1. 802.11i *** is an amendment to the original IEEE 802.11. This standard specifies security mechanisms for wireless networks. Itreplaced the short Authentication and privacy clause of the original standard with a detailed Security clause. In theprocess, it deprecated the broken WEP. 802.11i supersedes the previous security specification, Wired Equivalent Privacy(WEP), which was shown to have severe security weaknesses. Wi-Fi Protected Access (WPA) had previously beenintroduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. The Wi-Fi Alliance refers to theirapproved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security Network). 802.11imakes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.

2. Absinthe Absinthe is an automated tool that is used to implement SQL injections and to retrieve data from Web server databases.The following are the features of Absinthe:● It supports Web application injection parameters.● It supports SQL injections on various databases, i.e., MS SQL Server, MSDE, Oracle, andPostgres.● It supports cookies and additional HTTP Headers.● It supports additional text appended to queries.● It supports the use of Proxies/Proxy Rotation.● It supports multiple filters for page profiling and custom delimiters.

3. AddressResolutionProtocol(ARP)spoofing,also knownas ARPpoisoningor ARPPoisonRouting(APR),

** is a technique used to attack an Ethernet wired or wireless network. * may allow an attacker to sniffdata frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The attackcan only be used on networks that actually make use of ARP and not another method of addressresolution. The principle of * is to send fake ARP messages to an Ethernet LAN. Generally, the aim is toassociate the attacker's MAC address with the IP address of another node (such as the default gateway).Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker couldthen choose to forward the traffic to the actual default gateway (passive sniffing) or modify the databefore forwarding it. ** attacks can be run from a compromised host, or from an attacker's machine that is connecteddirectly to the target Ethernet segment.

4. AirSnort ** is a Linux-based WLAN WEP cracking tool that recovers encryption keys. ** operates by passivelymonitoring transmissions. It uses Ciphertext Only Attack and capturesapproximately 5 to 10 million packets to decrypt the WEP keys.

5. ARPspoofing

*** may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the trafficaltogether.

6. attackphase

The *** is the most important phase of penetration testing.Different exploitive and responsive hacking tools are used to monitor and test the security of systems and the network.Some of the actions performed in the attack phase are as follows:● Penetrating the perimeter● Escalating privileges● Executing, implanting, and retracting

7. AWStats *** is a free powerful tool, which is used to generate Web, streaming, mail server statistics graphically. It works as a CGIor from command line. AWStats shows all possible information contained in a log. It can analyze log files from almost allserver tools such as Apache log files, WebStar, IIS (W3C log format) and various other Web, proxy, wap, streamingservers, mail servers and some ftp servers. AWStats can work with all Web hosting providers, which allow Perl, CGI andlog access.

8. Back door ** is a program or account that allows access to a system by skipping the security checks. Many vendorsand developers implement back doors to save time and effort by skipping the security checks whiletroubleshooting. ** is considered to be a security threat and should be kept with the highest security. If a back doorbecomes known to attackers and malicious users, they can use it to exploit the system.

9. Blue jacking *** is the process of using another bluetooth device that is within range (about 30' or less) and sending unsolicitedmessages to the target.

10. Bluesnarfing

*** is a process whereby the attacker actually takes control of the phone. Perhaps copying data or even making calls.

CEHStudy online at quizlet.com/_2rb8c

11. boot sector virus A ** infects the master boot files of the hard disk or floppy disk. Boot record programs areresponsible for booting the operating system and the ** copies these programs into another part of thehard disk or overwrites these files. Therefore, when the floppy or the hard disk boots, the virus infects thecomputer.

12. Bridge (Data link), Connects two or more networks and forwards packets between them. Bridges read and filter packetsand frames. Bridges do not require IP addresses and will pass broadcast traffic.

13. Brouter (Data,network),Device which bridges some packets (i.e., forwards based on data link layer information) androutes other packets (i.e.,forwards based on network layer information). The bridge/route decision is based onconfiguration information.

14. brute force attack In a *** , an attacker uses software that tries a large number of the keys combinations in order to get apassword. To prevent such attacks,users should create passwords more difficult to guess, e.g., using a minimumof six characters, alphanumeric combinations, and lower-upper casecombinations, etc.

15. Buffer overflow ** is a condition in which an application receives more data than it is configured to accept. Ithelps an attacker not only to execute a malicious code on the target system but also to installbackdoors on the target system for further attacks. All ** attacks are due to only sloppy programming orpoor memory management by theapplication developers. The main types of buffer overflows are:●Stack overflow●Format string overflow● Heap overflow●Integer overflow

16. CCMP (CounterMode with CipherBlock ChainingMessageAuthentication CodeProtocol)

*** is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, andWEP, the earlier, insecure protocol. CCMP is a mandatory part of the WPA2 standard, an optional part of theWPA standard, and a required option for Robust SecurityNetwork (RSN) Compliant networks. CCMP is also used in the ITU-T home and business networking standard.CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP,key management and message integrity is handled by a single component built around AES using a 128-bit key,a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard.

