Acronyms 3 Flashcards
Group Policy
A set of rules and policies that can be applied to users or computer accounts
within an operating system
Security Templates
A group of policies that can be loaded through one procedure
Security Template
A group of policies that can be loaded through the Group Policy Editor
GPO
group policy objective
Used to harden the operating system and establish secure baselines
Baselining
A process of measuring changes in the network, hardware, or software
environment
SELinux
security enhanced linux enforces MAC
Context based permissions
Permission schemes that consider various properties to determine
whether to grant or deny access to a use
SELinux user context
defines which users can access an onject
SELinux role context
determines which roles can access an object
Type context selinux
Essential for fine-grained access control, grouping objects with similar
security characteristics
selinux Optional level context
Describes the sensitivity level of a file, directory, or process
SELinux Modes
disabled, permissive enforcing
SELinux Policy
Describes access permissions for users, programs, processes, files, and
devices
Targeted SELinux policies
Only specific processes are confined to a domain, while others run
unconfined
SELinux Strict Policies
Every subject and object operates under MAC, but it’s more
complex to set up
Data Encryption
Process of converting data into a secret code to prevent unauthorized access
Vercrypt
Tool that selectively encrypts partitions, like sensitive documents,
while leaving the OS partition unencryptedG
GNU Privacy Guard
A tool that provides cryptographic privacy and authentication for
data communication
Wireless Infrastructure Security
Crucial for securing wireless networks in organizations
Secure Baseline
Standard set of security configurations and controls applied to systems,
networks, or applications to ensure a minimum level of security
Wireless Access Point Placemant
WAPs allow wireless devices to connect to a wired network using Wi-Fi standards
ESS
Extended service set
multiple WAPS work together to provide seamless network coverage
Wireless Access Point Interference
Interference occurs when multiple WAPs use the same channels or overlapping
frequencies
Site Surveys
Essential for planning and designing wireless networks
Heat maps
Graphical representations of
○ Wireless coverage
○ Signal strength
○ Frequency utilization
● Useful for troubleshooting
○ Coverage issues
○ Dead zones
○ Signal leakage
WEP
(Wired Equivalent Privacy)
Utilizes a static encryption key system
WPA
Wi-Fi Protected Access
WPA3
■ The latest and most secure wireless security protocol.
■ Uses AES for encryption and introduces new features.
■ Features
● Simultaneous Authentication of Equals (SAE)
○ Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attacks
● Enhanced Open (Opportunistic Wireless Encryption)
○ Provides individualized data encryption even in open networks
○ Improves privacy and security in open Wi-Fi scenarios
● Updated Cryptographic Protocols
○ AES GCMP replaces AES CCMP used in WPA2
○ Supports both 128-bit and 192-bit AES for enhanced security
● Management Frame Protection
○ Ensures the integrity of network management traffic
○ Prevents eavesdropping, forging, and tampering with
management frames
SAE
Simultaneous Authentication of Equals
Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attack
Enhanced Open
Opportunistic Wireless Encryption
provides encryption even in open networks
Management Frame protection
Ensures the integrity of network management traffic
Prevents eavesdropping, forging, and tampering with
management frame
AAA protocols
Important for centralized user authentication and access control
SAST
static code analysis
A method of debugging an application by reviewing and examining its
source code before running the program
DAST
dynamic code analysis
DAST Fuzzing
inputs random data to provoke crashes
Stress testing DAST
Evaluates system stability and reliability under extreme
conditions
Code signing
Confirms the software author’s identity and integritySan
Sandboxing
Isolates running programs, limiting their access to resources
NAC
network access control
Used to protect networks from both known and unknown devices by scanning
devices to assess their security status before granting network access
NAC persistent agents
installed on devices in a corporate environment where the org controls and owns the device software
NAC non persistent agents
Common in environments with personal devices (e.g., college campuses);
users connect, access a web-based captive portal, download an agent for scanning and delete itself after insepction
Web filtering
Web filtering or content filtering is used to control or restrict the content users
can access on the internet
Agent based web filtering
