3.0 Implementation Flashcards
network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data
And uses port 22
SSH Secure Shell
A set of specifications for securing electronic mail and a technology that allows you to encrypt your emails. based on asymmetric cryptography to protect your emails from unwanted access.
Now a successor for PEM
Secure/Multipurpose Internet Mail Extensions S/MIME
The protocol provides encryption, confidentiality, message authentication, and replay protection to your transmitted audio and video traffic
Uses UDP protocol
SRTP Secure Real Time Transport Protocol
is an open and cross platform protocol used for directory services authentication
uses port 389
Lightweight Directory Access Protocol
is an open and cross platform protocol used for directory services authentication however its over SSL
uses port 636
LDAP Secure
standard communication protocol used for the transfer of computer files from a server to a client on a computer
uses port 21 and 20
FTP File Transfer Protocol
standard communication protocol used for the transfer of computer files from a server to a client or client to server however its add on encryption
Uses port 990
FTPS Secure
a network protocol for securely accessing, transferring and managing large files and sensitive data and uses ssh
Uses port 22
SSH FTP
an application-layer protocol for monitoring and managing network devices on a local area network (LAN) or wide area network (WAN)
includes new security features that add support for authentication and encryption of messages as well as protecting packets during transit
Use port 161 and 162
simple network management protocol v3
What protocol uses port 80?
HTTP
What protocol uses port 443?
HTTPS
a group of networking protocols used for setting up secure encrypted connections, such as VPNs, across publicly shared networks
IPSec
protocol provides data origin authentication, data integrity, and replay protection. However, it does not provide data confidentiality, which means that all of your data is sent in the clear
Authentication Header
protocol provides data confidentiality, and also optionally provides data origin authentication, data integrity checking, and replay protection
ESP encapsulating security payload
IPsec mode sets up a secure connection
IP Tunnel
IPsec Mode only encrypts the data being sent without establishing a secure connection
IP Transport mode
commonly used message request protocol in the Internet world for transferring messages from an e-mail server to an e-mail client.
uses port 110
Post Office Protocol
a protocol where email clients to retrieve email messages from a mail server over a TCP/IP connection
uses port 143
Internet Message Access Protocol (IMAP)
a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop
Anti Virus
a type of software program created to protect information technology (IT) systems and individual computers from malicious software
anti malware
an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware
endpoint detection and response
makes sure that users do not send sensitive or critical information outside the corporate network
data loss prevention
third generation of firewall technology, designed to address advanced security threats at the application level through intelligent, context-aware security features
next generation firewall NGFW
an approach to security that relies on third-party software tools to identify and prevent malicious activities. prevention systems are typically used to protect endpoint devices
Host IPS Intrusion Base Prevention System
help organizations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches
Host IDS Intrusion Detection System
protects your machine from rootkits and other malware. This type of Boot will check each start up component including the firmware all the way to the boot drivers and it will store this information into the TPM
Measured Boot
software integrity measurements are immediately committed to during boot, thus relaxing the traditional requirement for secure storage and reporting.
Boot Attestation
attribute is only sent to the server with an encrypted request over the HTTPS protocol
Secure Cookies
is a method of computer program debugging that is done by examining the code without executing the program
Static Code Analysis
analysis involves running code and examining the outcome, which also entails testing possible execution paths of the code
dynamic code analysis
an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities
Fuzzing
encrypt data as it is written to the disk
Self Encrypting Drives
protects the data on your device in the event it is lost or stolen.
Full Disk encryption
use full disk hardware encryption technology to secure data stored in them. By encrypting the entire drive, users do not have to worry about their data being accessed if the drive, laptop or mobile device gets stolen or lost
Opal FDE
the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a secure boot process. It is inherently trusted, and therefore must be secure by design.
Hardware root of trust
cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Feature is.built into the motherboard
trusted platform module
a load balancer configuration that distributes their workloads across multiple active servers
Active Active Load Balancer
handles the full workload, while a backup server remains on standby, only activating in the event of a failure.
Active Passive Load Balancer
specify the manner in which a server load is shared across a server pool
Schedule Load Balancer
required to load balance clients requests and to reroute clients in case of failover
Virtual IP Load Balancer
boosts performance by configuring a backend server to work efficiently with user requests.