17. certificate server *** to use public key and private key pairs for secure communication on the intranet. Certificate server is astandards-based, highly customizable serverprogram for managing the creation, issuance, and renewal of digital certificates. It uses public key cryptographythat is a technology widely used for secure communication on a network such as intranet or Internet. Public keycryptography uses two types of keys, a public key and a privatekey. The public key is available to everyone, while the private or secret key is available only to therecipient of the message. For example, when a user sends a message or data to another user, the sender uses apublic key to encrypt the data. The receiver uses his private key to decrypt thedata. Public key cryptography is the most secure cryptographic implementation.

18. Chip creep *** refers to the problem of a microprocessor (chip), which, over time, would work its way out of the socket. Thiswas mainly an issue with old computers. It occurs due to the thermal expansion; the contracting and expandingduring system heat up and cools down. While chip creep was most common with older memory modules it wasa problem with other main chips (or CPUs) that were inserted into CPU sockets.

19. Chosen ciphertextattack

In this type of attack, an attacker can choose the ciphertext to be decrypted and can then analyze theplaintext output of the event. The early versions of RSA used in SSL were actually vulnerable to this attack.

20. Chosen plaintextattack

In a ***, an attacker somehow picks up the information to be encrypted and takes a copy of it with the encrypteddata. This is used to find patterns in the cryptographic output that might uncover a vulnerability or reveal acryptographic key.

21. Ciphertext onlyattack

In this attack, an attacker obtains encryptedmessages that have been encrypted using the same encryption algorithm. For example, the original version ofWEP used RC4, and if sniffed long enough, the repetitions would allow a hacker to extract theWEP key. Such types of attacks do not require the attacker to have the plaintext because the statistical analysisof the sniffed log is enough.

22. computersecuritypolicy

A *** defines the goals and elements of the computer systems of an organization. The definition can be highly formal orinformal. Security policies are enforced by organizational policies or security mechanisms. A technicalimplementation defines whether a computer system is secure or un-secure. These formal policymodels can be categorized into the core security principles, which are as follows:● Confidentiality● Integrity● Availability

23. Cross-sitescripting

In ***, the attacker tricks the user's computer intorunning code, which is treated as trustworthy because it appears to belongto the server, allowingthe attacker to obtain a copy of the cookie or perform other operations.

24. csrss.exe *** is a process that supports creating and deleting processes and threads, running 16-bit virtual DOS machine processes,and running console windows.

25. Denial-of-Service(DoS)attack

A *** is mounted with the objective of causing a negative impact on the performance of a computer or network. It is alsoknown as a network saturation attack or bandwidth consumption attack.Attackers perform DoS attacks by sending a large number of protocol packets to the network. The effects of a DoS attack areas follows:●Saturates network resources● Disrupts connections between two computers, thereby preventingcommunications between services● Disrupts services to a specific computer●Causes failure to access a Web site● Results in an increase in the amount of spam

A *** is very common on the Internet because it is much easier to accomplish. Most of the DoS attacks rely on theweaknesses in the TCP/IP protocol.

The following methods are used to investigate the ***:●Sniff network traffic to the failing machine.● Look for unusual traffic on Internet connections and network segments.● Look for core files or crash dumps on the affected systems.

26. Denial-of-Service(DoS)attack

A *** is mounted with the objective of causing a negative impact on the performance of a computer or network. It is alsoknown as a network saturation attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a largenumber of protocol packets to the network. The effects of a DoS attack are as follows:● Saturates network resources● Disrupts connections between two computers, thereby preventing communications betweenservices● Disrupts services to a specific computer● Causes failure to access a Web site● Results in an increase in the amount of spam

A *** is very common on the Internet because it is much easier to accomplish. Most of the DoS attacks rely on theweaknesses in the TCP/IP protocol.

27. DeviceSeizure

*** is a software, which is used in forensic analysis and recovery of mobile phone and PDA data. It is used for data recovery,full data dumps of certain cell phone models, logical and physical acquisitions of PDAs, data cable access, and advancedreporting. Device Seizure also provides feature of GSM SIM card acquisition and deleted data recovery using SIMContechnology.

28. Dictionaryattack

*** is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password ofa user. It can also use common words in either upper or lower case to find a password. There are many programs availableon the Internet to automate and executedictionary attacks.

29. DNS cachepoisoning

*** is a maliciously created or unintended situation that provides data to a caching name server that did not originate fromauthoritative DomainName System (DNS) sources. Once a DNS server has received such non-authentic data andcaches it for future performance increase, it is considered poisoned, supplying the non-authentic data to the clients of theserver. To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctlyvalidate DNS responses to ensure that they are from an authoritative source, the server will end up caching the incorrectentries locally and serve them to other users that make the same request.

30. DNS poisoningattack

In ***, an attacker distributes incorrect IP address. DNS cache poisoning is a maliciously created or unintendedsituation that provides data to a caching name server that did not originate from authoritative Domain Name System(DNS) sources. Once a DNS server has received such non-authentic data and caches it for future performance increase,it is considered poisoned, supplying the non-authentic data to the clients of the server. To perform a cache poisoningattack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses toensure that they are from an authoritative source, the server will end up caching the incorrect entries locally and servethem to other users that make the samerequest.

