3.0 Flashcards
LDAP/ LDAPS
Lightweight Directory Access Protocol/LDAP Secure
A standard protocol designed to maintain and access “directory services” within a network
Port 389 and 636
UTM
Unified Threat Management
All-in-one security appliance. When multiple security features or services are combined into a single device within your network.
PKI
Public Key Infrastructure
Framework managing digital certificates, encryption keys, and authentication processes, facilitating secure communication and data protection.
802.1X
A standard used in network security that provides port-based authentication (authenticated by a certificate) to devices attempting to connect to a network (NAC). You don’t get access to the network until you authenticate.
PEAP
Protected Extensible Authentication Protocol
An EAP method that uses a secure TLS tunnel. Protects authentication process within an encrypted channel.
EAP-FAST
EAP Flexible Authentication via Secure Tunneling
An EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. Using a secure tunnel without requiring server certificates.
CASB
Cloud access security broker
Placed between cloud service consumers and cloud service providers to monitor all activity and enforces security policies.
FDE
Full disk encryption
A security technology used to encrypt all data stored on a computer’s hard drive or storage device. Encrypt everything on the drive
SED
Self-encrypting drive
A type of storage device (such as a hard drive or solid-state drive) that includes built-in hardware-based encryption capabilities.
Containerization
A lightweight virtualization technology that allows applications and their dependencies to be packaged and isolated into containers.
MAC filtering
Media access control filtering
A network security technique used to control which devices can connect to a network based on their MAC addresses. Limit access through the physical hardware address.
MDM
Mobile Device Management
A type of software solution that helps organizations manage and secure mobile devices used by employees within their network. Manage company-owned and user-owned mobile devices
COPE
Corporate-Owned, Personally Enabled
A mobile device management strategy used by organizations to manage company-owned devices while allowing employees some level of personal use.
VDI/VMI
Virtual Desktop Infrastructure/Virtual Mobile Infrastructure
VDI is a technology that allows users to access a desktop environment virtually, rather than having a physical computer at their desk. VMI is similar to VDI but focuses on virtualizing mobile device environments, such as smartphones or tablets.
– The apps are separated from the mobile device
– The data is separated from the mobile device
WPA2
Wi-Fi Protected Access 2
It’s a security protocol used to protect wireless networks from unauthorized access and data interception.
Employs the Advanced Encryption Standard AES with a 128-bit key.
WPS
Wi-Fi Protected Setup
Wi-Fi Protected Setup (WPS) is a network security standard that was created to simplify the process of connecting devices to a secure wireless network.
RBAC
Role-based access control
A method of restricting network access based on the roles of individual users within an organization.
ABAC
Attribute-based access control
A more flexible access control model that uses attributes about users, systems, and the environment to make access control decisions. Ex. location, time, and device, as well as username and password.
DAC
Discretionary Access Control
A type of access control where the owner of a resource determines who can access that resource and what permissions they have. DAC, access decisions are based on the discretion of the resource owner, who can grant or revoke access rights to users or groups.
MAC
Mandatory Access Control
Access control scheme uses labels to grant access, controlling data access and preventing unauthorized use.
VLAN
Virtual local area network
A network segmentation technique used to divide a single physical network into multiple logical networks
Measured Boot
Ensures boot process integrity by measuring and comparing cryptographic hashes of key components.
Process hashes the subsequent processes and compares the hash values to known good values.
Trusted Boot
Establishes a chain of trust during startup, verifying firmware and OS integrity using hardware-based security features like TPM.
Process verifies the digital signature of the OS kernel
Secure Boot
Prevents unauthorized software execution during boot by verifying digital signatures of bootloader and OS components.
NGFW
Next-generation firewall
An advanced network security solution that combines traditional firewall capabilities with additional features such as intrusion prevention, application awareness, and advanced threat detection and mitigation.
IPSec
Internet Protocol Security
A suite of protocols used to secure and encrypt communication over IP networks. Send information in the layer 3 public internet, but encrypt the data
Uses Authentication Header (AH) for integrity and Encapsulation Security Payload (ESP) for encryption.
SSL
Secure Sockets Layer
It ensures that data exchanged between a web server and a web browser remains confidential, integral, and authenticated. However, it’s worth noting that SSL has been largely replaced by its successor, Transport Layer Security (TLS), which offers enhanced security features and improved protocols.