Persistence load balancer
the transfer of data packets from server to server within a data center
East-West Traffic
provides a secure network for an organization to share information with relevant people outside the organization
Extranet
private network contained within an enterprise that is used to securely share company information and computing resources. These can only be accessed by employees only
Intranet
a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction
Zero Trust
works as an automated service that establishes a connection between the client and the VPN with no user interactions whatsoever
Always on VPN
dividing your internet connection between two connections. The public network/open server and the private network. By doing so, enables you to leverage VPN to encrypt confidential data while still having direct access to the internet
spilt Tunnel VPN
using your VPN for all your traffic
Full Tunnel VPN
VPN connects remote users from any location to a corporate network
Remote VPN
VPN connects individual networks to each other
Site to Site VPN
communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems
SSL Secure Socket Layer
communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. However the traffic is encrypted and its a successor of SSL
TSL Transport Socket Layer
a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs
encapsulating the frame inside a User Datagram Protocol (UDP) packet, which in turn is encapsulated inside an IP packet.
layer 2 tunneling protocol
performs security checking and authentication on the endpoint device directly, and provides information and assessment results to the NAC server for authentication
NAC Network Access Control Agent
are not installed on the clients and are often used to inspect employee-owned mobile devices.
NAC Network Access Control Agentless
a solution that provides a secure dedicated alternate access method into an IT network infrastructure to administer connected devices and IT assets without using the corporate LAN
out-of-band management
a feature of many managed switches in which the switch intentionally ceases to forward all broadcast traffic if the bandwidth consumed by incoming broadcast frames exceeds a designated threshold
Broadcast Storm Prevention
is a data message transmitted across a local area network to detect loops in network topologies. contains information regarding ports, switches, port priority and addresses.
Bridge Protocol Data Unit (BPDU)
preventing ports from moving into a forwarding state that would result in a loop opening up in the network
Loop prevention
feature ensures that DHCP clients obtain IP addresses only from authorized DHCP servers and this device records mappings between IP addresses and MAC addresses of DHCP clients, preventing DHCP attacks on the network
Dynamic Host Configuration Protocol (DHCP) snooping
is a system on a network used to access and manage devices in a separate security zone. This system is secure that you would log into and access another system
Jump server
server allows multiple clients to route traffic to an external network. For instance, a business may have a proxy that routes and filters employee traffic to the public Internet
Forward or proxy server
sits behind a firewall first and secondly it sits in front of web servers forwards public facing client (e.g. web browser) requests to those web servers
Reverse proxy server
detection system is designed to help organisations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic
network-based intrusion detection system NIDS
detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic
network-based intrusion detection system NIDS
s a network security tool that continuously monitors a network for malicious activity and takes action to prevent it
Network based intrusion prevention system NIPS
detection relies on a preprogramed list of known indicators of compromise (IOCs)
Signature Based
is a scanning method that looks for malware-like behavior patterns. It is commonly used to detect new or not-yet-known malware
heuristic behavior-detection solution
IDSes typically work by taking a baseline of the normal traffic and activity taking place on the network. They can measure the present state of traffic on the network against this baseline in order to detect patterns that are not present in the traffic normally
Anomaly
a type of monitoring that is having an IPS off to the side that is receiving information from a switch that is redirecting traffic from other devices on the network. This can be done with a port mirror in the Cisco world that’s called a switch port analyzer or span. Or maybe a physical network tap that’s redirecting that traffic.
Passive Monitoring
a type of monitoring that is having the IPS on the network evaluating all traffic that is being sent
Inline monitoring
External device that is tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates
Hardware Security Module
is a piece of code that uses a number of protocols to gather information about your network, such as topology details, configurations, and network statistics
Collector
is a device, or service provider, that can consolidate multiple disparate circuits or carrier services into an easy-to-use, easy-to-manage, single circuit.