31. DomainInformationGroper (DIG)

*** is a network tool, like nslookup,that queries DNS name servers. It can be used to simulate a DNS resolver or a name server. Thedig command can be used for network troubleshooting also. Following is an example of digging a site ce.sharif.edu:Reference: Linux MAN Pages, Contents: "lsof"copyright © 2008-2010 www.ucertify.com$ dig ce.sharif.edu; <<>> DiG 9.2.4 <<>> ce.sharif.edu;; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23567;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1;; QUESTION SECTION:;ce.sharif.edu. IN A;; ANSWER SECTION:ce.sharif.edu. 864000 IN A 81.31.164.3;; AUTHORITY SECTION:ce.sharif.edu. 864000 IN NS netserver.ce.sharif.edu.;; ADDITIONAL SECTION:netserver.ce.sharif.edu. 864000 IN A 81.31.164.2;; Query time: 1 msec;; SERVER: 81.31.164.2#53(81.31.164.2);; WHEN: Wed Nov 1 17:02:16 2006;; MSG SIZE rcvd: 87

32. Dskprobe *** is a tool that is used to detect steganography. Steganography is an art and science of hiding information byembedding harmful messages within other seemingly harmless messages. It works by replacing bits of unused data,such as graphics, sound, text, and HTML, with bits of invisible information in regular computer files. This hiddeninformation can be in the form of plain text, cipher text, or even in the form of images.

33. ExtensibleAuthenticationProtocol-TransportLevel Security(EAP-TLS)

*** is an authentication protocol, which provides mutual authentication, integrityprotectednegotiation of cryptographic service providers, and a secret key exchange between two systems that use public keycryptography. EAP-TLS works on a network that is configured for public key infrastructure (PKI) anduses certificates for authentication. These certificates can be stored on computers or on smart cards.

34. ExtensibleAuthenticationProtocol-TransportLevel Security(EAP-TLS)

*** is an authentication protocol, which provides mutual authentication, integrityprotectednegotiation of cryptographic service providers, and a secret key exchange between two systems that use public keycryptography. EAP-TLSworks on a network that is configured for public key infrastructure (PKI) anduses certificates for authentication. These certificates can be stored on computers or on smart cards.

35. ExtensibleStorageEngine (ESE)

***, also known as JET Blue, is an Indexed Sequential Access Method (ISAM) data storage technology from Microsoft.ESEis notably a core of Microsoft Exchange Server and Active Directory. Its purpose is to allow applications to store andretrieve data via indexed andsequential access. Windows Mail and Desktop Search in the Windows Vista operating system also make use of ESE tostore indexes and property information respectively. ESE provides transacted data update and retrieval. A crash recoverymechanism is provided so that data consistency is maintainedeven in the event of a system crash. Transactions in ESE are highly concurrent, making ESE suitable for serverapplications. ESE caches data intelligently to ensure high performance access to data. In addition, ESE is lightweight, making it suitable for auxiliary applications.

36. filetype The filetype google search query operator is used to search a specified file type. For example, ifyou want to search all pdf files having the word hacking, you will use the search query filetype:pdfpdf hacking.

37. FireWireDriveDock

** is a forensic instrument, which is designed to load hard drives on computer systems. It is attachedwith the hard drives using FireWire 400 or USB cables. It also has dual FireWire 400 ports, whichallow daisy-chaining for more efficiency. ** does not require any additional drivers. It can transfer data at thetransferrate of minimum 35 MB per second.

38. ForensicAcquisitionUtilities(FAU)

*** is an Incident Response tool, which is used to make image of the system's memory and any devices attached to thesystem.FAU contained a modified Windows version of the Unix utility dd that could image not only thehard drives but also memory. With the help of Forensic Acquisition Utilities (FAU), forensicinvestigators can use the search tools to find text in the memory image, IP addresses, URLs andpasswords.

39. fraggle DoSattack

In a ***, an attacker sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDPrequests have a spoofed sourceaddress of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IPbroadcast to all the hosts, most of the IP addresses send an ECHO reply message.However, on a multi-access broadcast network, hundreds of computers might reply to each packet when the targetnetwork is overwhelmed by all the messages sent simultaneously. Due to this,the network becomes unable to provide services to all the messages and crashes.

40. Galleta *** is an application, which is used to examine the contents ofthe cookie files. Galleta parses the information in a Cookie file and output the results in a fielddelimited manner so that it may be imported into spreadsheet program. Galleta is built to work onvarious platforms and will execute on Windows (through Cygwin), Mac OS X, and Linux.

41. Honey potshave severaladvantages

● Small set of data: Honey pots collect small amounts of data, but almost all of this data is about real attacks orunauthorized activity.●Reduced false positives: Honey pots almost detect or capture attacks or unauthorized activities that reduce falsepositives.●False negatives: Honey pots detect and record any unseen or unnoticed attacks or behavior.●Cost effective: Honey pots only interact with malicious activity. So there is no need for high performance resources.

42. Honey potshave somedisadvantages

● Limited View: Honey pots can only see activities that interact with them. They cannot seeor capture any attacks directed against existing systems.● Discovery and Fingerprinting: Honey pots can be easily detected and fingerprinted byseveral tools.● Risk of takeover: Since there are many security holes in honey pots, a malicious attacker can takeover the honey potand can use it to gain access and hack other networks.

43. hybrid attack When an attacker performs a dictionary as well as a brute force attack, theattack is known as a ***. In this method, an attack is performed with the dictionary attack method of adding numeralsand symbols to dictionary words.

