Terms to Know

a network scanne, wont show explotations

vulnerability scanner,

a protocol analyzer that provides deeper infomation, provides info about what traverses the network, can show explotations and details about the payload

limits rights and permission of a user to only enough to finish tasks

3 disks, stripes and parity bit

2 disks, Striping. no redundancy, very fast

3 disks minimu, one disk is reserved for parity bit, while others are striped across two

combines raid 1 and 0

provides explicit exmaples for how to detect and mitigate a given threat

provides an excellent methodology for communicating cyber events and allowing an analyst to implicitly derive mitigation strategies. provide a post-event analysis of an intrusion?

provides a general life cycle description of how attacks occur but does not deal with the specifics of how to mitigate. it fails to consider that an adversary may retreat during an attack.

contains a depth of research on APTs but does not integrate the detections and mitigation strategy.

Also known has Wifi

flexibile framework used in 802.1x that supoorts many authentication methods

it is the packets being sent.

manages AAA. acting as Authentication server

directory protocol used by RAIDUS servers to validate user credentials in directory services

authentication protocol, uses tickets,

describes number of instances that event would occur in a year

the expectee cost for all events in a single year

the montary loss if a single event were to occur

Verifies the digital signature of the bootloader to prevent unauthorized code execution.

Verifies the OS kernel signature and starts ELAM for early malware protection

Records and verifies the integrity of the boot process using TPM.

core part of the operating system that sits between software and hardware.

VIrtualized machines have the ability to snapshot which captures both a full backup and incrmental changes of a virtual system

used to copy every file system object to a backup media, in a Virtual environment, its easier to backup to use a snapshot than caputure every single file

copy all files that have been changed since a last full backup

copy all files that have been changed since the last incremental backup

would have its own MAC address and is an unauthorized access point connecting to a network

type of cyber attack where an attacker sends falsified Address Resolution Protocol (ARP) messages over a local network. This results in the attacker’s MAC address being associated with the IP address of a legitimate device, such as a gateway or another computer. Once this is achieved, the attacker can intercept, modify, or stop data in transit.

is the mac address

is the IP address

replaces sensitvie data and can be used as functional placeholder for the orginal data

hides the orginal data to protect it from view but when it is hidden the data cannot be used. not meant to be reversibile to its orginal form

devices that can print, scan, and fax

server that intecepts SSL/TLS traffic, decrypts it, inspects and filters it to make sure it is okay and does not include malware, policy violations, etc, then rencrypts it and sends it to the locaiton it was going

embeds or pins a certitficate inside an application, when the application contacts a service, the service certificate will be compared to pinned certificate, if they match, the applicaiton can trust the service. can identify and react to SSL proxies trying to examine encrypted applications

switch log is able to idenify rogue access points, as at one point the access point will need to physically connect to the coproate netwokr, and siwtch logs would be able to indentify any new devices and their mac addreses that connected (rougue access points)

High Availability which means should always be on and avaibile,

for making user browser cookies are encrypted and only viewable for end users.

for evauluaitng and finding code vulnerabilities

actually prevent web browsers from executing attacks caused by code execution vulnerabilities

A visual summary of a risk assessment A risk matrix, or risk heat map, is often presented as a graphical chart comparing the likelihood of risk with the consequence.

encrypts the data in the IP packet. In IPsec (Internet Protocol Security) transport mode, the IP header is not encrypted and is used for routing. In tunnel mode, both the original IP header and data are encrypted and encapsulated within a separate IP header.

block cipher mode where each block is encrypted with the same key. For IPsec (and most use cases), ECB is too simple to ensure data confidentiality

detection will build a baseline of what it considers to be normal. Once the baseline is established, the IPS (Intrusion Prevention System) will then block any traffic that deviates from the baseline

technology will alert if a particular type of bad behavior occurs. For example, a URL with an apostrophe and SQL command would indicate a SQL injection, and someone trying to view /etc/shadow would indicate an attempt to gain access to a protected part of the file system. This is universally considered to be bad behavior, and it would be flagged by a behavior-based IPS.

gather info from the DNS servers, No MAC address

displays the IP addresses of router btween two devices, no MAC address

will display IP address and MAC address about the local windows computer, but no MAC address about the gateway

when a poorly written application allocates memory for use by the application, but then does not release that memory after it is no longer needed. If the application runs on a system for an extended period of time, this memory leak can grow so large that it eventually uses all available memory and crashes the operating system.

wired and wireless port based authentication, refers to client as supplicant and, routers swtiches firewalls as authenticators, and usually RADIUS as Authentication server