Network Aggregators
protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others
Web application Firewall
inspect network packets, tracking the state of connections using what is known about the protocols being used in the network connection
Stateful Firewall
firewalls do not inspect traffic. firewall also does not examine an entire packet, but instead decides whether the packet satisfies existing security rules. These firewalls require some configuration to arrive at a suitable level of protection
Stateless Firewall
an information security term that refers to a single security solution, and usually a single security appliance, that provides multiple security functions at a single point on the network
Unified Threat Management
a way to map multiple local private up addresses to a public address one before transferring the information
NAT Network Address Translation
the use of a program to screen and/or exclude access to web pages or email deemed objectionable.
content/url filtering firewall
a type of firewall that governs traffic to, from, or by an application or service
application firewall
firewalls are extra layers of security which can also be used for monitoring and login as well on the client computer
host base firewall
is a network security solution designed specifically for environments in which deploying hardware firewalls is difficult or impossible, buts it a virtual components that is being used in public and private cloud environments;
Virtual Firewall
a set of technologies that work on a network to guarantee its ability to dependably run high-priority applications and traffic under limited network capacity
Quality of Service
is a purpose-built device that passively makes a copy of network data but does not alter the data
port taps
Wifi encryption Uses AES (Advanced Encryption system) and CCMP (Cipher Block Chaining Message)
WiFi Protected Access 2
utilizes 192-bit security while still using the 802.1X standard to provide a secure wireless network for enterprise use. Meant to replace WPA2
WiFi Protected Access 3
a simple counter-based block cipher implementation. Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block
counter mode block cipher or CBC-MAC
Wireless security that works with WPA3 and authentication is performed with a hash of a generated key that is unique to each authentication. Provides stronger defense against password guessing
simultaneous authentication of equals
A protocol used on encrypted networks to provide a secure way to send identifying information to provide network authentication. It supports various authentication methods, including as token cards, smart cards, certificates, one-time passwords and public key encryption.
extensible authentication protocol EAP
a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.
would only validate server certificate to establish TLS session, then an additional — potentially insecure — authentication would be performed in the tunnel
Protect EAP
an EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel
EAP-FAST
extensible Authentication Protocol tunnel transport layer security. an extension of EAP sometimes used with 802.1X. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1X server but not on the client’s.
EAP-TTLS
What port does FTP uses?
Port 20 and 21
What port does DNS uses?
Port 53
What port does DHCP uses?
Port 67 and 68
What port does RDP uses?
3389
offers strong security. This requires both server and client-side digital certificates for establishing a connection
EAP-TLS
an extension of EAP sometimes used with 802.1X. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1X server but not on the client’s.
EAP-TTLS
IEEE standard for media-level (Layer 2) access control that offers the capability to permit or deny network connectivity based on the identity of the end user or device and enables port-based control using authentication
IEEE 802.1x
enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
RADIUS Remote Authentication Dial-In User Service
authentication enables a remote host to authenticate itself by providing a secret key, which is known to both hosts
PSK Pre Shared Key
authentication toe uses x. 509 digital certificates for user device authentication. This method uses a RADIUS server for authentication
Enterprise
a graphical representation of cyber risk data where the individual values contained in a matrix are represented as colors that connote meaning
Heat map
to analyze the wifi connection, collect the data, and identify the problems responsible for a weak Wi-Fi signal. This collect information from different access points and channels within your network and provide a clear overview with visual reports and dashboards
Wi-Fi Analyzer
a wireless method of connecting to the Internet over large areas without the need for extensive cabling. Sets up a connection from a single to location to another location
Point to Point connection
consists of a central base station that supports several subscriber stations. These offer network access from a single location to multiple locations, permitting them to use the same network resources between them
Point to Multi Point connection
MDM Admin can enable this feature once a device is compromise or lost
Remote Wipe
setting virtual boundaries and triggering events when these boundaries are crossed by a mobile device on which certain software is installed
Geofencing
uses data acquired from user devices to identify or describe the user’s actual physical location
Geolocation
A MFA method that builds risk assessment capabilities into access decisions by analyzing users’ behavior and context, such as which device or network they’re logging in from.
Context Aware Authentication
the user can artificially categorize different types of data on a mobile device’s storage media
Storage Segmentation
solutions provide companies with the ability to effectively and scalably monitor and manage their remote endpoint
UEM Unified Endpoint Management
software that secures and enables IT control over enterprise applications on end users’ corporate and personal smartphones and tablets
MAM Mobile Application Management
Android feature prevents apps or processes from accessing data and resources that they are not allowed to.