44. ICMP TYPE 3and CODE 13error message

The *** is displayed when a Network Administrator hasprohibited communication with the server by using a firewall.

45. ICMP type 13 *** is an ICMP Timestamp request message. Therefore, John is using a Timestamp request message to send the ICMPmessage.

46. IDLE scan The *** is initiated with the IP address of a third party. Hence, it becomes a stealth scan.Since the *** uses the IP address of a third party, it becomes quite impossible to detect the hacker.

47. IDS evadingtools

ADMutate, Fragroute, and Stick

48. Image hide *** is a steganography program that hides text within an image. Steganography can encrypt or decrypt malicious datainto images that appear identical to the original images. It is estimated that a 640 x 480 pixel image with a colorresolution of 256 colors can hideapproximately 300KB of information. High resolution images are noted for their payload. Forexample, a 1024 x 768 pixel image with a 24-bit color resolution can carry about 2.3MB as payload. Image hide warnsits users not to save the image file in JPEG format since it is a lossy algorithm and malicious data may be lost duringcompression.

49. ImageMASSter4002i

The ** is the tool, which is used for forensic investigations. It is used to duplicate P-ATA and S-ATAdrives of high volume. * copies two drives simultaneously at speed up to 2GB/min. Multiple CopyModes are also available in ** to support the Windows and non-Windows operating Systems.Partitions are scaled and formatted during the copy process, eliminating the requirement of manual preparation of adrive before usage. The *** is also equipped with the Wipeout option, which provides a quick method for erasing datafrom hard drives.

50. ImageMASSterSolo-3

** is a forensic data acquisition tool, which is used to capture data and make images of the harddrives. It can capture data from IDE, Serial ATA, SCSI drives, and flash cards. ** can generates MD5 andCRC32 hashes during the data capture. It can acquire data with a transfer rate up to 3 GB/minute and has a touchscreen user interface.

51. InternetControlMessageProtocol(ICMP)

*** is an integral part of IP. Itis used to report an error in datagram processing. The Internet Protocol (IP) is used for host-tohost datagram service ina network. The network is configured with connecting devices called gateways. When an error occurs in datagramprocessing, gateways or destination hosts report theerror to the source hosts through the ICMP protocol. The ICMP messages are sent in varioussituations, such as when a datagram cannot reach its destination, when the gateway cannot direct the host to sendtraffic on a shorter route, when the gateway does not have the buffering capacity, etc.

52. InternetMessageAccessProtocol(IMAP orIMAP4)

*** is a prevalent Internet standard protocol for e-mail retrieval. It is an application layer Internet protocol operatingon port 143 that allows a local client to access e-mail on a remote server. IMAP supports both connected (online) anddisconnected (offline) modes of operation. E-mail clientsusing IMAP generally leave messages on the server until the user explicitly deletes them. This and other facets of IMAPoperation allow multiple clients to access the same mailbox.

53. InternetProtocolSecurity(IPSec)

** is a standard-based protocol that provides the highest level of VPN security. ** can encrypt virtuallyeverything abovethe networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password.

54. Internet RelayChat (IRC)

*** is a form of real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for groupcommunication in discussion forums, called channels, but also allows one-to-one communication via private messageas well as chat and data transfers via Direct Client-to-Client. IRC client software is available for virtually everycomputer operating system that supports TCP/IP networking. IRC is an open protocol that uses TCP and optionallyTLS. An IRC server can connect to other IRC servers to expand the IRC network. Users access IRC networks byconnecting a client to a server.

55. IP(InternetProtocol)addressspoofing

*** is an attack in which anattacker creates the IP packets with a forged (spoofed) source IP address with the purpose ofconcealing the identity of the sender or impersonating another computing system. The basicprotocol for sending data over the Internet and many other computer networks is the InternetProtocol ("IP"). The header of each IP packet contains, among other things, the numerical sourceand destination address of the packet. The source address is normally the address that the packet was sent from. By forgingthe header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine.The machine that receives spoofed packets will send response back to the forged source address, which means that thistechnique is mainly used when the attacker does not care about the response or the attacker has some way ofguessing the response.

56. IPTables *** is a firewall that is a replacement of the IPChains firewall for the Linux 2.4 kernel and later versions. IPTables has thefollowing features:● It supports stateful packet inspections.● It filters the packets according to the MAC address and TCP header flag values.● It is helpful for preventing attacks using malformed packets.● It reduces DoS attacks.● It provides better network address translation.● It supports the transparent integration of the operating system with Web proxy servers.The syntax of IPTables is as follows:iptables [-t table] command [match] [target/jump]

57. Knownplaintextattack

In a known plaintext attack, an attacker should have both the plaintext and ciphertext of one or more messages.These two items are used to extract the cryptographic key and recover the encrypted text.

58. landattack,

In a *** the attacker sends a spoofed TCP SYN packet inwhich the IP address of the target is filled in both the source and destination fields. On receivingthe spoofed packet, the target system becomes confused and goes into a frozen state. Now-adays, antivirus can easily detectsuch an attack.

59. Localnetwork

This test simulates an employee or other authorized person who has an authorized connection to the organization's network.The primary defenses that must be defeated here are intranet firewalls, internal Web servers, and server security measures.

