Glossary terms from course 5, module 4
Activation threshold: Triggers a pre-configured action when it is reached and will typically block the identified attack traffic for a specific amount of time
Analyzing logs: The practice of collecting logs from different network and sometimes client devices on your network, then performing an automated analysis on them
CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that allows for authenticated encryption
Correlation analysis: The process of taking log data from different systems, and matching events across the systems
Dynamic ARP inspection (DAI): A feature on enterprise switches that prevents certain types of attacks
EAP-TLS: One of the more common and secure EAP methods
Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication protocol
Fail to ban: A common open source flood guard protection tool
Flood guards: Provide protection against DoS or Denial of Service Attacks
Four-Way Handshake: It is designed to allow an AP to confirm that the client has the correct pairwise master key in a WPA-PSK setup without disclosing the PMK
GTK (Groupwise Transient Key): A temporal key, which is actually used to encrypt data
Hubs: Devices that serve as a central location through which data travels through; a quick and dirty way of getting packets mirrored to your capture interface
Implicit deny: A network security concept where anything not explicitly permitted or allowed should be denied
Intrusion detection and intrusion protection systems (IDS/IPS): Operates by monitoring network traffic and analyzing it
IP source guard (IPSG): It can be enabled on enterprise switches along with DHCP snooping
Logs analysis systems: They are configured using user-defined rules to match interesting or atypical log entries
Monitor mode: It allows to scan across channels to see all wireless traffic being sent by APs and clients
Network hardening: Is the process of securing a network by reducing its potential vulnerabilities through configuration changes, and taking specific steps
Network separation (network segmentation): A good security principle for an IT support specialists to implement. It permits more flexible management of the network, and provides some security benefits. This is the concept of using VLANs to create virtual networks for different device classes or types
Network software hardening: Includes things like firewalls, proxies, and VPNs
OES (Operating Encounter Mode): It turns a block cipher into a stream cipher by using a random seed value along with an incrementing counter to create a key stream to encrypt data with
Packet sniffing (packet capture): the process of intercepting network packets in their entirety for analysis
Pairwise Transient Key (PTK): It is generated using the PMK, AP nonce, Client nonce, AP MAC address, and Client MAC address
PBKDF2 (Password Based Key Derivation Function 2): Password Based Key Derivation Function 2
PIN authentication method: It uses PINs that are eight-digits long, but the last digit is a checksum that’s computed from the first seven digits
Port mirroring: Allows the switch to take all packets from a specified port, port range, or the entire VLAN and mirror the packets to a specified switch port
Post-fail analysis: Investigating how a compromise happened after the breach is detected
Pre-shared key: It’s the Wi-Fi password you share with people when they come over and want to use your wireless network
Promiscuous mode: A type of computer networking operational mode in which all network data packets can be accessed and viewed by all network adapters operating in this mode
Proxy: Can be useful to protect client devices and their traffic. They also provide secure remote access without using a VPN
Rainbow tables: A pre-computed table of all possible password values and their corresponding hashes
Reverse proxy: A service that might appear to be a single server to external clients, but actually represents many servers living behind it
Rogue DHCP server attack: An attacker can hand out DHCP leases with whatever information they want by deploying a rogue DHCP server on your network, setting a gateway address or DNS server, that’s actually a machine within their control
Tcpdump: It’s a super popular, lightweight command-line based utility that you can use to capture and analyze packets
TKIP (Temporal Key Integrity Protocol): To address the shortcomings of WEP security
VPNs: Commonly used to provide secure remote access, and link two networks securely
WEP (Wired Equivalent Privacy): First security protocol introduced for Wi-FI networks
Wireshark: It’s another packet capture and analysis tool that you can use, but it’s way more powerful when it comes to application and packet analysis, compared to tcpdump
WPA (Wi-fi protected access): Designed as a short-term replacement that would be compatible with older WEP-enabled hardware with a simple firmware update
WPA2 Enterprise: It’s an 802.1x authentication to Wi-Fi networks
WPS (Wifi Protected Setup): It’s a convenience feature designed to make it easier for clients to join a WPA-PSK protected network
802.1x: It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol traffic over the 802 networks
802.1X with EAP-TLS: Offers arguably the best security available, assuming proper and secure handling of the PKI aspects of it