Acronyms Flashcards
TTPs
tactics techniques and procedures of a threat actor
FAR
False acceptance rate. Letting an unauthorized person have access to a location
FRR
False rejection rate. Rejecting authorized personnel
CER
A balance between FAR and FRR for optimal
authentication effectiveness cross error rate. Lower the better
SOP’s
standard operating procedure. Detailed step by step instructions for implementing changes
-has to do with change management
CAB
Change advisory board
APT
Advanced persistent threat
used synonymously with nation state threat actors since they have long term persistence and stealth
it is a prolonged and targeted cyber attack where the threat actor gains access to a network and remains undetected while they steal data or monitor the network
XXE (XML External Entity Attack)
attempts to read local resources like password hashes in the shadow file
XSS
cross site scripting
injects a malicious script into a trusted site to compromise the sites visitors
DOM XSS
document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack
NOP Slide
attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code
TOC
Time of Check, atackers manipulate a resource’s state after it is checked but before it is used
TOU
Time of Use. Attackers alter a resource’s state after it is checked but before it is used.
TOE
time of Evaluation. Attackers manipulate data or resources during the systems decision making or evaulation process
In the context of security, time of evaluation could refer to when a security policy or access control rule is evaluated to determine whether to grant or deny access to a resource. For instance, if a security policy is evaluated before a user logs in, it may grant access based on outdated or incomplete information, leading to a security vulnerability.
CSRF
cross site request forgery. triggers actions on different websites without user consent
exploits trust user has in browser
DLL
Dynamic Link Library
collection of code and data that can be used by multiple programs simultaneously to allow for code reuse and modularization in software development
IPS
intrusion prevention system
can identify and respond to DoS attacks for small scale incident
LDAP
lightweight directory access protocol
an open vendor neutral industry standard app protocol for accessing and maintaining distributed directory info services over an internet protocol network
DNSSES
domain name system security extensions to add digitial signatures to dns data
DAC
discretionary access control
allows object owners to directly control access using tools like chown and chomos
selinux uses mac not dac
RTOS
Real time OS
SCADA
supervisory control and data acquisition systems
type of ICS designed for monitoring and controlling geographically dispersed industrail processes
common in electric power generation transmission and distribution systems
water treatment oil and gas
PLCs
programmable logic controllers
used to control specific processes such as assembly lines and facotriess
DCS
distributed control system
used in control production systems within a single location
ICS
industrial Control System
used to monitor and control industrial processes found in industies like electrical water oil gas and data
GDPR
general data protection regulation
protects EU citizen data
compliance required regardless of location
PII
personally identification information
names, SSN, addresses
PHI
personal health info
protected under hippa
IPSec
internet security protocol secures IP communications by authenticating and encrypting IP packets
RAID
redundant array of indepedent disks
UPS
Uninterruptible Power Supplies (UPS)
● Provide emergency power during power source failures
● Offer line conditioning functions
● Include battery backup to maintain power during short-duration failures
● Typically supply 15 to 60 minutes of power during a complete power failur
PDC
Power distribution center
Central hub for power reception and distribution
● Includes circuit protection, monitoring, and load balancing
● Integrates with UPS and backup generators for seamless transitions during power event
RPO
ecovery Point Objective (RPO)
○ Ensures that the backup plan will maintain the amount of data required to keep any data loss under the organization’s RPO
threshold
COOP
Ensures an organization’s ability to recover from disruptive events or disasters
continuity of operations plan
BC Plan
business continuity planning
Plans and processes for responding to disruptive events
● Addresses a wide range of threats and disruptive incidents
● Involves preventative actions and recovery steps
● Can cover both technical and non-technical disruptions
DRP
disaster recovery plan
Focuses on plans and processes for disaster response
● Subset of the BC Plan
● Focuses on faster recovery after disasters
● Addresses specific events like hurricanes, fires, or flood
UAC
user account control
a mechanism designed to ensure that actions requiring admin rights are explicitly authorized by the user
ABAC
attribute based access control
includes user attributes like name, and Org ID
environmental variables, time of access data location etc and resource attributes like resource owner, rile name and data sensitivity
RBAC (Rule-Based): Access is based on predefined rules that apply universally.
ABAC: Access is based on the evaluation of multiple attributes of the user, resource, and environmen
Rule based access control
uses security rules or access control lists
policies can be changed quickly
applied across multiple users on a network segment
as needed access, require certain location, limit access based on device
lots of control and flexibility
dynamic
RBAC (Rule-Based): Access is based on predefined rules that apply universally.
ABAC: Access is based on the evaluation of multiple attributes of the user, resource, and environmen
RBAC
role based
assigns users to roles and assigns permissions to roles
mimics orgs hierarchy
enforces minimum privileges
sometimes a user needs more access and they cannot get it because its not within their role
DAC
discretionary access control
least restrictive
role based access control
admin can quickly and easily configure permissions
gives too much authority to admin
resource owners specify which users can access their resource
MAC
most restrictive
most beneficial for maximum security orgs
uses security labels to authorize resources
access is granted if user label is equal or higher than the resource’s label
JIT permissions
just in time, grants admin access only when needed for a specific time period and task
SAML
Security Assertion markup langugae
important for sso
when a sales employee at organization X tries to access a third party app from company Z, org x the IdP in this scenario kicks into action and sends a message to org z saying this user is valid. Org z then creates a session for that user
standard for logging users into apps based on sessions in another contect
oauth
How can we let a third party app access a user’s data without giving the app their credentials?
Forces users to only put in password in one app in oauth center.
if you login to reddit for example you dont put in gmail password, you sign in first in gmail
open standard for token based authentication and authorization
allows third party services to access user account info without exposing passwords
restful apis
LDAP
lightweight directory access protocol
used to access and maintain distributed directory information
can share user info across network devices
its like a phone book and is used when you dont know the exact information about a given resource or individual, it uses AD to help you find them
can be used to share information in sso
PAM
priviledged access management
JIT permissions just in time
password vaulting
temporal accounts
Privileged Access Management (PAM) is a critical security measure that helps organizations control, monitor, and secure access to systems and data by users with elevated privilege
BYOD
bring your own device