Acronyms 3 Flashcards
Group Policy
A set of rules and policies that can be applied to users or computer accounts
within an operating system
Security Templates
A group of policies that can be loaded through one procedure
Security Template
A group of policies that can be loaded through the Group Policy Editor
GPO
group policy objective
Used to harden the operating system and establish secure baselines
Baselining
A process of measuring changes in the network, hardware, or software
environment
SELinux
security enhanced linux enforces MAC
Context based permissions
Permission schemes that consider various properties to determine
whether to grant or deny access to a use
SELinux user context
defines which users can access an onject
SELinux role context
determines which roles can access an object
Type context selinux
Essential for fine-grained access control, grouping objects with similar
security characteristics
selinux Optional level context
Describes the sensitivity level of a file, directory, or process
SELinux Modes
disabled, permissive enforcing
SELinux Policy
Describes access permissions for users, programs, processes, files, and
devices
Targeted SELinux policies
Only specific processes are confined to a domain, while others run
unconfined
SELinux Strict Policies
Every subject and object operates under MAC, but it’s more
complex to set up
Data Encryption
Process of converting data into a secret code to prevent unauthorized access
Vercrypt
Tool that selectively encrypts partitions, like sensitive documents,
while leaving the OS partition unencryptedG
GNU Privacy Guard
A tool that provides cryptographic privacy and authentication for
data communication
Wireless Infrastructure Security
Crucial for securing wireless networks in organizations
Secure Baseline
Standard set of security configurations and controls applied to systems,
networks, or applications to ensure a minimum level of security
Wireless Access Point Placemant
WAPs allow wireless devices to connect to a wired network using Wi-Fi standards
ESS
Extended service set
multiple WAPS work together to provide seamless network coverage
Wireless Access Point Interference
Interference occurs when multiple WAPs use the same channels or overlapping
frequencies
Site Surveys
Essential for planning and designing wireless networks
Heat maps
Graphical representations of
○ Wireless coverage
○ Signal strength
○ Frequency utilization
● Useful for troubleshooting
○ Coverage issues
○ Dead zones
○ Signal leakage
WEP
(Wired Equivalent Privacy)
Utilizes a static encryption key system
WPA
Wi-Fi Protected Access
WPA3
■ The latest and most secure wireless security protocol.
■ Uses AES for encryption and introduces new features.
■ Features
● Simultaneous Authentication of Equals (SAE)
○ Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attacks
● Enhanced Open (Opportunistic Wireless Encryption)
○ Provides individualized data encryption even in open networks
○ Improves privacy and security in open Wi-Fi scenarios
● Updated Cryptographic Protocols
○ AES GCMP replaces AES CCMP used in WPA2
○ Supports both 128-bit and 192-bit AES for enhanced security
● Management Frame Protection
○ Ensures the integrity of network management traffic
○ Prevents eavesdropping, forging, and tampering with
management frames
SAE
Simultaneous Authentication of Equals
Replaces the 4-way handshake with a Diffie-Hellman key
agreement
○ Protects against offline dictionary attack
Enhanced Open
Opportunistic Wireless Encryption
provides encryption even in open networks
Management Frame protection
Ensures the integrity of network management traffic
Prevents eavesdropping, forging, and tampering with
management frame
AAA protocols
Important for centralized user authentication and access control
SAST
static code analysis
A method of debugging an application by reviewing and examining its
source code before running the program
DAST
dynamic code analysis
DAST Fuzzing
inputs random data to provoke crashes
Stress testing DAST
Evaluates system stability and reliability under extreme
conditions
Code signing
Confirms the software author’s identity and integritySan
Sandboxing
Isolates running programs, limiting their access to resources
NAC
network access control
Used to protect networks from both known and unknown devices by scanning
devices to assess their security status before granting network access
NAC persistent agents
installed on devices in a corporate environment where the org controls and owns the device software
NAC non persistent agents
Common in environments with personal devices (e.g., college campuses);
users connect, access a web-based captive portal, download an agent for scanning and delete itself after insepction
Web filtering
Web filtering or content filtering is used to control or restrict the content users
can access on the internet
Agent based web filtering
nvolves installing an agent on each device
● Monitors and enforces web usage policies
● Effective for remote and mobile worker
Centralized proxy
Uses a proxy server as an intermediary between an organization’s end
users and the Internet
URL Scanning
Analyzes website URLs to check for matches in a database of known
malicious websites
Content Categorization
Classifies websites into categories (e.g., social media, adult content) and
blocks or allows categories based on policies
Block rules
Specific guidelines set by organizations to prevent access to certain
websites or categories, often used to address security threats
Reputation based filtering
Blocks or allows websites based on a reputation score determined by
third-party services, considering factors like hosting malware or phishing
DNS filtering
DNS filtering (Domain Name System filtering) blocks access to specific websites
by preventing the translation of domain names to their IP addresse
Email Security
Encompasses techniques and protocols to protect email content, accounts, and
infrastructure from unauthorized access, loss, or compromise
DKIM
domainkeys identified mail
Allows the receiver to verify the source and integrity of an email by
adding a digital signature to the email headers
SPF
sender policy framework
Prevents sender address forgery by verifying the sender’s IP against
authorized IPs listed in the sender’s domain DNS records
DMARC
Domain-based Message Authentication, Reporting and Conformance)
● DMARC detects and prevents email spoofing by setting policies for email
sending and handling failures
Email gateway protocol configuration
Email gateways serve as entry and exit points for emails, facilitating
secure and efficient email transmission
● They use SMTP (Simple Mail Transfer Protocol) to send and receive emails
● Email gateways handle email routing, email security, policy enforcement,
and email encryption
Spam filtering
Spam filtering detects and prevents unwanted and unsolicited emails from
reaching users’ inboxes
EDR
endpoint detection and response
Category of security tools that monitor endpoint and network events and record
the information in a central database
FIM
file integrity monitoring
validates the integrity of operating system and application software files by
comparing their current state with a known, good baseline
XDR
extended detection and response
Security strategy that integrates multiple protection technologies into a single
platform
■ EDR is focused on the endpoints to detect and respond to potential threats
■ XDR is more comprehensive solution because it focuses on endpoints, but also
on networks, cloud, and email to detect and respond to potential threats
UBA
user behavior analytics
Advanced cybersecurity strategy that uses big data and machine learning to
analyze user behaviors for detecting security threats
UEBA
user behavior and entity behavior analytics
Technology similar to UBA but extends the monitoring of entities like routers,
servers, and endpoints in addition to user accounts
Secure protocols
■ Choose secure protocols to protect data in transit from unauthorized access
● Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH
Telnet
app layer protocol that allows a user to log in from one computer to another on the same network, uses plaintext, use ssh instead
Well known ports
0-1023