60. lsof The *** command is used to report a list of all open files and the processes that opened them. These open files include diskfiles, pipes, network sockets and devices opened by all processes. When a disk cannot be unmounted because unspecifiedfiles are in use, this command can be used. The listing of open files can be consulted to identify the process that is using thefiles.

61. MACflooding

** is an attack that can be performed by attacking the CAM switches. * is a technique employed tocompromise the security of network switches. In a typical ** attack, a switch is flooded with packets, eachcontaining different source MAC addresses. The intention is to consume the limited memory set aside in the switch to storethe MAC address-tophysical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcastout on all ports (as with a hub), instead of just down the correctport as per normal operation. A malicious user could then use a packet sniffer (such as Wireshark)running in promiscuous mode to capture sensitive data from other computers (such as unencrypted passwords, e-mail andinstant messaging conversations), which would not be accessible were the switch operating normally.

62. MACflooding

** is a technique employed to compromise the security of network switches. In a typical ** attack, a switch isflooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory setaside in the switch to store the MAC address-to-physical port translation table.

63. macrovirus

A ** is a virus that consists of a macro code which infects the system. A ** can infect a system rapidly. Since thisvirus has VB event handlers, it isdynamic in nature and displays random activation. The victim has only to open a file having a ** in order to infect thesystem with the virus. DMV, Nuclear, and Word Concept are some good examples of **.

64. Man-in-the-middleattack

In this form of attack, an attacker places himself in the middle of the communications flow between two parties.Once an attacker enters the communications flow, he is able to perform a ciphertext only attack, exchange bogus keys, etc.

65. Man-in-the-middleattacks

*** occur when an attacker successfullyinserts an intermediary software or program between two communicating hosts. The intermediary software or programallows attackers to listen to and modify the communication packets passing between the two hosts. The softwareintercepts the communication packets and then sends the information to the receiving host. The receiving hostresponds to the software, presuming it to be the legitimate client.

66. Man-in-the-middleattacks

*** occur when an attacker successfully inserts an intermediary software or program between two communicatinghosts. The intermediarysoftware or program allows attackers to listen to and modify the communication packets passing between the twohosts. The software intercepts the communication packets and then sends the information to the receiving host. Thereceiving host responds to the software, presuming it to be the legitimate client.

67. man-trap A *** is a scenario in which there are two doors (for example one on each end of a short corridor) but only one can beopen at a time. Thus a person exiting the building would have to go through one door, close it, go to the other end of thecorridor and open that door. The second door could not open until the first was closed. And in an emergency both doorscan beautomatically sealed.

68. Mark Mark will not choose EAP-Transport Layer Security (EAP-TLS) because this protocol is used for authentication withcertificates, generally smart cards. EAP-TLS protocol is not suited for password-based authentication.

69. MD5 MD5 is not as strong as PEAP. However, it can be used for password authentication. According to the question, Markneeds to provide the best level of security.

70. MessagingApplicationProgrammingInterface(MAPI)

*** is a messagingarchitecture and a Component Object Model based API for Microsoft Windows. MAPI allows client programs tobecome (e-mail) messaging-enabled, -aware,or -based by calling MAPI subsystem routines that interface with certain messaging servers. While MAPI is designed tobe independent of the protocol,it is usually used with MAPI/RPC, the proprietary protocol that Microsoft Outlook uses to communicate with MicrosoftExchange. Simple MAPI is a subset of 12 functions which enable developers to add basic messagingfunctionality. Extended MAPI allows complete control over the messagingsystem on the client computer, creation and management of messages, management of the client mailbox, serviceproviders, and so forth.

71. NBTscan ** is a scanner that scans IP networks for NetBIOS name information. It sends a NetBIOS status queryto each address in a supplied range and lists received information in human readable form. It displaysIP address, NetBIOS computer name, logged-in user name and MAC address of each responded host.** works in the same manner as nbtstat, but it operates on a range of addresses instead of just one.

72. NetBIOSNULL sessionvulnerabilities

*** are hard to prevent, especially if NetBIOS is needed as partof the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULLsession vulnerabilities:1. Null sessions require access to the TCP 139 or TCP 445 port, which can be disabled by aNetwork Administrator.2. A Network Administrator can also disable SMB services entirely on individual hosts byunbinding WINS Client TCP/IP from the interface.3. A Network Administrator can also restrict the anonymous user by editing the registryvalues:a. Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA.b. Choose edit > add value.● Value name: RestrictAnonymous● Data Type: REG_WORD● Value: 2

73. Netcat *** is a freely available networking utility that reads and writes data across network connections by using the TCP/IPprotocol. Netcat has the following features:● It provides outbound and inbound connections for TCP and UDP ports.● It provides special tunneling such as UDP to TCP, with the possibility of specifying allnetwork parameters.● It is a good port scanner.● It contains advanced usage options, such as buffered send-mode (one line every Nseconds), and hexdump (to stderr or to a specified file) of transmitted and received data.● It is an optional RFC854 telnet code parser and responder.

74. networksecurity policy

A*** is a generic document that outlines rules for computer network access. It also determines how policies areenforced and lays out some ofthe basic architecture of the company security/ network security environment. The document itself is usually severalpages long and written by a committee. It is a very complex document, meant to govern data access, Web-browsinghabits, use of passwords and encryption, email attachments and more. It specifies these rules for individuals or groupsof individuals throughout the company. Security policy should keep the malicious users out and also exert control overpotential risky users within the organization.