SEAndroid
Security Enhancements Android
installing apps on an iPhone or android without using their approved App Store or software distribution channel
Side loading
refers to the ability to download applications, services, and configurations over a mobile or cellular network. used to automatically update firmware, software, and even encryption keys
OTA Over the Air
a type of text-based protocol for mobile devices that was designed as a replacement for SMS and MMS messaging
Rich communication Service RCS
a standardized specification that allows a device to read data from a USB device without requiring a PC
USB On-The-Go
use your existing mobile phone and data plan to share a secure internet connection with another device, typically a laptop or tablet
Tethering
you have access to a dedicated device, like a portable Wi-Fi device that’s capable of connecting to the closest cellular tower
HotSpot
enables mobile phones, cameras, printers, PCs, and gaming devices to create their own Wi-Fi networks without an internet connection
Wifi Direct
set of policies in a business that allows employees to use their own devices – phone, laptop, tablet or whatever – to access business applications and data, rather than forcing employees to use company-provided devices for that purpose
Bring your own device BYOD
a business model in which an organization provides its employees with mobile computing devices and allows the employees to use them as if they were personally owned notebook computers, tablets or smartphones
Corporate owned personally enabled COPE
an employee provisioning model in which an organization allows people to select the mobile devices they would like, usually from a limited number of options
CYOD Choose your own device
a security check point between cloud network users and cloud-based applications. They manage and enforce all data security policies and practices, including authentication, authorization, alerts and encryption
Cloud Access Security Broker CASB
a new cloud-native solution for providing advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible
Next-generation secure web gateway
process of assigning a ‘geo-tag’ or adding some ‘geographical information’ in various ‘media’ forms such as a digital photograph, video or even in a SMS message
Geo tagging
track information such as GPS address, IP address, or user’s device to pinpoint users’ location and determine whether a behavior was physically possible
Impossible Travel Time
cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Built into the mother board
TPM Trust Platform Module
in order to authenticate, the authenticator sends a “challenge” message to the access-requesting party, which responds with a value calculated using a “one-way hash” function that takes as inputs the challenge and the shared secret
CHAP Challenge Handshake Authentication Protocol
provides simple password authentication on initial link establishment. It is not a strong authentication method, since passwords are transmitted in clear over the link and there is no protection from repeated attacks during the life of the link
Protection Authentication Protocol
Type of federation
is designed to authenticate a user, so providing user identity data to a service
Better than OPENID
Security Assertion Markup Language SAML
remote authentication protocol, that will allow a remote access server to communicate with an authentication server in order to validate an user access onto the networking devices.
Commonly used to access to network devices like routers and switches.uses port 49
TACACS+ Terminal Access Controller
Access Control System Plus
What port does TACACS+ uses?
Port 49
What port does IMAP uses?
Port 143
What port does SSH, SCP and SFTP uses?
Port 22
What port does telnet use?
Port 23
What port doe SMTP use?
Port 25
What port does TFTP use?
Port 69
What port does Kerberos use?
Port 88
What port does POP use?
Port 110
What port does SNMP use?
Port 161 and 162
What port does SNMP use?
Port 162 and 161
What port does syslog use?
Port 514
What port does Layer 2 Tunneling Protocol use?
Port 1701
What port does Point to point protocol use?
Port 1723
open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords
Treated as a authorization protocol than authenticating
OAuth
provides great support for native mobile applications running on iOS and Android. allows you to use an existing account to sign in to multiple websites, without needing to create new passwords.
an open authentication protocol that is no longer being used
OpenID
security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet
Uses port 88
Kerberos
grant access based on a user’s location, role, the time of day, the device being used, the resource in question, and the desired action, i.e., all the attributes necessary to enforce secure authorization dynamically and in real-time
ABAC Attributed Based Access Control
security, is a mechanism that restricts system access. It involves setting permissions and privileges base on the user role
Role BAC
access controls are preventative – they don’t determine access levels for employees. Instead, focusing on the rules associated with the data’s access or restrictions
Rule BAC
access control is the principle of restricting access to objects based on the identity of the subject (the user or the group to which the user belongs).
