2.0 Flashcards
MFD
Multifunction devices
A device, such as a printer, with multiple functions, such as printing and scanning.
SoC
System on a Chip
The integration of complete system functions on a single chip in order to simplify construction of devices.
RTOS
Real-Time Operating System
Are designed for devices where the processing must occur in real time and data cannot be queued or buffered for any significant length of time.
IaaS
Allows an organization to outsource its equipment requirements, including the hardware and all support operations. The IaaS service provider owns the equipment, houses it in its data center, and performs all the required hardware maintenance.
Ex. Amazon Web Services (AWS), Microsoft Azure
SaaS
Software as a Service
Any software or application provided to users over a network such as the Internet. Internet users access the SaaS applications with a web browser.
Ex. Gmail, Yahoo! Mail, Google Docs, One Drive etc.
PaaS
Platform as a Service
provides customers with a preconfigured computing platform they can use as needed. It provides the customer with an easy-to-configure operating system, combined with appropriate applications and on-demand computing.
Ex. Salesforce, Github, Docker
TOTP
Time-based One-Time Password
A password that is used once and is only valid during a specific time period.
WAF
Web Application Firewall
A firewall that operates at the application level, specifically designed to protect web applications by examining requests at the application stack level.
Public Cloud
A cloud service that is rendered over a system open for public use. Services are available from third-party companies, such as Amazon, Google, Microsoft, and Apple.
Community Cloud
A cloud system is one where several organizations with a common interest share a cloud environment for the specific purposes of the shared endeavor.
Private Cloud
A cloud system where it is essentially reserved resources used only by your organization if your organization is highly sensitive to sharing resources.
Hybrid Cloud
Is a combination of two or more clouds. They can be private, public, community, or a combination of these.
Federation
Defines policies, protocols, and practices to manage identities across systems and organizations. Federation’s ultimate goal is to allow users to seamlessly access data or systems across domains.
Ex. Provide network access to others, not just employees but partners, suppliers, customers, etc.
DNS sinkhole
Domain Name System sinkhole
This is a technique used to redirect malicious or unwanted traffic to a specific IP address. It’s often used as a security measure to block access to malicious domains or to filter out unwanted content.
Honeynet
A network designed to look like a corporate network but is made attractive to attackers. A honeynet is a collection of honeypots.
Honeypot
It is a server that is designed to act like a real server on a corporate network, but rather than having real data, the honeypot possesses fake data.
Screened subnet (formerly known as DMZ)
Demilitarized zone
A network segment that exists in a semi-protected zone between the Internet and the inner, secure trusted network.
UPS
Uninterruptible power supply
Provides short-term power and can protect against power fluctuations.
Blockchain
A distributed ledger with growing lists of records (blocks) that are securely linked together via cryptographic hashes.
Keeps track of transactions.
Asymmetric encryption
Uses two keys (public and private) created as a matched pair.
Symmetric encryption
Uses the same key to encrypt and decrypt data.
Faraday cage
Room/ cage that prevents radio frequency (RF) signals or Electromagnetic interference (EMI) from entering into or emanating beyond a room.
Obfuscation
Altering the format, structure, or presentation of data or code without changing its functionality, making it challenging for adversaries to interpret or exploit the information.
Key stretching
Cryptographic technique used to enhance the security of passwords or cryptographic keys by increasing their complexity and resistance to brute-force attacks.
Digital signature
An electronic, encrypted, stamp of authentication on digital information such as email messages, macros, or electronic documents. Used for non-repudiation and integrity.
MSP/MSSP
Managed Service Provider/ Managed Service Provider
A third party that manages and maintains the security environment for companies.
MSP support
– Network connectivity management
– Backups and disaster recovery
– Growth management and planning
Continuous monitoring
To describe the technologies and processes employed to enable rapid detection of compliance issues and security risks. Check for a particular event, and then react.