75. nmap nmap -sS -PT -PI -O -T1 <ip address> is used to slow down the scan process in nmap. The nmap ("Network Mapper")command is used for network exploration and security auditing. It rapidly scans large networks, although it works fineagainst single hosts. nmap uses raw IP packets to determine what hosts are available on the network, what services(application name and version) those hosts are offering, what operating systems (and OS versions) they are running,what type of packet filters/firewalls are in use, and dozens of other characteristics. While nmap is commonlyused for security audits, many systems and network administrators use it for routine tasks such as network inventory,managing service upgrade schedules, and monitoring host or serviceuptime.

76. nmap scan For performing serial and parallel scan with some delay, nmap uses the following switches:● In the -T Paranoid switch, nmap performs serial scan with 300 sec delay between each scan.● In the -T Sneaky switch, nmap performs serial scan with 15 sec delay between each scan.● In the -T Polite switch, nmap performs serial scan with 4 sec delay between each scan.● In the -T Normal switch, nmap performs parallel scans.● In the -T Aggressive switch, nmap performs the parallel scan with 300 sec timeout, and 1.25 sec/probe.● In the -T Insane switch, nmap performs the parallel scan with 75 sec timeout, and .3sec/probe.

77. NTPenumeration

The *** is a method in which NTP protocol is used to grab valuable data from a vulnerable network. NTP protocol isused to synchronize the time and date between computers in the network. When an attacker queries the NTP server, hecan get quite valuable information. TheNTP enumeration is mainly performed by the following Linux commands:● ntpdate● ntptrace● ntpdc● ntpq

78. PEAP(ProtectedExtensibleAuthenticationProtocol)

** is a method to securely transmit authentication information over wired or wireless networks. It wasjointly developed by Cisco Systems, Microsoft, and RSA Security. ** is not an encryption protocol; as withother EAP protocols, it only authenticates a client into a network.

79. pingcommand-lineutility

The *** is used to test connectivity with a host on a TCP/IP-based network. This is achieved by sending out a series ofpackets to a specified destination host. On receiving the packets, the destination host responds with a series of replies.These replies can be used to determine whether or not the network is working properly.

80. ping floodattack

In a ***, an attacker sends a large number of ICMP packets to the target computer using the ping command, i.e., ping -f target_IP_address. Whenthe target computer receives these packets in large quantities, it does not respond and hangs.

81. Point-to-PointTunnelingProtocol(PPTP)

** is a remote access protocol. It is an extension of the** is used to securely connect to a private network by aremote client using a public data network, such as the Internet. Virtual private networks (VPNs) use thetunneling protocol to enable remote users to access corporate networks securely across the Internet. *** supportsencapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection.

82. Polymorphicvirus

** has the ability to change its own signature at the time of infection. This virus is very complicated andhard to detect. When the user runs the infected file in the disk, it loads virus into the RAM. The newvirus starts making its own copies and infects other files of the operating system. The mutation engine of* generates a new encrypted code, this changes the signature of the virus. Therefore, ** cannot be detectedby the signature based antivirus.

83. post-attack The *** phase involves restoring the system to normal pretestconfigurations. It includes removing files, cleaning registry entries, and removing shares andconnections. Analyzing all the results and presenting them in a comprehensive report is also thepart of this phase. These reports include objectives, observations, all activities undertaken, andthe results of test activities, and may recommend fixes for vulnerabilities.

84. Remoteaccess policy

*** is a document, which outlines and defines acceptable methods of remotely connecting to the internal network. It isessential in large organization where networks are geographically dispersed and extend into insecure network locationssuch as public networks or unmanaged home networks. It should cover all available methods to remotely access internalresources, which are as follows:● dial-in (SLIP, PPP)● ISDN/Frame Relay● telnet access from Internet● Cable modem

85. Remote dial-up network

This mode simulates an attack against the client's modem pools. The main targets of dial up testing are PBX units, Faxmachines, and central voice mail servers. The primary defenses that must be defeated here are user authenticationschemes.

86. Remotenetwork

This mode attempts to simulate an attack launched over the Internet. The primary defenses that must be defeated in thistest are border firewalls, filtering routers, etc.

87. Repeater (Physical Device), used to amplify and/or regenerate attenuated signals.

88. Replayattack

In this type of attack, an attacker tries to repeat or delay a cryptographic transmission. A replay attack can be preventedusing session tokens.

89. replay attack A *** is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packetspass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend thecaptured packet to the system. In this type of attack, the attacker does not know the actual password, but can simplyreplay the captured packet.

90. Router (Network),Device that determines the next network point to which a data packet should be forwarded towards itsdestination. The router is connected to at least two networks and determines which way to send each data packet basedon its current understanding of the state of the networks it is connected to. Routers create or maintain a table of theavailable routes and use this information to determine the best route for a given data packet.

91. RPC(RemoteProcedureCall) scan

The *** is used to find the RPCapplications. After getting the RPC application port with the help of another port scanner, RPC portscanner sends a null RPC packet to all the RPC service ports, which are open into the target system.

