802.1X - Standard for encapsulating EAP communications over a LAN (EAPoL) or WLAN (EAPoW) to implement port-based authentication., EAP(Extensible Authentication Protocol) - Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials., RADIUS - AAA protocol used to manage remote and wireless authentication infrastructures., Retina scanner - One of the most accurate forms of biometrics., Palmprint scanning - A contactless-type of camera-based scanner that uses visible and/or infrared light to record and validate the unique pattern of veins and other features in a person's hand., Fingerprint readers - Usually implemented as a small capacitive cell that can detect the unique pattern, Access control vestibule - Where one gateway leads to an enclosed space protected by another barrier. This restricts access to one person at a time., Bollard - Will use barricades such as these and security posts to prevent vehicles from crashing into the building or exploding a bomb near it., Magnetometer - Type of metal detector that is often deployed at airports and in public buildings to identify concealed weapons or other items., WPA3 - Any station can still join the network, but traffic is protected against sniffing., Kerberos - Single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system., TACACS+ - Server for an Authentication, Authorization, and Accounting (AAA) server. When the user has been authenticated, the AAA server transmits a master key (MK) to the wireless PC or laptop., WAP2 - Uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)., UPnP - Framework to send instructions to the firewall with the correct configuration parameters., A user wants to secure their home router. What should they do? - Content Filtering and firmware update, Hidden SSID - Does not secure the network; users must enable encryption. Even when broadcast is disabled., Plaintext - Can be captured by obtaining a password file or by sniffing unencrypted traffic on the network., DoS - Attack causes a service at a given host to fail or to become unavailable to legitimate users., SQL injection - The threat actor modifies one of four basic functions by adding code to some input accepted by the app, causing it to execute the attacker's own set of queries or parameters. , XSS(Cross-site Scripting) - Attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit., RFID Tags and Readers - Can be used to track the movement of tagged objects within an area. This can form the basis of an alarm system to detect whether someone is trying to remove equipment., Motion sensors - Alarm is linked to a detector triggered by movement within an area. The sensors in these detectors are either microwave radio reflection or passive infrared (PIR), which detects moving heat sources., Circuit - Alarm that could be caused by a door or window opening or by a fence being cut., Duress - Alarm could be implemented as a wireless pendant, concealed sensor or trigger, or call contact., Evil Twin - Attack is similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials., Tailgating - Means of entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint., EOL - System is one where the software vendor no longer provides support or fixes for problems. These represent the greatest risk to the network., Unprotected system - System is one where at least one of these controls is either missing or improperly configured., Zero-day - A vulnerability that is exploited before the developer knows about it or can release a patch, Non-compliant system - System is one that has drifted from its hardened configuration. A vulnerability scanner is a class of software designed to detect these.,

Lesson 7

Stampa
Incorpora

Classifica

Stile di visualizzazione

Opzioni

Cambia modello

Ripristinare il titolo salvato automaticamente: ?