3.0 Flashcards
LDAP/ LDAPS
Lightweight Directory Access Protocol/LDAP Secure
A standard protocol designed to maintain and access “directory services” within a network
Port 389 and 636
UTM
Unified Threat Management
All-in-one security appliance. When multiple security features or services are combined into a single device within your network.
PKI
Public Key Infrastructure
Framework managing digital certificates, encryption keys, and authentication processes, facilitating secure communication and data protection.
802.1X
A standard used in network security that provides port-based authentication (authenticated by a certificate) to devices attempting to connect to a network (NAC). You don’t get access to the network until you authenticate.
PEAP
Protected Extensible Authentication Protocol
An EAP method that uses a secure TLS tunnel. Protects authentication process within an encrypted channel.
EAP-FAST
EAP Flexible Authentication via Secure Tunneling
An EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. Using a secure tunnel without requiring server certificates.
CASB
Cloud access security broker
Placed between cloud service consumers and cloud service providers to monitor all activity and enforces security policies.
FDE
Full disk encryption
A security technology used to encrypt all data stored on a computer’s hard drive or storage device. Encrypt everything on the drive
SED
Self-encrypting drive
A type of storage device (such as a hard drive or solid-state drive) that includes built-in hardware-based encryption capabilities.
Containerization
A lightweight virtualization technology that allows applications and their dependencies to be packaged and isolated into containers.
MAC filtering
Media access control filtering
A network security technique used to control which devices can connect to a network based on their MAC addresses. Limit access through the physical hardware address.
MDM
Mobile Device Management
A type of software solution that helps organizations manage and secure mobile devices used by employees within their network. Manage company-owned and user-owned mobile devices
COPE
Corporate-Owned, Personally Enabled
A mobile device management strategy used by organizations to manage company-owned devices while allowing employees some level of personal use.
VDI/VMI
Virtual Desktop Infrastructure/Virtual Mobile Infrastructure
VDI is a technology that allows users to access a desktop environment virtually, rather than having a physical computer at their desk. VMI is similar to VDI but focuses on virtualizing mobile device environments, such as smartphones or tablets.
– The apps are separated from the mobile device
– The data is separated from the mobile device
WPA2
Wi-Fi Protected Access 2
It’s a security protocol used to protect wireless networks from unauthorized access and data interception.
Employs the Advanced Encryption Standard AES with a 128-bit key.
WPS
Wi-Fi Protected Setup
Wi-Fi Protected Setup (WPS) is a network security standard that was created to simplify the process of connecting devices to a secure wireless network.
RBAC
Role-based access control
A method of restricting network access based on the roles of individual users within an organization.
ABAC
Attribute-based access control
A more flexible access control model that uses attributes about users, systems, and the environment to make access control decisions. Ex. location, time, and device, as well as username and password.
DAC
Discretionary Access Control
A type of access control where the owner of a resource determines who can access that resource and what permissions they have. DAC, access decisions are based on the discretion of the resource owner, who can grant or revoke access rights to users or groups.
MAC
Mandatory Access Control
Access control scheme uses labels to grant access, controlling data access and preventing unauthorized use.
VLAN
Virtual local area network
A network segmentation technique used to divide a single physical network into multiple logical networks
Measured Boot
Ensures boot process integrity by measuring and comparing cryptographic hashes of key components.
Process hashes the subsequent processes and compares the hash values to known good values.
Trusted Boot
Establishes a chain of trust during startup, verifying firmware and OS integrity using hardware-based security features like TPM.
Process verifies the digital signature of the OS kernel
Secure Boot
Prevents unauthorized software execution during boot by verifying digital signatures of bootloader and OS components.