CA
Certificate Authority
Is the trusted authority that certifies individuals’ identities and creates electronic documents indicating that individuals are who they say they are.
TACACS+
Terminal Access Controller Access-Control System Plus
A network authentication, authorization, and accounting (AAA) capabilities, a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network.
Kerberos
A network authentication protocol designed to provide secure authentication for client-server applications over a non-secure network, such as the internet. (Ticketing system)
TPM
Trusted Platform Module
A chip that resides on the motherboard of the device. Provides the operating system with access to keys.
Ex. enables hard drive encryption
HSM
Hardware Security Module
A security device you can add to a system to manage, generate, and securely store cryptographic keys.
Proxies
Proxies are servers that act as middlemen between your device (like a computer or phone) and the internet. They help with things like hiding your IP address, filtering content, speeding up web browsing by storing copies of web pages, and balancing internet traffic across multiple servers.
SMTP
Simple Mail Transfer Protocol
The standard Internet protocol used to transfer e-mail between hosts.
Protocol number 25
S/MIME
Secure/Multipurpose Internet Mail Extensions
A protocol that adds a layer of security to email messages. It provides encryption and digital signatures to ensure the confidentiality, integrity, and authenticity of email communication.
DLP
Data Loss Prevention
Solutions serve to prevent sensitive data from leaving the network without notice.
Boot Attestation
Boot attestation verifies the integrity of a computer’s boot process using cryptographic signatures to ensure only trusted software components are loaded, preventing unauthorized alterations.
Tokenization
Is the process of substituting a surrogate value, called a token, for a sensitive data element.
Salting
Is the process of adding a random element to a value before performing a mathematical operation like hashing.
Hashing
A process of converting input data (such as text, files, or passwords) into a fixed-size string of characters using a hash function. Hashing is commonly used for data integrity verification, password storage, digital signatures, and indexing data structures.
Static code analysis
Is when the code is examined without being executed.
Dynamic code analysis
Analyzes the code during execution.
Fuzzing
(or fuzz testing) is a brute force method of addressing input validation issues and vulnerabilities. They have software tools that transmit unexpected and abnormal data to applications to assess their response.
Registry
Repository of all information related to configurations. Configuration options for the OS are located in the Registry.
Zero Trust
Zero trust network is a network that doesn’t trust any devices by default, even if it was previously verified.
NGSWG
Next-Gen Secure Web Gateway
A combination of a proxy server and a stateless firewall. Provides proxy services for traffic from clients to Internet sites, such as filtering URLs and scanning for malware.
MAM
Mobile Application Management
Manages applications on mobile devices. Provision, update, and remove apps.
Jump server
A hardened server used to access and manage devices in another network with a different security zone.
UEM
Unified Endpoint Management
to ensure systems are kept up to date with current patches, have antivirus software installed with up-to-date definitions, and are secured using standard security practices.
MDM
Mobile device management
Includes the technologies to manage mobile devices with the goal to ensure these devices have security controls in place to keep them secure.
Ex. Application management, Full device encryption, Passwords and PINs
SAML
Security Assertion Markup Language
It is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
Key Escrow
A method of storing decryption keys with a
trusted third-party. This includes a system by which your private key is kept both by you and by a third party.
DNSSEC
Domain Name System Security Extensions
Allows for the verification of DNS data and denial of existence and ensures data integrity for DNS. However, it does not offer confidentiality or availability controls.
NAT Gateway
Network Address Translation Gateway
allows private subnets to communicate with other cloud services and the Internet, but hides the internal network from Internet users.
RADIUS
Remote Authentication Dial-In User Service
Used to provide AAA for network services,
a networking protocol that authorizes and authenticates users who access a remote network.
PAP
Password Authentication Protocol
is a simple, plain-text password-based authentication protocol used by Point-to-Point Protocol (PPP) to validate users.
Resource policies
Identity and access management (IAM)
– Who gets access, what they get access to on the cloud
This allows your organization to set restrictions, manage the resources, and manage cloud costs
WPA3
Wi-Fi Protected Access 3
Released in 2018 to address the weaknesses in WPA2.
