Acronyms Flashcards
3DES
Triple Digital Encryption Standard. Typically used on hardware that doesn’t support AES. Most secure mode of operation of 3DES requires 3 keys. Using a single key is insecure, using 2 keys is somewhat secure.
802.1X
Port based authentication protocol used in VPNs for wired and wireless networks.
AAA
Authentication, Authorization, and Accounting.
Used in remote access systems.
ABAC
Attribute-based access control
Grants access to resources based on attributes assigned to the objects and to the users too. Think Unclassified, CUI, Secret, Top Secret.
ACE
Access Control Entry
Identifies a user or group that is granted permission to a resource.
ACK
Acknowledge.
Part of the TCP handshake.
ACL
Access Control List
List of rules used by routers and stateless firewalls to determine what traffic to allow access.
AES
Advanced Encryption Standard
Symmetric key block cipher
AH
Authentication Header
ALE
Annualized Loss Expectancy
AP
Access Point
also called Wireless Access Point (WAP)
API
Application programming interface
APT
Advanced Persistent Threat
usually sponsored by a nation state, has both capability and intent to launch sophisticated and targeted attacks.
ARO
Annual rate of occurrence
Number of times a loss is expected to occur in a year. used to measure risk with ALE and SLE
SLE * ARO = ALE
ARP
Address Resolution Protocol
Usually in the context of ARP Poisoning, which sends false MAC address updates so that traffic is redirected through an attacker’s system.
ASCII
American Standard Code for Information Interchange
AUP
Acceptable Use Policy
BCP
Business continuity plan
includes disaster recovery elements used to return critical functions to operation after an outage
BIA
Business impact analysis
Helps an organization identify critical systems and components, max downtime limits, potential losses from an incident.
BIND
Berkeley Internet Name Domain
DNS software
BIOS
Basic Input/Output System
Computer’s firmware for the settings such as boot drive and other things outside the operating system. Designated replacement is UEFI.
BPDU guard
Bridge Protocol Data Unit guard
Detects false BPDU messages, because those can indicate a switching loop problem. This guard blocks against BPDU attacks.
BYOD
Bring Your Own Device
Employees are allowed to connect to the corporate network using their own mobile devices. This has several problems both with security and with IT support.
CA
Certificate Authority
CAN
Controller area network.
vehicle specific standard that allows the various components of the vehicle to communicate
CAPTCHA
Completely Automated Public Turing Test to Tell Computers and Humans Apart
CASB
Cloud Access Security Broker
enforces cloud-based security requirements. Placed between cloud and an organization’s resources.
CBC
Cipher Block Chaining
Some symmetric encryption ciphers use this. There is an IV for the first block, and each subsequent block is combined with the previous block.
CCM
Cloud Controls Matrix
from Cloud Security Alliance. This is a set of best practices specifically for security controls in the cloud.
CCMP
Counter mode with Cipher block chaining Message authentication code Protocol
Encryption protocol based on AES. Used with WPA2 for wireless security.
CCTV
Closed Circuit Television
Video surveillance cameras.
CER
Canonical Encoding Rules
Base format for PKI certificates. ASCII encoded.
CERT
Computer Emergency Response Team
responds to security incidents
CHAP
Challenge Handshake Authentication Protocol
CIA
Confidentiality, integrity, availability
security triad.
Confidentiality - look for something involving encryption
Integrity - look for a hashing algorithm
Availability - look for something with redundancy
CIO
Chief Information Officer
COOP
Continuity of Operations Planning
Setting up a set of sites to provide an alternate location for operations after a critical outage. Hot site, cold site, warm site.
COOP
Continuity of Operations
Phase I - Readiness and Preparedness Phase II - Activation and Relocation: transfer activities, personnel, records, and equipment to alternate facilities Phase III - Continuity Operations: full execution of essential operations at alternate operating facilities Phase IV – Reconstitution: operations at alternate facility are terminated and normal operations resume
COPE
Corporate-Owned, Personally Enabled
Mobile device deployment model. Organization purchases and issues devices to employees. Compare to BYOD and CYOD
CRL
Certification Revocation List
list of certificates that a Certificate Authority has revoked
CSA CCM
Cloud Security Alliance Cloud Controls Matrix
reference doc that maps cloud security controls to various regulatory standards
CSF
Cybersecurity Framework
Private sector equivalent of the RMF. Includes framework core, framework implantation tiers, and framework profiles
CSR
Certificate Signing Request
how you request a certificate from a CA
CTM
Counter Mode
Used for encryption that combines an IV with a counter and uses that combination to encrypt blocks
CTO
Chief Technology Officer
CVE
Common Vulnerabilities and Exposures
dictionary of publicly known security vulnerabilities and exposures
CYOD
Choose Your Own Device
Policy where employees can connect to the organization’s network with their own personal device but only if that device is on an approved list. This limits headaches with IT support to a few models, but still has security headaches.
DAC
Discretionary Access Control
Files and folders have owners, and owners can modify the permissions for the objects.
DDoS
Distributed Denial of Service
DEP
Data Execution Prevention
Some operating systems have this, which blocks code from executing from memory regions that are marked as nonexecutable. This blocks some types of malware.
DER
Distinguished Encoding Rules
Base format for PKI certificates. BASE64 binary encoded files. Compare to CER.
DES
Digital Encryption Standard
DH
Diffie-Hellman
Asymmetic algorithm for privately sharing symmetric keys. DHE uses ephemeral keys, recreated for each session.