nvolves installing an agent on each device
● Monitors and enforces web usage policies
● Effective for remote and mobile worker
Centralized proxy
Uses a proxy server as an intermediary between an organization’s end
users and the Internet
URL Scanning
Analyzes website URLs to check for matches in a database of known
malicious websites
Content Categorization
Classifies websites into categories (e.g., social media, adult content) and
blocks or allows categories based on policies
Block rules
Specific guidelines set by organizations to prevent access to certain
websites or categories, often used to address security threats
Reputation based filtering
Blocks or allows websites based on a reputation score determined by
third-party services, considering factors like hosting malware or phishing
DNS filtering
DNS filtering (Domain Name System filtering) blocks access to specific websites
by preventing the translation of domain names to their IP addresse
Email Security
Encompasses techniques and protocols to protect email content, accounts, and
infrastructure from unauthorized access, loss, or compromise
DKIM
domainkeys identified mail
Allows the receiver to verify the source and integrity of an email by
adding a digital signature to the email headers
SPF
sender policy framework
Prevents sender address forgery by verifying the sender’s IP against
authorized IPs listed in the sender’s domain DNS records
DMARC
Domain-based Message Authentication, Reporting and Conformance)
● DMARC detects and prevents email spoofing by setting policies for email
sending and handling failures
Email gateway protocol configuration
Email gateways serve as entry and exit points for emails, facilitating
secure and efficient email transmission
● They use SMTP (Simple Mail Transfer Protocol) to send and receive emails
● Email gateways handle email routing, email security, policy enforcement,
and email encryption
Spam filtering
Spam filtering detects and prevents unwanted and unsolicited emails from
reaching users’ inboxes
EDR
endpoint detection and response
Category of security tools that monitor endpoint and network events and record
the information in a central database
FIM
file integrity monitoring
validates the integrity of operating system and application software files by
comparing their current state with a known, good baseline
XDR
extended detection and response
Security strategy that integrates multiple protection technologies into a single
platform
■ EDR is focused on the endpoints to detect and respond to potential threats
■ XDR is more comprehensive solution because it focuses on endpoints, but also
on networks, cloud, and email to detect and respond to potential threats
UBA
user behavior analytics
Advanced cybersecurity strategy that uses big data and machine learning to
analyze user behaviors for detecting security threats
UEBA
user behavior and entity behavior analytics
Technology similar to UBA but extends the monitoring of entities like routers,
servers, and endpoints in addition to user accounts
Secure protocols
■ Choose secure protocols to protect data in transit from unauthorized access
● Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH
Telnet
app layer protocol that allows a user to log in from one computer to another on the same network, uses plaintext, use ssh instead
Well known ports
0-1023
REgistered ports
1024-49151
TCP
transmission control protocol Connection-oriented, ensuring data delivery without errors
UDP
user datagram protocol
Connectionless and faster, but doesn’t guarantee data delivery
Suitable for applications prioritizing speed over accuracy, like streaming
video or gaming
Vulnerability Scanning
Automated probing of systems, networks, and applications to discover
potential vulnerabilities
Threat intelligence feeds
■ Provide valuable information about potential or current threats to an
organization’s security
■ Continuous streams of data related to potential or current threats
■ Collected, analyzed, and disseminated by security researchers, organizations, or
automated tools
Threat intelligence
Continuous process to comprehend the specific threats an organization
faces
OSINT
open source intelligence
Collected from publicly available sources like reports, forums, news
articles, blogs, and social media
Dark web
A hidden part of the internet inaccessible through standard browsers
Responsible disclosure
Ethical practice for disclosing vulnerabilities in software, hardware, or onlines ervices
Bug bounty programs
Robust responsible disclosure programs incentivizing security researchers
False Negative vulnerability finding
very serious
CVE
common vulnerabilities and exposures
System that provides a standardized way to uniquely identify and
reference known vulnerabilities in software and
hardware
EF
exposure factor
