Acronyms Flashcards
3DES
Triple Data Encryption Standard
- Variant of DES that uses 3 different keys to perform the encryption process. (3 separate passes through the data)
- Symmetrical
- No longer use 3DES either
- (AES is the workhorse encryption standard today)
AAA
Authentication, Authorization, Accounting
- Proving who you are
- Deciding what you have access to
- ## Keeping track of who authenticated onto network
ABAC
Attribute Based Access Control
- An access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.
- The policies can use any type of attributes (user attributes, resource attributes, environment attribute etc.).
- Ex: Permit managers to **, provided that **, if ** or ** unless **
ACL
Access Control List
- set of permissions that are then assigned to an object
- Used in firewalls, switches, routers, and OS
- All of them to some degree allow/restrict access to certain parts of the network or to an OS
- They can be very specific (to ports) and / or very complex
AD
Active Directory
- Directory servers that runs on Microsoft Windows Server
- Main function is to enable administrators to manage permissions and control access to network resources
AES
Advanced Encryption Standard
- Most popular SYMMETRIC encryption in use today
- Standard of the US Federal Government
- Added to FIPS 197 in 2001 (It took five years to standardize and eventually replace DES)
- 128 cipher block encryption (in a single pass)
- Supports 128, 192, and 256 bit key sizes
- Ex: A wireless network where all information is encrypted with WPA2 uses AES
AES256
Advanced Encryption Standard 256bit
- largest key size for AES (symmetric)
AH
Authentication Header
- Can provide data integrity (Ex: in IPSec)
AI
Artificial Intelligence
AIS
Automated Indicator Sharing
- A way to automate the process of gathering and disseminating threat information that’s secure
- A way to process and move the information between organizations over the internet
ALE
Annualized Loss Expectancy
- ARO X SLE = ALE
- The total number in dollars if an event occurs based on its frequency
AP
Access Point
- Most APs allow you to configure MAC- level filtering to the AP itself
API
Application Programming Interface
APT
Advanced Persistent Threat
ARO
Annualized Rate of Occurrence
- The number of times / year something happens
- ARO X SLE = ALE
- can be based on historical data, how often a threat would be successful exploiting a vulnerability
ARP
Address Resolution Protocol
- A way to translate IP address to MAC address.
- Purpose is to find out the MAC address of a device on the LAN
- used when IPV4 is used over ethernet
- Helps resolve an address of a specific computer by sending a piece of information from the local computer to a remote computer where the server process is executed. This piece of information allows the server to identify the network system and provide the address
- See also DHCP and DNS
ASLR
Address Space Layout Randomization
- Method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits
ASP
Active Server Pages
ATT&CK
Adversarial Tactics, Techniques and Common Knowledge
- MITRE framework
- Identify broad categories of attacks, find exact intrusions and how they are occurring and how attackers are moving around after the attack and identify security techniques that can help you block future attacks
AUP
Acceptable Use Policy
- Many organizations have them
- Detailed documentation that covers how all of the different technologies in your environment should be used
- Covers internet, telephones, computers, mobile devices
- A way for employer to set expectations
BCP
Business Continuity Plan
BGP
Border Gateway Protocol
- allows different autonomous systems on the internet to share routing information
- more flexible than OSPF and can be used on larger networks
- emphasis on determining the best path (OSPF, the fastest)
BIA
Business Impact Analysis
AV
Antivirus
BASH
Bourne Again Shell
BIOS
Basic Input Output Systems
BPA
Business Partnership Agreement
BPDU
Bridge Protocol Data Unit
- Primary protocol used by the Spanning tree protocol
BSSID
Basic Service Set Identifier
BYOD
Bring Your Own Device
CA
Certificate Authority
CAPTCHA
Completely Automated Public Turning Test to Tell Computers and Humans Apart
CAR
Corrective Action Report
CASB
Cloud Access Security Broker
CBC
Cipher Block Chaining
CCMP
Counter-Mode/CBC-MAC Protocol
CCTV
Closed Circuit Television
CERT
Computer Emergency Response Team
CFB
Cipher Feedback
CHAP
Challenge-Handshake Authentication Protocol
- Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers
- PAP and CHAP are mostly used with dial-up
- MS-CHAP = Microsoft’s versions
CIO
Chief Information Officer
CIRT
Computer Incident Response Team
CIS
Center for Internet Security
- Non profit organization focused on developing globally-recognized best practices for securing IT systems and data against cyber attacks
CMS
Content Management System
CN
Common Name
COOP
Continuity of Operations Planning
COPE
Corporate-owned Personally Enabled
CP
Contingency Planning
CRC
Cyclic Redundancy Check
CSP
Cloud Service Provider
CSR
Certificate Signing Request
CSRF
Cross-Site Request Forgery
CSU
Channel Service Unit
- hardware that concerts digital data frames from LAN into frames for WAN and vice versa
- received and transmits signals to and from the WAN line and provided a barrier for electrical interference from either side of the unit
- can echo loop back signals for testing purposes
- connects the network provider side
- CSU/DSU (Data service Unit). The DSU connects to your Data Terminal Equipment (often a router)
CTM
Counter-Mode
CTO
Chief Technology Officer
CVE
Common Vulnerabilities and Exposures
CVSS
Common Vulnerability Scoring System
CYOD
Choose Your Own Device
DAC
Discretionary Access Control
DBA
Database Administrator
DDoS
Distributed Denial of Service
DEP
Data Execution Prevention
DER
Distinguished Encoding Rules
- most popular way to store X.509 file certificates
- DER encoding certificates are supported by almost all applications
- Ex: OpenSSL and keytool
DES
Data Encryption Standard
- Created by the NSA and IBM b/n 1972 -1977, used to be the most popular symmetric encryption algorithm in use
- Part of FIPs
- Used 64-bit block cypher (encrypted 64 bits of data at a time)
- Used a 56-bit key, which is small so now it is easy to brute force.
