X.509, allowing the
use of other topologies like bridges and meshes.
XMAS scan - The attacker checks for TCP services by sending XMAS-tree packets,
which are named as such because all the "lights" are on meaning FIN, URG, and PSH
flags are set. XMAS scans send a packet with the FIN, URG, and PSH flags set. If
the port is open,
there is no response; but if the post is closed, the target responds with a
RST/ACK packet. XMAS scans work only on target systems that follow the RFC 793
implementation of TCP/IP and don’t work against any version of Windows.
XML-RPC server is a remote procedure call protocol which uses XML to encode its
calls and HTTP as a transport mechanism.
XSS Cross site scripting (XSS): abbrev for a security vulnerability whereby a
client can code and transmit to a remote server for remote execution of poss logic
bomb.
Zone transfer Stands for DNS zone transfer: one type of database replication
mechanism used by a second server. It updates its database from the primary
database.