Uses a much stronger 256-bit Galois/Counter Mode Protocol (GCMP-256) for encryption.
There are two versions: WPA3-Personal for home users, and WPA3-Enterprise for corporate users
CHAP
Challenge-Handshake Authentication Protocol
A more secure version of PAP. Sends an encrypted challenge sent over the network and client has to send a match to be authenticated.
OCSP
Online Certificate Status Protocol
A protocol used for obtaining the revocation status of a digital certificate in real-time. It allows applications to check if a certificate has been revoked by querying a certificate authority’s (CA) OCSP server.
CRL
Certificate Revocation List
A list of certificates that have been revoked by the certificate authority before their scheduled expiration date. This list is periodically published by the CA.
CSR
Certificate Signing Request
A block of encoded text that is given to a certificate authority when applying for a digital certificate. It contains information about the entity requesting the certificate and the public key to be included in the certificate.
Secure Cookies
Cookies are text files sent with every request to a website. Secure attribute, when set, instructs the browser and server to only transport the cookie over HTTPS channels.
Implicit deny
It indicates that all traffic that isn’t explicitly allowed is implicitly denied. The implicit deny rule is the last rule in an ACL.
EAP
Extensible Authentication Protocol
A framework for transporting authentication protocols, allowing various authentication methods. It’s like a system for checking who is allowed to use a network.
EAP-TLS
EAP method using TLS for mutual authentication with certificates. Provides high security with client and server certificates.
EAP-TTLS
An EAP method that creates a secure tunnel using a server-side certificate and then authenticates the client using another method inside this tunnel. Provides a secure way to authenticate without requiring client-side certificates.
Captive portals
Redirect all traffic to a specific portal page, either to gather information or display the page itself. Once users fulfill the portal’s requirements, they gain access to the Internet.
Broadcast storm prevention
Limit the number of broadcasts per second to avoid flooding attacks
Bridge Protocol Data
BPDU Guard
Bridge Protocol Data Unit Guard
A network security feature that disables a port if it receives a BPDU, preventing potential loops and unauthorized devices from influencing Spanning Tree Protocol (STP) topology.
Loop prevention
A network feature that ensures data packets do not circulate endlessly in a network, preventing broadcast storms and network congestion. Spanning Tree Protocol (STP) prevents this from happening by forwarding, listening, or blocking on some ports.
Dynamic Host Configuration
Protocol (DHCP) snooping
A defensive measure against an attacker that attempts to use a rogue DHCP device.
Site survey
Site survey examines the wireless environment to identify potential issues, such as areas with noise or other devices operating on the same frequency bands.
WiFi analyzers
Provide a means of determining signal strength and channel interference.
Wireless Controller
– Centralized management of wireless access points
– Manage system configuration and performance
Access point security
– Use strong passwords
– Update to the latest firmware
IdP
Creates, manages, maintains identity information. Responsible for authenticating identity.
SSH keys
Access credentials used by the Secure Shell (SSH) protocol. They function like usernames and passwords, but SSH keys are primarily used for automated processes and services.
Shared and generic
accounts/credentials
Accounts used by multiple people or for generic purposes, often lacking personalized access controls. These can pose security risks due to the difficulty in tracking individual actions.
Service accounts
Special accounts used by applications or services to interact with the operating system or other software. Not intended for direct human use.
User accounts
An account on a computer associated with a specific person
Guest accounts
Temporary accounts with limited permissions, used to provide access to visitors or short-term users without granting full user privileges.
Geofencing
Automatically allow or restrict access when the user is in a particular location
Geotagging
Add location metadata to a document or file. Latitude and longitude, distance, time stamps
AH
Authentication Header
Protocol provides a mechanism for authentication only
ESP
Encapsulating Security Payload
provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). ESP can be used with confidentiality only, authentication only, or both confidentiality and authentication.
EDR
An integrated endpoint security solution that combines: real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
Hypertext Transfer Protocol (HTTP) Headers
Are designed to transfer information between the host and the web server.
Manual Code Review
Code is reviewed line by line to ensure that the code is well-written and error free.
Hardware root of trust
It verifies that the keys match before the secure boot process takes place
Intranet
A private network that is designed to host the information internal to the organization.