Discretionary Access Control
means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity
Mandatory Access Control
It deals with generating, exchanging, storing, using and replacing keys as needed at the user level
Key Management
offers an easy-to-use, effective solution to create and store asymmetric key pairs for encrypting or decrypting as well as signing or validating anything that depends on a public key infrastructure
is a an organization that acts to validate identities and bind them to cryptographic key pairs with digital certificates
CA Certificate Authority
a certificate that was issued as a dividing layer between the Certificate Authority and the end user’s certificate. It serves as a verification device that tells a browser that a certificate was issued on a safe, valid source, the CA’s root certificate.
Intermediate Certificate
an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.
Registration Authority
to make it known that a site’s digital certificate is not trustworthy. It warns a site’s visitors not to access the site, which may be fraudulently impersonating a legitimate site. also protects visitors from man-in-the-middle attacks
CRL Certificate Revocation List
These attributes that specify group membership, roles, security clearances or other authorization information associated with the certificate holder.
Certificate Attributes
It is a method used by browsers to make sure a security certificate is valid. Web browsers check the status of security certificates with third-party vendors. If the certificate is valid, the connection to HTTPS will continue
OCSP Online Certificate Status Protocol
is verification of domain name ownership and control.
Domain Validation
additional checks had been done by the certificate authority, and they’ve enabled additional features that would show the name of the certificate owner in the browser bar itself,
Extended Validation
a digital certificate file that is created and stored in binary format. It is a binary encoding for the X. 509 certificates and private keys
DER Distinguished Encoding Rules
validates the information the CA requires to issue a certificate.
digital certificate applicant to a certificate authority (CA) to request a validation
Certificate signing Request
represents the server name protected by the SSL certificate
Common Name
specify additional host names (sites, IP addresses, common names, etc.)
Subjective Alternative Name
is an Internet standard that provides for secure exchange of electronic mail. employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and message integrity.
Uses RSA, MD2 and MD5 hashing functions
Which is a legacy protocol
Privacy Enhanced Mail
the intermediate authority certificate necessary for the trustworthiness of the certificate, and the private key to the certificate
an archive that stores everything you need to deploy a certificate.
Personal Information Exchange
used to store X. 509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public key
CER File or CER certificate
an alternate extension for what is generally referred to as a “PFX file. combined format that holds the private key and certificate and is the format most modern signing utilities use
P12
Certificate that is encoded in Base64 ASCII encoding
P7
Authority allows the root CA to be reached at any time, which allows for a centralized CRL.
Having a centralized CRL means any certificates can be checked against the centralized source
Online Certificate Authority
is on completely isolated from the network, providing an extra layer of security
Is sometimes kept completely powered down, providing near complete protection
the hierarchy is dependent on intermediate CAs to sign certificates.
Offline certificate Authority
improves the connection speed of the SSL handshake by combining two requests into one. This cuts down on the amount of time it takes to load an encrypted webpage
OCSP Stapling
idea of pinning down certain known good certificate. This way, only the known good certificate from a certain CA is associated with the host.
OCSP Pinning
storing and providing a mechanism for obtaining copies of private keys associated with encryption certificates, which are necessary for the recovery of encrypted data.
Key Escrow
certificate is a public key certificate which can be used with multiple subdomains of one domain.
Wilcard
The role of a root certification authority in PKI is it is the trusted root that issues certificates.
In PKI, if Company A trust Company B and Company B trust Company C, then Company A trusts Company C, this is describing a transitive trust.
Trust Model
consists of all the certificates needed to certify the subject identified by the end certificate. In practice this includes the end certificate, the certificates of intermediate CAs, and the certificate of a root CA trusted by all parties in the chain.
Certificate Chaining
certificate is used in order to digitally sign software in order to verify a trustworthy source
certificates not only verify the source of the software, but also that the integrity of the software has been maintained.
Code signing
a certificate that is signed by the same entity that being issued the certificate. The certificate is only as trustworthy as the signing party.
Useful when implemented on a private system, as an attack on the 3rd party CA is not an issue.
Self signing Cert
certificates are used to secure an email connection so that it can be encrypted and signed
Email Certificate
identifies an individual user in the PKI hierarchy, who should be trusted by some intermediate or root CA.
User Certificate
is the certificate of the root CA, and must be self signed. This certificate must be trusted in order to allow all other certificates to be trusted.
root Certificate