A quantifiable metric to estimate the percentage of asset damage
Risk Tolerance
The level of risk an organization is willing to accept
Exception
Temporarily relaxing or bypassing security controls or policies for operational business needs, with an understanding of associated risks
Exemption
A permanent waiver of security controls or policies due to specific
reasons, often for legacy systems
Remediation
Involve installing patches, reconfiguring devices, or other actions
Auditing
Involves systematic review of logs, configurations, and patches
Configuration auditing
Checks for misconfigurations or deviations
Verification
Final step in validating remediation
User verification
Ensures applications and services are functioning correctly
Vulnerability reporting
Process of documenting and communicating security weaknesses in software or
systems to individuals and organizations responsible for addressing the issues
Responsible disclosure
Ethical and judicious disclosure to affected stakeholders before public
announcement
Log aggregation
Collects and consolidates log data from various sources into a central
location
Alerting
Involves setting up notifications for specific events or conditions
Scanning
Regularly examines systems, networks, or applications to identify
vulnerabilities, misconfigurations, and issues
Archiving
Involves long-term storage of data, including
○ Log data
○ Performance data
○ Incident data
Quarantining
Isolates a system, network, or application suspected of being compromised
Alert Tuning
Adjusts alert parameters to reduce errors, false positives, and improve alert
relevance
SNMP
Simple Network Management Protocol
An Internet protocol used for collecting information from managed devices on IP
networks and modifying device behavior
■ Managed devices include the following
● Routers
● Switches
● Firewalls
● Printers
● Servers
● Client devices
SNMP Manager
A central system that collects and processes information from managed devices
Often set up as a server, especially in large enterprise environments
SNMP Agents
Networked devices that send information about themselves to the manager
SNMP SET
Manager-to-agent request to change variable values
SNMP GET
Manager-to-agent request to retrieve variable values
SNMP TRAP
Asynchronous notifications from agents to the manager to notify
significant events
OID
object identifier for SNMP messages
MIB
The manual or database that details what each sensor or control unit can report or control (like temperature readings, light levels, camera status).
SIEM
Security Information and Event Management)
A solution for real-time or near-real-time analysis of security alerts generated by
network hardware and application
Agent based SIEM
Software agents are installed on each system to collect and send log data
Agentless SIEM
Log data is collected directly from systems using standard protocol
Reduces maintenance but may not collect real-time or detailed data
ELK
elastic stack
A collection of free and open-source SIEM tools, including the following
○ Elasticsearch
○ Logstash
○ Kibana
Arcsight
siem tool
QRadar
SIEM
Antivirus Software
Protects systems against malware, including the following
● Viruses
● Worms
● Trojans
● Ransomware
● Spyware
Generates data like malware detection logs, system scans, and updates
■ Data sent to SIEM for aggregation and correlation
■ Helps identify security threats and system health
DLP System
data loss prevention system sends info to SIEM
NIDS and NIPS
send info to SIEM
SCAP
security content automation protocol
Suite of open standards that enhances the automation of vulnerability
management, measurement, and policy compliance evaluation of systems
deployed in an organization
helps with automating scanning for example
OVAL
open vulnerability and assessment language
XML schema for describing system security states and querying
vulnerability reports
has to do with SCAP
XCCDF
Extensible Configuration Checklist Description Format)
● XML schema for developing and auditing best-practice configuration
checklists and rules
● Allows improved automation
has to do with SCAP
ARF
asset reporting format
XML schema for expressing information about assets and their
relationships
● Vendor and technology neutral
● Flexible
● Suited for a wide variety of reporting application
has to do with SCAP
CCE
common configuration enumeration
Scheme for provisioning secure configuration checks across multiple
sources
● Provides unique identifiers for different system configuration issue
Books (Configuration Elements): Each book represents a specific configuration setting or issue in an IT environment.
Library Catalog (CCE): The library catalog provides a standardized format (CCE) for identifying and categorizing books (configuration elements) based on their subject, author, or genre.