- No longer practically used today as a result
DHCP
Dynamic Host Configuration Protocol
- Network protocol that dynamically (automatically) assigns IP addresses to the computers or other devices on each LAN network
- Can assign an IP address from within a given range
- See also ARP and DNS
- DHCP snooping = switch configured with a series of trusted interfaces that may have routers, switches and other DHCP servers on it, but it would have other interfaces that are not trusted, the switch is constantly monitoring the conversations
DHE
Diffie-Hellman Ephemeral
DKIM
Domain Keys Identified Mail
DLL
Dynamic-link Library
DLP
Data Loss Prevention
DMARC
Domain Message Authentication Reporting and Conformance
DNAT
Destination Network Address Translation
DNS
Domain Name System
- Maps the IP addresses into a human-readable name and vice versa
- Ex: IP address 1234… = professormesser.com
- See also ARP and DHCP
DNSSEC
Domain Name System Security Extension
DoS
Denial of Service
DPO
Data Protection Officer
DRP
Disaster Recovery Plan
DSA
Digital Signature Algorithm
DSL
Digital Subscriber Line
EAP
Extensible Authentication Protocol
- A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates and public key infrastructure
- EAP-MD5 uses simple passwords for challenge-authentication
- EAP-TLS uses digital certificates for mutual authentication
- EAP-TTLS uses server-side digital certificate and a client-side password for mutual authentication
- EAP-FAST provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication
- Protected EAP - supports mutal authentication by using server certificates and Active Director to authenticate a client’s passcode
ECB
Electronic Code Book
ECC
Elliptic-curve Cryptography
ECDHE
Elliptic-curve Diffie-Hellman Ephemeral
ECDSA
Elliptic-curve Digital Signature Algorithm
EDR
Endpoint Detection and Response
EFS
Encrypted File System
EIP
Extended Instructions Pointer
- tracks the address of the current instruction running in an application
- holds the address to (points to) the first byte of the next instruction to be executed
EOL
End of Life
EOS
End of Service
ERP
Enterprise Resource Planning
ESP
Encapsulation Security Payload
- member of IPSec
- encrypts and authenticated packed if data between computers using a VPN
- one of two layers of protection for IP sec (other is AH)
- ESP + Ah can operate in two modes transport (less secure) and tunnel (more secure)
ESSID
Extended Service Set Identifier
FACL
File-system Access Control List
FDE
Full Disk Encryption
FIM
File Integrity Monitoring
FPGA
Field Programmable Gate Array
- A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture
- End customer can configure the programming logic to run a specific application instead of using ASIC (application-specific integrated circuit)
- (IoT)
- considered an anti-tamper mechanism
FRR
False Rejection Rate
FTP
File Transfer Protocol
FTPS
File Transport Protocol Secure
ESN
Electronic Serial Number
GCM
Galois/Counter Mode
GDPR
General Data Protection Regulation
GPG
GNU Privacy Guard
GPO
Group Policy Object
GPS
Global Positioning System
GPU
Graphics Processing Unit
GRE
Generic Routing Encapsulation
HA
High Availability
HDD
Hard Disk Drive
HIDS
Host-based Intrusion Detection System
HIPS
Host-based Intrusion Prevention System
HMAC
Hash-based Message Authentication Code
HOTP
HMAC based One-time Password
- A password is computed from a shared secret and is synchronized between the client and server
- This was the original standard
- Uses a counter, that increments with each new validation
- It’s still used but companies like Google use TOTP
HSM
Hardware Security Module
- An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software based storage
HSMaaS
Hardware Security Module as a Service
HTML
Hypertext Markup Language
HTTP
Hyper Text Transfer Protocol
HTTPS
Hyper Text Transfer Protocol Secure
HVAC
Heating, Ventilation, Air-conditioning
IaaS
Infrastructure as a Service
IAM
Identity and Access Management
ICMP
Internet Control Message Protocol
ICS
Industrial Control Systems
- A network that manages embedded devices
- Used for electrical power stations, water suppliers, health services, telecommunications, manufacturing and defense needs
IDEA
International Data Encryption Algorithm
IDF
Intermediate Distribution Frame
IdP
Identity Provider
- a trusted third-party service for validating user identity in a federated identity system
IDS
Intrusion Detection System
IEEE
Institute of Electrical and Electronics Engineers
IKE
Internet Key Exchange
IM
Instant Messaging
IMAP4
Internet Message Access Protocol v4
IoC
Indicators of Compromise
- A specific activity that could indicate that someone is now inside your network
- Ex: Increase traffic, could be normal or could indicate data exfiltration
- Ex: files that should have constant hash values, are now different (hacker is modifying trusted documents)
IoT
Internet of Things
IP
Internet Protocol
- IPv4 32-bit addressing scheme that provides over 4B possible unique addresses
- commonly represented in dotted decimal format
- 3 ways of transmitting data through networks: unicast, multicast (1 to few), broadcast (1 to many)
- IPv6 128 bit that provides over 340 undecillion possible unique addresses (eventually this will over take IPv4 as IPv4 is currently running out.)
- Commonly represented in comma separated hexadecimal
- Unicast, multicast and anycast (to replace broadcast)
IPS
Intrusion Prevention System
IPsec
Internet Protocol Security
IR
Incident Response
IRC
Internet Relay Chat
IRP
Incident Response Plan