Glossary terms from course 5, module 4

Activation threshold: Triggers a pre-configured action when it is reached and will typically block the identified attack traffic for a specific amount of time

Analyzing logs: The practice of collecting logs from different network and sometimes client devices on your network, then performing an automated analysis on them

CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that allows for authenticated encryption

Correlation analysis: The process of taking log data from different systems, and matching events across the systems

Dynamic ARP inspection (DAI): A feature on enterprise switches that prevents certain types of attacks

EAP-TLS: One of the more common and secure EAP methods

Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication protocol

Fail to ban: A common open source flood guard protection tool

Flood guards: Provide protection against DoS or Denial of Service Attacks

Four-Way Handshake: It is designed to allow an AP to confirm that the client has the correct pairwise master key in a WPA-PSK setup without disclosing the PMK

GTK (Groupwise Transient Key): A temporal key, which is actually used to encrypt data

Hubs: Devices that serve as a central location through which data travels through; a quick and dirty way of getting packets mirrored to your capture interface

Implicit deny: A network security concept where anything not explicitly permitted or allowed should be denied 

Intrusion detection and intrusion protection systems (IDS/IPS): Operates by monitoring network traffic and analyzing it

IP source guard (IPSG): It can be enabled on enterprise switches along with DHCP snooping

Logs analysis systems: They are configured using user-defined rules to match interesting or atypical log entries 

Monitor mode: It allows to scan across channels to see all wireless traffic being sent by APs and clients

Network hardening: Is the process of securing a network by reducing its potential vulnerabilities through configuration changes, and taking specific steps

Network separation (network segmentation): A good security principle for an IT support specialists to implement. It permits more flexible management of the network, and provides some security benefits. This is the concept of using VLANs to create virtual networks for different device classes or types

Network software hardening: Includes things like firewalls, proxies, and VPNs

OES (Operating Encounter Mode): It turns a block cipher into a stream cipher by using a random seed value along with an incrementing counter to create a key stream to encrypt data with

Packet sniffing (packet capture): the process of intercepting network packets in their entirety for analysis

Pairwise Transient Key (PTK): It is generated using the PMK, AP nonce, Client nonce, AP MAC address, and Client MAC address

PBKDF2 (Password Based Key Derivation Function 2): Password Based Key Derivation Function 2

PIN authentication method: It uses PINs that are eight-digits long, but the last digit is a checksum that’s computed from the first seven digits

Port mirroring: Allows the switch to take all packets from a specified port, port range, or the entire VLAN and mirror the packets to a specified switch port

Post-fail analysis: Investigating how a compromise happened after the breach is detected

Pre-shared key: It’s the Wi-Fi password you share with people when they come over and want to use your wireless network

Promiscuous mode: A type of computer networking operational mode in which all network data packets can be accessed and viewed by all network adapters operating in this mode

Proxy: Can be useful to protect client devices and their traffic. They also provide secure remote access without using a VPN

Rainbow tables: A pre-computed table of all possible password values and their corresponding hashes

Reverse proxy: A service that might appear to be a single server to external clients, but actually represents many servers living behind it

Rogue DHCP server attack: An attacker can hand out DHCP leases with whatever information they want by deploying a rogue DHCP server on your network, setting a gateway address or DNS server, that’s actually a machine within their control

Tcpdump: It’s a super popular, lightweight command-line based utility that you can use to capture and analyze packets

TKIP (Temporal Key Integrity Protocol): To address the shortcomings of WEP security

VPNs: Commonly used to provide secure remote access, and link two networks securely

WEP (Wired Equivalent Privacy): First security protocol introduced for Wi-FI networks

Wireshark: It’s another packet capture and analysis tool that you can use, but it’s way more powerful when it comes to application and packet analysis, compared to tcpdump

WPA (Wi-fi protected access): Designed as a short-term replacement that would be compatible with older WEP-enabled hardware with a simple firmware update

WPA2 Enterprise: It’s an 802.1x authentication to Wi-Fi networks

WPS (Wifi Protected Setup): It’s a convenience feature designed to make it easier for clients to join a WPA-PSK protected network

802.1x: It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol traffic over the 802 networks

802.1X with EAP-TLS: Offers arguably the best security available, assuming proper and secure handling of the PKI aspects of it