Stored Procedure
Stored procedures are precompiled scripted methods of data access (SQL)
Normalization
The process of creating the simplest form, of a string, before processing. To reduce and eliminate redundancy
Attestation
Attestation can be done by a service that checks the credentials supplied, and if they are correct and match the required values, the service can attest that the entry is valid or correct.
HOTP
HMAC-based One-Time Password algorithm
Keyed-hash message authentication code (HMAC). The keys are based on a secret key and a counter. Use them once, and never again.
HE
Homomorphic Encryption
A set of algorithms that allows operations to be conducted on encrypted data, without decrypting and reencrypting.
ECC
Elliptic curve cryptography
An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. As a public-key cryptosystem, it relies on an asymmetric algorithm.
Ex. of use is for mobile devices
Key exchange
A cryptographic method used to share cryptographic keys between two entities.
Ephemeral keys
Cryptographic keys that are used only once after generation.
Diffie–Hellman key exchange
Cryptographic protocol used to securely exchange encryption keys over an insecure medium.
Perfect forward secrecy
A feature of cryptographic systems that ensures that even if a long-term secret key is compromised, past communications remain secure. Generates random public keys for each session
Steganography
hides data inside other data, it hides data in plain sight. The goal is to hide the data in such a way that no one suspects there is a hidden message.
Stream Cipher
Encrypts data as a stream of bits or bytes rather than dividing it into blocks. It is done one at a time
Block
A block cipher encrypts plaintext one block at a time.
IP schema
An IP address plan or model
IRM
Information Rights Document
To control how data is used. Restrict data access to unauthorized persons.
Fake telemetry
When security teams/tools send false information back to an attacker spotted using offensive security tools, like port scanners
Edge computing
The practice of storing and processing data close to the devices that generate and use the data. Which could be within a local area network (LAN) or on devices themselves.
Fog Computing
Complements cloud computing by processing data from IoT devices. Often places gateway devices in the field to collect and correlate data centrally at the edge.
Thin Client
A lightweight computer, with limited resources, whose primary purpose is to communicate with another machine
Container
Services or applications within isolated containers or application cells.
Microservices
They are small, independent code modules that perform specific functions, receive input (value), and produce output (value) through well-defined interfaces or APIs.
Serverless Architecture
A cloud computing model where developers can build and run applications without managing the underlying infrastructure.
Transfer gateway
A transit gateway is used to connect VPCs to an on-premises network.
Resource policies
Assigning permissions to cloud resources
Service Integration
Deploying multiple connection from multiple cloud services
SDN
Software-Defined Networking
an approach to networking that separates the control plane from the data plane, allowing centralized control and programmability of network devices through software-based controllers.
SDV
Software-Defined Visibility
Ensures that all traffic is viewable and can be analyzed.
Virtual machine (VM)
sprawl avoidance
Refers to strategies and practices aimed at preventing the uncontrolled proliferation of virtual machines within an IT environment.
VM escape protection
Refers to measures and techniques implemented to prevent unauthorized access or exploitation of vulnerabilities that could allow an attacker to escape from a virtual machine (VM) and gain access to the underlying hypervisor or host system.
Snapshot
A snapshot is an image of the virtual machine (VM) at some point in time. It is standard practice to periodically take a snapshot of a virtual system so that you can return that system to a last known good state.
Elasticity
The ability to increase or decrease available resources as the workload changes.
Scalability
The ability to increase the workload in a given infrastructure.
Provisioning
Deploying an application
Deprovisioning
Dismantling and removing an application instance.
VPC
Virtual Private Cloud
virtual device within a virtual network. Users or services can connect to the VPC endpoint and then access other resources via the virtual network instead of accessing the resources directly via the Internet.
FRR
False rejection rate
Likelihood that an authorized user will be rejected
FAR
False acceptance rate
Likelihood that an unauthorized user will be accepted
CER
Crossover error rate
Defines the overall accuracy of a biometric system
Pulping
An additional step taken after shredding paper. It reduces the shredded paper to mash or puree. Removes the ink.