92. Samba *** is a software package that enables Linux clients to connect to the network resources (such as file shares and printerson a network) with the computers that use the Server Message Block (SMB) protocol.

93. Security *** is a state of well-being of information and infrastructures in which the possibilities of successful yet undetected theft,tampering, and/or disruption of information and services are kept low or tolerable. The elements of security are asfollows:1. Confidentiality: It is the concealment of information or resources.2. Authenticity: It is the identification and assurance of the origin of information.3. Integrity: It refers to the trustworthiness of data or resources in terms of preventing improper and unauthorizedchanges.4. Availability: It refers to the ability to use the information or resource as desired.

94. Sessionfixation

In*** , the attacker sets a user's session id to one known to him, for example by sending the user an email with a link thatcontains a particular session id. The attacker now only has to wait until the user logs in.

95. Sessionsidejacking

In ***, the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. ManyWeb sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryptionfor the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all thedata that is submitted to the server or Web pages viewed by the client. Since this data includes the session cookie, itallows him to impersonate the victim, even if the password itself is not compromised.Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generallybe able to read most of the Web traffic between other nodes and the access point.

96. smss.exe This process supports the programs needed to implement the user interface, including the graphics subsystem and thelog on processes.

97. Smurf *** is an attack that generates significant computer network traffic on a victim network. This isa type of denial-of-service attack that floods a target system via spoofed broadcast ping messages. In such attacks, aperpetrator sends a large amount of ICMP echo request (ping) trafficto IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. Ifthe routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts, most hosts onthat IP network will take the ICMP echo request and reply to it with an echo reply, which multiplies the traffic by thenumber of hosts responding.

98. Snooping *** is an activity of observing the content that appears on acomputer monitor or watching what a user is typing. Snooping also occurs by using softwareprograms to remotely monitor activity on a computer or network device. Hackers or attackers usesnooping techniques and equipment such as keyloggers to monitor keystrokes, capture passwords and logininformation, and to intercept e-mail and other private communications. Sometimes, organizations also snoop theiremployees legitimately to monitor their use of organizations' computers and track Internet usage.

99. Snow.exe *** is a Steganography tool that is used to hide secret data in text files. It is based on the concept that spaces and tabsare generally not visible in text viewers and therefore a message can be effectively hidden without affecting the text'svisual representation for the casual observer. It achieves this by appending white spaces to the ends of lines in ASCIItext.

100. SQL injectionattack

A *** is a process in which an attacker tries to execute unauthorized SQL statements. These statements can be used todelete data from a database, delete database objects such as tables, views, stored procedures, etc. An attacker caneither directly enter the code into input variables or insert malicious code in strings that can be stored in a database.For example, the following line of code illustrates one form of SQL injection attack:query = "SELECT * FROM users WHERE name = '" + userName + "';"This SQL code is designed to fetch the records of any specified username from its table of users.However, if the "userName" variable is crafted in a specific way by a malicious hacker, the SQL statement may do morethan the code author intended. For example, if the attacker puts the"userName" value as ' or ''=', the SQL statement will now be as follows:SELECT * FROM users WHERE name = '' OR ''='';

101. stealth virus A *** is a file virus. It infects the computer and then hides itself from detection by antivirus software. It uses variousmechanisms to avoid detection by antivirus software. It hides itself in computer memory after infecting the computer.It also masks itself from applications or utilities. It uses various tricks to appear that the computer has not lost anymemory and the file size has not been changed. The virus may save a copy of original and uninfected data. When theanti-virus program tries to check the files that have been affected, the virus shows only the uninfected data. This virusgenerally infects .COM and .EXE files.

102. Steganography *** is an art and science of hiding information by embeddingharmful messages within other seemingly harmless messages. It works by replacing bits of unused data, such asgraphics, sound, text, and HTML, with bits of invisible information in regular computer files. This hiddeninformationcan be in the form of plain text, cipher text, or even in the form of images.

103. Stolenequipment

This mode simulates theft of a critical information resource such as a laptop owned by a strategist.

104. System This process includes most kernel-level threads, which manage theunderlying aspects of the operating system.

105. TCP port 53 *** is the default port for DNS zone transfer. Although disabling it can help restrict DNS zone transfer enumeration, itis not useful as a countermeasure against the NetBIOS NULL session enumeration.

106. TCP SYNscanning

*** is also known as half-open scanning because in this a full TCP connection is never opened. The steps of TCP SYNscanning are as follows:1. The attacker sends SYN packet to the target port.2. If the port is open, the attacker receives SYN/ACK message.3. Now the attacker breaks the connection by sending an RST packet.4. If the RST packet is received, it indicates that the port is closed.This type of scanning is hard to trace because the attacker never establishes a full 3-wayhandshake connection and most sites do not create a log of incomplete TCP connections.

107. The EDBdatabasefiles, STMdatabasefiles,checkpointfiles, andthetemporaryfiles

The EDB database files, STM database files, checkpoint files, and the temporary files are the mainconcern of a professional Computer Hacking Forensic Investigator while investigating emails thatare sent using a Microsoft Exchange server. Microsoft Exchange uses the Microsoft ExtensibleStorage Engine (ESE).

108. TheFluhrer,Mantin,andShamir(FMS)attack

*** is a particular stream cipher attack, a dedicated form of cryptanalysis for attacking the widely-used stream cipher RC4.The attack allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in thatstream. The *** attack gained popularity in tools such as AirSnort and aircrack, both of which can be used to attack WEPencrypted wireless networks.