Unique Identifier (CCE-ID): Each book is assigned a unique catalog number (CCE-ID) for easy reference and retrieva
CPE
common platform enumeration
Identifies hardware devices, operating systems, and applications
CVSS
common vulnerability scoring system
Used to provide a numerical score reflecting the severity of a vulnerability (0 to
10
SCAP Benchmarks
Sets of security configuration rules for specific products to establish
security baselines
● Provide a detailed checklist that can be used to secure systems to a
specific baseline
FPC
full packet capture for network analysis
Flow analysis
Focuses on recording metadata and statistics about network traffic, saving
storage space
■ Doesn’t include the actual content, just the metadata
■ Rapidly generates visualizations to map network connections, traffic types and
session volumes
Flow Collector
Records metadata and statistics about network traffic
Collects information about the following
● Type of traffic
● Protocol used
● Data volume
NEtflow
Cisco-developed protocol for reporting network flow information
also known as IPFIX
Zeke
Hybrid tool for network monitoring
Monitors traffic like NetFlow but logs full packet captures based on interest
MRTG
multi router traffic grapher
Creates graphs displaying network traffic flows through routers and switches
SPOG
dingle pane of glass
Disk Imaging and Analysis
Creating a bit-by-bit copy (image) of a storage device, examining content
Incident
An act violating a security policy
Phases of Incident Response
7 phases
prep
detect
analyze
contain
eradicate
recover
post incident activity
Incident response team
The core team includes cybersecurity professionals with incident response
experience
RCA
root cause analyiss
TTX
tabletop exervise
discussion abased
lacks hands on activity
simulation
Goes beyond tabletop discussions, involving realistic, hands-on scenarios
Digital Forensics
Systematic process of investigating and analyzing digital devices and data to
uncover evidence for legal purposes
Chain of Custody
Documented and verifiable record that tracks the handling,
transfer, and preservation of digital evidence from the moment it
is collected until it is presented in a court of law
File Carving
Focuses on extracting files and data fragments from
storage media without relying on the file system
Legal Hold
Issued when litigation is expected and preserves potentially relevant
electronic data
● Ensures evidence is not tampered with, deleted, or lost
E Discovery
Process of identifying, collecting, and presenting electronically stored
information for potential legal proceedings
Order of Volatility
Guides the sequence of collecting data, from most volatile (CPU registers and
cache) to least volatile (archival media)
Log Files
Records events and messages in operating systems, software, and network
devices
JournalCTL
Linux command-line utility for querying and displaying logs from the Journal
Daemon (SystemD’s logging service
NXLog
Multi-platform, open-source log management tool
Identifies security risks and analyzes logs from server, OS, and applications
Netflow
Network protocol for collecting active IP network traffic data
■ Provides information on source, destination, volume, and paths
SFlow
Open-source alternative to NetFlow
MEtadata
data that describes other data
Dashboards
Graphical displays of information across multiple systems
Splunk
A big data platform for ingesting various types of data, including security and
incident response data
■ Collects data from firewalls, applications, endpoints, operating systems, intrusion
detection systems, intrusion prevention systems, antivirus software, and
networks
Automated reports
Generated by computer systems to provide information about various aspects of
a network’s security
MD5/SHA Checksum
Serves as unique digital fingerprint for file identification, including potential
malware
SOAR
Security Orchestration, Automation, and Response
Class of security tools for incident response, threat hunting, and security
configurations
■ Purpose
● Orchestrate and automate runbooks, deliver data enrichment
Integrating SIEM and SOAR for advanced security capabilities
runbook
Automated version of a playbook with defined interaction points for human
analysis
CI
continuous integration
developers merge code changes into a central repository
Release
Process of finalizing and preparing new software or updates
Enabling software installation and usage
Deployment
Involves automated process of software releases to users
CI/CD
continuous integration and elivery
stops short of deploying to production
Continuous deployment
Takes CI/CD further by automatically deploying code changes to testing
and production environments
API
Set of rules and protocols used for building and integrating application software
REST
(Representational State Transfer)
○ REST uses standard HTTP methods, status codes, URIs, and MIME
types for interactions
○ Primarily uses JSON for data transfer
SOAP
(Simple Object Access Protocol)
○ SOAP has a structured message format in XML
○ Known for robustness, additional security features, and
transaction compliance
○ Suitable for enterprise-level web services with complex
transactions and regulatory compliance requirements
CURL
API testing tool
A tool for transferring data to or from a server using various supported
protocols