Extranet
A section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to external business partners or the public Internet. A cross between internet and intranet
East-West Traffic
Where traffic moves laterally between servers within a data center. north-south traffic moves outside the data center.
L2TP/IPSec
This is the most secure tunneling protocol that can use certificates, Kerberos authentication, or a pre-shared key. L2TP/IPSec provides both a secure tunnel and authentication.
Always On mode
a low-latency point-to-point connection between two sites. A tunnel between two gateways that is “always connected”
Secure Socket Layer (SSL) VPN
Works with legacy systems and uses SSL certificates for authentication.
HTML 5 VPN
Similar to the SSL VPN, as it uses certificates for authentication. easy to set up, and you just need an HTML5-compatible browser such as Opera, Edge, Firefox, or Safari.
Agent-Based
Uses installed software agents for detailed, customizable data collection; requires more resources and maintenance.
Agentless
Uses remote queries for easy deployment and low resource usage; may offer less detailed data.
Out-of-band management
Enable IT to work around problems that may be occurring on the network.
Forward proxy
Server that controls requests from clients seeking resources on the internet or an external network.
Reverse Proxy
Placed on a screened subnet, performs the authentication and decryption of a secure session to enable it to filter the incoming traffic.
Heuristic/behavior based
Creates a baseline of activity to identify normal behavior, and then measures system performance against the baseline to detect abnormal behavior.
Signature-based
Uses signatures similar to the signature definitions used by anti-malware software.
In-line
NIDS/NIPS placed on or near the firewall as an additional layer of security. (IDS mode)
Passive
Traffic does not go through the NIPS/NIDS. Sensors and collectors forward alerts to the NIDS. (IDS mode)
Sensors and collectors
Can be placed on a network to alert NIDS of any changes in traffic patterns on the network.
Stateless
Watch network traffic and restrict or block packets based on source and destination addresses or other static values. Not ‘aware’ of traffic patterns or data flows. Typically, faster and perform better under heavier traffic loads.
Stateful
Can watch traffic streams from end to end. Are aware of communication paths and can implement various IP security functions such as tunnels and encryption. Better at identifying unauthorized and forged communications.
Access control list (ACL)
To allow or deny traffic.
Quality of service (QoS)
Ensures that applications have the bandwidth they need to operate by prioritizing traffic based on importance and function.
Port spanning/port mirroring
Switch features that duplicate network traffic for monitoring purposes.
Port taps
Hardware devices that create a copy of the network traffic.
File integrity monitors
detects changes to files that should not be modified
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
Created to replace WEP and TKIP/WPA uses AES (Advanced Encryption Standard) with a 128-bit key
SAE
Simultaneous Authentication
of Equals
used with WPA3-Personal and replaces the WPA2-PSK Protects against brute-force attacks
uses a secure Diffie Hellman handshake, called dragonfly
uses perfect forward secrecy, so immune to offline attacks
RADIUS Federation
Enables members of one organization to authenticate to another with their normal credentials. Trust is across multiple RADIUS servers across multiple organizations. A federation service where network access is gained using wireless access points (WAPs).
SIM
Subscriber Identity Module cards
Small computer chips that contain the information about mobile subscription allows the user to connect to a telecommunication provider to make calls, send text messages, or use the Internet.
Infrared
The device is purely line-of-sight and has a maximum range of about 1 meter. Can be used to print from your laptop to an infrared printer.
Point-to-point
One-to-one connection between the two devices communicating on a network, typically wireless
Point-to-multipoint
A WAP connecting to multiple wireless devices
Content Management
Stores business data in a secure area of the device in an encrypted format to protect it against attacks.
Geolocation
Uses GPS to give the actual location of a mobile device.
MicroSD HSM
MicroSD hardware
security module
A physical device that provides cryptographic features for your computer in a smaller, mobile form factor.
SEAndroid
Provides additional access controls (MAC and DAC), security policies and includes policies for configuring the security of these mobile devices. prevents any direct access to the kernel of the Android operating system provides centralized management for policy configuration and device management.
Sideloading
Enables installing an application package in .apk format on a mobile device. Useful for developers to run trial of third-party apps, but also allows unauthorized software to be run on a mobile device.