109. TheForensicToolkitImager(FTKImager)

*** is a commercial forensicimaging software package distributed by AccessData. FTK Imager supports storage of disk images in EnCase's orSMART's file format, as well as in raw (dd) format. With Isobuster technology built in, FTK Imager Images CD's to anISO/CUE file combination. This also includes multi and opensession CDs. FTK imager acquires physical device images from FAT, NTFS, EXT 2, EXT 3, HFS, and HFS+ file systems.

110. The pre-attackphase

*** is the first step for a penetration tester. The pre-attack phase involves reconnaissance or data gathering. It alsoincludes gathering data from Whois, DNS, and network scanning, which help in mapping a target network and providevaluable information regarding the operating system and applications running on the systems. Penetration testinginvolves locating the IP block and using domain name Whois to find personnel contact information.

111. The SimpleMailTransferProtocol(SMTP)

*** is a Internet standard forelectronic mail (e-mail) transmission across the Internet Protocol (IP) networks. SMTP was first defined in RFC 821, andis a very popular protocol. SMTP is specified for outgoing mail transport and uses TCP port 25. While electronic mailservers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applicationstypically only use SMTP for sending messages to a mail server for relaying. For receiving messages, client applicationsusually use either the Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP) to accesstheir mail box accounts on a mail server.

112. Traceroute *** is a route-tracing utility that displays the path an IP packet takes to reach its destination. It uses Internet ControlMessage Protocol (ICMP) echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of eachgateway along the route to the remote host. Traceroute sends out a packet to the destination computer with the TTL fieldvalue of 1. When the first router in the path receives the packet, it decrements the TTL value by 1. If the TTL value is zero, itdiscards the packet and sends a message back to the originating host to inform it that the packet has been discarded.Traceroute records the IP address and DNS name of that router, and sends another packet with a TTL value of 2. Thispacket goes through the first router, and then times out at the next router in the path. The second router also sends an errormessage back to the originating host. Now, the process starts once again and traceroute continues to send data packetswith incremented TTL values until a packet finally reaches the target host, or until it decides that the host is unreachable.In the whole process, traceroute also records the time taken for a round trip for each packet at each router.

113. UDP portscanning

In *** , a UDP packet is sent to each port of the target system. If the remote port is closed, the server replies that theremote port is unreachable. If theremote Port is open, no such error is generated. Many firewalls block the TCP port scanning, at that time the UDP portscanning may be useful. Certain IDS and firewalls can detect UDP port scanning easily.

114. User AccountPolicy

The *** is a type of document, which focuses on therequirements for requesting and maintaining an account on computer systems or networks within an organization.This document is very important for large sites where users typically have accounts on many systems. Some sites haveusers read and sign an Account Policy as part of the account request process.

115. VPN *** stands for virtual private network. It allows users to use theInternet as a secure pipeline to their corporate local area networks (LANs). Remote users can dialin to any localInternet Service Provider (ISP) and initiate a VPN session to connect to theircorporate LAN over the Internet. Companies using VPNs significantly reduce long-distance dial-up charges. VPNs alsoprovide remote employees with an inexpensive way of remaining connected to their company's LAN for extendedperiods.

116. Web ripping *** is a technique in which the attacker copies the wholestructure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps anattacker to trace the loopholes of the Web site.

117. Whoisqueries

*** are used to determine the IP address ranges associated with clients. A whois querycan be run on most UNIX environments. In a Windows environment, the tools such as WsPingPro and Sam Spade canbe used to perform whois queries. Whois queries can also be executed over the Web from www.arin.net andwww.networksolutions.com.

118. WipeMASSter

The *** is a hardware forensic tool, which is used to erasedata of the hard drives. It can erase data of nine drives simultaneously at speed up to 3GB/min. The *** is also used toperform high volume hard drive sanitizing operations using PATA,S-ATA and laptop hard drives by using optional adapters. The *** can erase data of hard drives of different sizes andmodels in the same operation. It is also provided with an option for formatting the sanitized drives.

119. Wireless ZeroConfiguration(WZC),

***, also known as Wireless Auto Configuration, or WLAN AutoConfig is a wireless connection management utilityincluded with Microsoft Windows XP and later operating systems as a service that dynamically selects a wirelessnetwork to connect tobased on a user's preferences and various default settings. This can be used instead of, or in the absence of, a wirelessnetwork utility from the manufacturer of a computer's wireless networking device. The drivers for the wireless adapterquery the NDIS Object IDs and pass the available network names to the service. *** also introduce some securitythreats, which are as follows:● *** will probe for networks that are already connected. This information can be viewed by anyone using a wirelessanalyzer and can be used to set up fake access points to connect.●*** attempts to connect to the wireless network with the strongest signal. Attacker can create fake wireless networkswith high-power antennas and cause computers to associate with his access point.●*** does not interfere in the configuration of encryption and MACfiltering.

120. wireshark *** is an open source sniffing tool that is used for computernetwork protocol analysis and security auditing. It is capable of intercepting traffic on a networksegment, capturing passwords, and conducting man-in-the-middle attacks against a number ofcommon protocols.