Pulverizing
physical process of destruction using excessive physical force to break an item into unusable pieces, such as with a sledge hammer (and safety goggles).
Degaussing
Destroying files on magnetic storage devices (that is, magnetic tape and hard drives) is to destroy the data magnetically, using a strong magnetic field to degauss the media.
Access control vestibules
Sometimes call mantraps allow only a single person to pass at a time.
Protected cable distribution
A physically secure cabled network. Protect your cables and fibers
Air Gap
A physical security control that ensures that a computer or network is physically isolated from another computer or network.
Geographic dispersal
Use multiple data centers in different locations so that personnel can easily retrieve the backups when disaster happens in the current data center.
Multipath
It uses a separate data transfer path to and from the storage hardware.
Configuration Management
Ensures that systems are configured, in other words, configurations are known and documented.
Change management
Identify and document changes to reduce outages or weekend security from unauthorized changes.
Standard Naming Conventions
Are used to make identifying device type easier.
Asset management
Maintain an up-to-date asset register to ease the process of tracking and maintaining assets.
Baseline Configuration
Ensuring that systems are deployed with a common baseline or starting point
DRM
Digital Rights Management
Allow content owners to enforce restrictions on their content that is used by others.
Data Sovereignty
Digital data that is subject to laws and regulations of the country it was created and cannot be moved to another region
IaC
Infrastructure as code
is a management of infrastructure described in code
Integrity Measurement
Measuring and identification of changes to a system to ensures that the application performs as it should do and conforms to data industry standards and regulations.
Memory management
Code should be written to minimize memory consumption and return memory to the system when no longer needed.
Software Diversity
Creation of software that’s different on each user endpoint/device
OWASP
An organization that provides the most up to date of web application concerns/ attacks.
Static codes
a static set of numbers and letters to provide for authentication. A password or passphrase is an example of an alphanumeric static code.
NIC
Network Interface Card
Dual network cards, paired together to give maximum throughput.
Should one adapter fail, the other can ensure the server or client maintains network connectivity.
PDUs
Managed Power Distribution Units
A device that provides multiple power outlets (for power cable plugs). A managed PDU includes network connectivity for remote connection and management of the power outlets.
SAN
Storage Area Network
A hardware device that contains a large number of fast disks, such as Solid-State Drives (SSDs), usually isolated from the LAN on its own network
NAS
Network-attached storage
Connect to a shared storage device across the network
HA
High Availability
The ability to keep services up and running for long periods of time.
FPGA
Field-Programmable Gate Array
an array of programmable logic blocks, designed to be configured by customer or designer after manufacturing.
SCADA/ICS
Supervisory control and data acquisition
/industrial control system
Are systems used for controlling and monitoring industrial processes.
Narrow Band
Refers to radio communications that carry signals in a narrowband of frequencies Used in a variety of scenarios requiring short range, wireless communication
Baseband Radio
Used for audio signals over a radio frequency transmitted over a single channel uses a single frequency for communication, and is digital
Zigbee
A short-range wireless PAN (Personal Area Network) technology developed to support automation, machine-to-machine communication, remote control and monitoring of IoT devices.
Industrial camouflage
For company facilities housing important resources and operations, designing the building to prevent recognition.
Proximity reader
It is commonly used to gain access to doors, or door locks.
Air gap
Create “air gaps” between some systems that are used internally to separate confidential systems from standard systems.
Quantum
Harnessing the principles of quantum mechanics to improve security.
Counter
Uses an incrementing counter instead of a seed. Errors do not propagate.
Post-quantum cryptography
Breaks our existing encryption mechanisms
Stream ciphers
Encryption is done one bit or byte at a time
is a method of encrypting text in which a cryptographic key and algorithm are applied to a block of data
Block ciphers
Is a method of encrypting text in which a cryptographic key and algorithm are applied to a block of data
Entropy
a measure of the randomness or diversity of a data-generating function. Data with full entropy is completely random with no meaningful patterns.