Firmware over-the-air (OTA) updates
updates are pushed out periodically by the vendor, ensuring that the mobile device is secure.
Multimedia Messaging Service (MMS)
A way to send pictures as attachments, similar to sending SMS messages.
Rich Communication Services (RCS)
An enhancement to SMS and is used in Facebook and WhatsApp to send messages so that you can see the read receipts. You can also send pictures and videos.
USB OTG
USB On-The-Go
Allows USB devices plugged into smartphones and tablets to act as a host for other USB devices.
WI-FI direct/ ad hoc
Wi-Fi direct wireless network allows two Wi-Fi devices to connect to each other without requiring a WAP.
Ad-hoc is same but it is multipath and can share an internet connection with someone else.
Tethering
The process of sharing a mobile device’s internet connection with other devices.
CYOD
Choose your own device
New employee chooses from a list of approved devices.
HA across zones
High availability across zones
unique physical locations within a region with independent power, network, and cooling
Secrets management
Access for application secrets A secret is anything that you want to control access to, such as API keys, passwords, certificates, tokens, or cryptographic keys.
Public and Private Subnets (Cloud)
Public - can connect directly to the internet.
Private - cannot connect directly to the internet to use for internal resources
Security Groups
Use security groups to define permissible network traffic, consisting of rules similar to a firewall ruleset.
Dynamic Resource Allocation
This uses virtualization technology to scale the cloud resources up and down as the demand grows or falls.
Instance awareness
To prevent VM sprawl and unmanaged VMs. Tools like NIDS/NIPS can help to detect new instances.
Container Security
Practices and tools designed to secure containers, which are lightweight, portable, and scalable units for running applications.
Virtual private cloud (VPC) endpoint
allows you to create a private connection between your VPC and another cloud service without crossing over the internet.
Impossible travel time
Login from distant locations within an impossibly short timeframe.
Risky login
Suspicious login attempt based on unusual behavior or patterns.
Account Disablement
Account management (the identity lifecycle) ranges from account creation at onboarding to its disablement when a user leaves the company.
OAuth
is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their Microsoft, Google, Facebook, Twitter, One Network etc. accounts without exposing their password.
OpenID
is an open standard, It provides decentralized authentication, allowing users to log into multiple unrelated websites with one set of credentials maintained by a third-party service referred to as an OpenID provider.
Rule-based access control
applies global rules that apply to all subjects. Rules within this model are sometimes referred to as restrictions or filters.
Key management
Management of cryptographic keys in a cryptosystem.
Intermediate CA
An Intermediate Certificate Authority is an entity that is subordinate (lower in rank) to the Root CA and is responsible for issuing certificates to end entities or other subordinate CAs.
RA
Registration Authority
It is an entity responsible for verifying the identities of entities requesting digital certificates before the certificates are issued by a Certificate Authority (CA).
CN
Common Name
It is a field within a digital certificate that specifies the name of the entity (such as a server, device, or user) to which the certificate is issued. This field is part of the Distinguished Name (DN) in the certificate and is often used to identify the subject of the certificate.
SAN
Subject alternative name
An extension in a digital certificate that allows additional identities (such as domain names, IP addresses, email addresses) to be associated with the subject of the certificate.
Wildcard
Wildcard certificates include an asterisk and period before the domain name. SSL certificates commonly extend encryption to subdomains through the use of wildcards.
Domain validation
A Domain-Validated (DV) certificate is an X.509 certificate that proves the ownership of a domain name.
Extended validation
A type of SSL/TLS certificate that requires a rigorous verification process by the Certificate Authority (CA) to confirm the legal identity and operational status of the entity requesting the certificate.
Stapling
A method used with OCSP, which allows a web server to provide information on the validity of its own certificate. Done by the web server essentially downloading the OCSP response from the certificate vendor in advance and providing it to browsers.
Pinning
Certificate Pinning is a security mechanism that associates a host with its expected public key or certificate to mitigate the risk of man-in-the-middle attacks.
Trust model
The framework and policies for how entities establish and manage trust relationships within a Public Key Infrastructure (PKI).
Certicate chaining
Certificate Chaining is the process of linking certificates together from the end-entity certificate up to the Root CA to establish a chain of trust.