DHCP
Dynamic Host Configuration Protocol
assigns IP addresses, subnet masks, default gateways, DNS server addresses, etc.
DHCP Snooping
used to prevent unauthorized DHCP servers
DHE
Diffie-Hellman Ephemeral
DHE uses ephemeral keys, recreated for each session. Sometimes seen as EDH
DLL
Dynamic-link library
we use a LOT of .dll files!
DLL Injection
attack that injects a Dynamic Link Library into memory and runs it
DLP
Data Loss Prevention
End-point DLP systems can prevent users from copying or printing sensitive data, such as how A365 won’t let me download attachments. Network-based DLP systems monitor outgoing email and monitor data stored in the cloud.
DMZ
Demilitarized Zone
DNS
Domain Name System.
Resolves hostnams to IP addresses. DNS poisoning is an attack that modifies or corrupts DNS results. DNSSEC prevents DNS poisoning.
DNSSEC
Domain Name System Security Extensions
protects a DNS server against some forms of attack
DoS
Denial of Service
DRP
Disaster Recovery Plan
DSA
Digital Signature Algorithm
Endorsed by the US federal government for creating digital signatures under Digital Signature Standard.
EAP
Extensible Authentication Protocol
this is a framework that provides general guidance for auth methods
EAP-FAST
EAP Flexible Authentication via Secure Tunneling
Cisco designed protocol used with 802.1X. Optionally supports certificates.
EAP-TLS
EAP using Transport Layer Security
One of the most secure EAP standards. Widely implemented. Requires certificates on both the 802.1X server and each wireless client.
EAP-TTLS
EAP using Tunneled Transport Layer Security
Allows systems to use older authentication methods such as PAP, within a TLS tunnel. Requires a certificate on the 802.1X server but not on the clients.
ECC
Elliptic Curve Cryptography
Asymmetric encryption algorithm. Common on smaller wireless devices. Uses smaller key sizes and requires less processing than most other encryption methods.
ECDHE
Elliptic Curve DHE
Version of DH that uses elliptic curve cryptography to generate encryption keys
EF
Exposure factor
(also Entity Framework but that’s not relevant)
If a database server is compromised and all of the sensitive information is stolen, that would be an exposure factor of 100%. If half the customer data is all that could be stolen, that’s an EF of 50%.
EMI
Electromagnetic Interference
Caused by motors, power lines, etc. EMI shielding can prevent outside interference from corrupting data and prevents data from leaking outside of a cable.
ESP
Encapsulating Security Protocol
part of IPsec that provides encryption
ESSID
Extended Service Set ID
When ESSID broadcasting has been disabled, the name of the WLAN will not be listed as those available for connection. Users will need to enter the name of the WLAN manually.
FaaS
Function as a Service
Cloud service model that is a subset of PaaS. The cloud service provider offers a platform that executes the customer’s code in response to discrete events. Customer is billed based on resources consumed during each code execution event.
FAR
False Acceptance Rate
used for biometric authentication
FDE
Full Disk Encryption
FERPA
Family Educational Rights and Privacy Act
FISMA
Federal Information Security Management Act
Law that requires government agencies to comply with security standards
FRR
False Rejection Rate
used for biometric authentication
GCM
Galois/Counter Mode
Used with encryption. Combines CTM mode with hashing
GDPR
General Data Protection Regulation
regulation in the European Union for protecting personal data of anybody living in the EU
GLBA
Gramm-Leach-Bliley Act
Law requiring financial institutions to protect the privacy of their customers’ data
GPS
Global Positioning System
HIDS
Host Based Intrusion Detection System
HIPAA
Health Insurance Portability and Accountability Act
Law protecting health related data
HIPS
Host Based Intrusion Prevention System
HMAC
Hash Based Message Authentication Code
often combined with MD5 and SHA-1 as HMAC-MD5 and HMAC-SHA1. Used to verify integrity and authentication of a message with the use of a shared secret
HOTP
HMAC-based One Time Password
HOTP passwords do not expire until they are used, unlike TOTP
HSM
Hardware Security Module
removable or external device that can generate, store, and manage keys used in asymmetric encryption
HTML
Hypertext Markup Language
who doesn’t already know this one?
HVAC
Heating, Ventilation, Air Conditioning
IaaS
Infrastructure as a Service
allows an organization to rent access to hardware. This was our first cloud migration, the one David did
IaC
Infrastructure as Code
think terraform, or SDN (software defined networking)
ICMP
Internet Control Message Protocol
Used for diagnostics such as ping. Because some DoS attacks use ICMP, it is best to block ICMP on firewalls and routers. Does NOT use a port!
ICS
Industrial Control System
controls large systems such as power plants.
IDS
Intrusion Detection System
detects but does not prevent intrusions. Can be either host-based (HIDS) or network-based (NIDS)
IEEE
Institute of Electrical and Electronics Engineers
often pronounced “eye triple E”. Professional organization that sets a lot of standards we use, such as 802.1X
IGMP
Internet Group Management Protocol
Used for multicasting. A computer that belongs to a multicasting group will have a multicasting IP address in addition to a standard unicast IP address
IIS
Internet Information Services
MS Windows web server. We use this for local testing on our dev VMs.
IoT
Internet of Things
usually refers to smart devices such as wearable tech and home automation systems.
IPS
Intrusion Prevention System
placed inline with traffic. Compare to IDS which just reports possible issues without preventing them.
IPSec
Internet Protocol Security