Kindle Notes & Highlights
Read between
March 16 - October 3, 2019
TCP is connection-oriented and establishes sessions with a three-way handshake.
Switched Port Analyzer (SPAN), or the newer Remote SPAN (RSPAN) and Encapsulated RSPAN (ERSPAN).
Secure Real-time Transport Protocol (SRTP), which provides confidentiality, message authentication, and replay protection for audio and video traffic, including VoIP.
Cisco
split tunnel
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP) is more secure than PAP because the actual password is never sent over the wire.
a nonce (a number used once) is combined with a shared secret known only to the client and the remote access server. The result of combining the nonce and the shared secret is then hashed with Message Digest 5 (MD5).
A primary improvement of MS-CHAPv2 is mutual authentication.
such as servers and networking infrastructure, and the vendor maintains the hardware.
Electronic discovery (e-discovery) refers to any process that searches data with the goal of using it as evidence.
A service level agreement (SLA) is an agreement between an organization and a vendor.
Auditing
Cracker Someone who is proficient with computers and uses these skills to attack systems. A cracker does attack systems with malicious
gray hats are individuals who have exceptional computer and networking skills, but they don’t use them for personal gain or with malicious intentions. However, their activities may cross ethical boundaries.
Countermeasures are security controls that reduce risks.
Data theft refers to any attack that allows the attacker to exfiltrate data from an internal network.
In a SYN flood attack (also called a TCP SYN, TCP flood, and TCP half-open attack), the attacker floods a system with SYN packets but withholds the third packet in the TCP handshake process.
Sniffers can work in either promiscuous mode or nonpromiscuous mode.
In nonpromiscuous mode, the sniffer will capture only data sent directly to or from the computer’s IP address.
Attackers often use a ping sweep (sometimes called a ping scan) as part of an reconnaissance attack to identify active IP addresses. A ping sweep uses ICMP to identify what systems are operational within a range of IP addresses. This is similar to sending a ping to a system and waiting for a response.
A fingerprinting attack attempts to gather information on specific computers, such as what protocols are running on the system or what specific functions the server performs.
a reconnaissance attack is a broad-based attack that attempts to identify systems on a network. For example, a ping sweep can identify computers based on their response to ping requests. A port scan on these computers provides more information on them.
Firesheep
DNS cache poisoning (sometimes called simply DNS poisoning) is an attack that attempts to redirect traffic away from legitimate servers.
A smurf attack broadcasts ICMP ping packets to multiple computers on a network but spoofs the source address using the IP address of the attacked system. An ICMP packet normally includes the IP address of the sender in the source IP address field. However, by replacing the IP address with the victim’s IP address, the ICMP packet appears to come from the victim’s computer. By broadcasting the ping, all systems on the subnet receive the echo and respond by flooding the attacked system with echo replies.
Input validation checks data before using it within the application. The goal is to verify that the data is valid and ensure that an application does not use invalid data. This prevents potential problems within the application and helps prevent attacks.
Input validation doesn’t verify the accuracy of the data. Instead, it only determines if it is valid.
Sandboxing runs computer programs in isolated areas of memory as a security control.
no operation (NOOP)
A buffer overflow problem starts as a programming error.
Database developers also use stored procedures instead of dynamic SQL statements.
RainbowCrack
A spear phishing attack targets a specific organization or group.
In a whaling attack, the attacker attempts to identify an executive such as a chief executive officer (CEO), president, vice president, or manager.
Smishing is another variation of a phishing attack, but it uses text messages such as Short Message Service (SMS) messages commonly used with many smartphones.
Wi-Fi Protected Access 2 (WPA2) provides strong protection against attacks. WPA2-Enterprise uses an 802.1x authentication server and is more secure
MAC spoofing,
Do not install software from the public wireless network.
Wardriving is the practice of looking for wireless networks, typically from a car.
WPA2-Enterprise
WPA handshake.
Pretexting is the practice of using gathered information to create another scenario and collect additional information.
black hats
A botnet is a group of computers (called zombies) controlled by an attacker through a command and control center.
Reconnaissance attacks (such as ping sweeps) attempt to discover active IP addresses on a network.
Man-in-the-middle (MITM) attacks capture traffic sent between two systems, typically with a sniffer or protocol analyzer.
A Trojan horse is an application that looks like it’s one thing but is actually something different. It presents itself as a useful or legitimate program, but includes a malicious component.
A remote access Trojan or remote access tool (RAT) provides an attacker with control over a target computer via the Internet. Many Trojans install RATs, and then attackers can use the RAT to do anything on the target computer. This includes using the RAT to install malware, install keyloggers, and join the compromised computer to a botnet.
Software-based keyloggers are more common. They simply run as an additional piece of software when the computer starts.
