Security+ Chapter 3

add-ons

Programs that provide additional functionality to Web browsers

Address Resolution Protocol (ARP)

Part of the TCP/IP protocol for determing the MAC address based on the IP address

ARP Poisoning

An attack that corrupts the ARP cache

attachments

Files that are coupled to email messages

buffer overflow

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed length storage buffer

client side attack

An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data

cookie

A file on a local computer in which a server stores user specific information

command injection

Injecting and executing commands to execute on a server

cross-site scripting

An attack that injects scripts into a Web application server to direct its attacks at clients

denial of service

An attack that attempts to precent a system from perforrming its normal functions

directory traversal

An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories

distributed denial of service

An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests

DNS poisoning

An attack that substitutes DNS addresses so that the computer is automatically redirected to another device`

Domain Name System

A hierarchial name system for matching computer names and numbers

first party cookie

A coolie that is created from the Website that currently is being viewed

Flash Cookie

A cookie that is named after the Adobe flash player. Also known as local share objectrs. Flash cookies cannot be deleted through the browser's normal configutations as regualr cookies can. Typically they are saved in multiple locations on the hard drive a

host table

A list of the mappings of names to computer numbers

HTTP header

Part of HTTP that is composed of fields that contain the different characterisitics of the data that is being transmitted

HTTP header manipulation

Modifying HTTP headers to create an attack

man-in-the-middle

An attack that intercepts legitimate comunication and forges a fictitious response to the sender

persistent cookie (tracking cookie)

A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes

ping

A utility that sends an ICMP echo request message to a host

ping flood

An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets

priviledge escalation

An attack that exploits a vulnerability in software to fain access to resources that the user would normally be obstructed from obtaining

replay

An attack that makes a copy of the transmission beofre senfing it to the recipient

secure cookie

A cookie that is onlu used when a browser is visiting a server using a secure connection

session cookie

A cookie that is stored in Random Access Memory (RAM). instead of on the hard drive, and only lasts for the duration of visiting a web site

session hijacking

An attack in which an attacker attempts to impersonate the user by using his session token

session token

A form of verification used when accessing a secure Web application

smurf attack

An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target

spoofing

impersonating another computer of device

SQL injection

An attack that targets SQL servers by injecting commands to be manipulated by the database

SYN flood attack

An attack that takes advantage of the procedures for initiating a TCP session

third-party cookies

An attack that was created by a third party that is different from the primary website

transitive access

An attack involving using a third party to gain access rights

XML (Extensible Markup Language)

A markup language that is designed to carry data instead of indicating how to display it

XML injection

An attack that injects XLM tags and data into a database

zero day attacks

Attacks that exploit previously unknown vulnerabilities so victims have no time (zero days) to prepare or defend against the attacks.