Used to convey SSL-related

See image

Uses two different key

See image

Ensuring that authorized parties are able to access information when needed

Authentication systems based on physical traits or behavior you possess

An attempt to guess passwords until a successful guess occurs

Certificate Authority

Updates the cipher suite to be used on SSL connections

Sites which are basic with just power and connections

Protecting the information from disclosure to unauthorized parties

Uses algorithms to encrypt data so that it cannot be read by unauthorized users

Cross Site Scripting

Stored data

Distributed denial of service

Huge amounts of traffic sent to a single node from multiple sources resulting in failure

Digital Millennium Copyright Act

Unauthorized access or data collection

Fire, floods, earthquake, lightening

File Transfer Protocol (:21)

The most complex part of SSL and used as a secured transport service

Health Insurance Portability and Accountability Act

Trying to decieve the user into giving a (false) trusted source

Disaster recovery sites with all necessary equipment, personnel, software and ready to be shifted without a moment's notice in case of failure/breakdown of the main site.

Hypertext Transfer Protocol

Protecting information from being modified by unauthorized parties

A device or application that analyzes whole packets, both header and payload, looking for known events

Layer 2 tunneling (UDP:1701)

Mandatory Access Control

Enforces a pre-programmed security policy unilaterally across more than just packet and header information

A hacker tool which is a free open source utility for network exploration or security auditing

An ethical hacker testing the state of the network at a particular point in time

Cyber attack where traffic is redirected to another site, not the intended

Point-to-point tunneling protocol (TCP:1723)

Includes all practices to minimize security hazards by deciding intelligently how to deploy, modify, or re-assign security resources

Wireless Access Point in the network that will not alert the admin of it's presence

Improves the reliability and accuracy of financial reporting while increasing the accountability of corporate governance.

Use of a valid session key to gain unauthorized access for the information or services residing on a computer system

Secure FTP (TCP:22)

A program or device that can monitor data traveling over a network

Structured Query Language

Manipulation of a database to take advantage of a buffer weakness

Secure Shell (TCP:21)

Secure Sockets Layer/Transport Layer Security

Uses the same key to encrypt and decrypt the moving data

Virtual Machine

Virtual Private Network

A practice that is executed attempting to discover security vulnerabilities that could be exploited by an intruder

A middle ground between hot and cold sites

A GTK+ based network protocol analyzer that interactively browses the contents of network frames

Simple Mail Transfer Protocol (TCP:25)

Name Queries (UDP:53)

Zone Transfers (TCP:53)

Network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner (UDP:88)

Email (TCP:110)

Simple Network Management Protocol (UDP:161)

Provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. (UDP:137-139)

TCP:443

Protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. (UDP:500)

Protocol used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.

Specific weakness

Elements that attack

Preservation. Collection. Examination. Analysis. Report.

Vulnerability scanner

Vulnerability scanner

OS fingerprinting