Acronyms Deck Flashcards
SNMP
Simple Network Management Protocol (SNMP) is an application-layer protocol used to monitor, manage, and configure network devices such as routers, switches, servers, and printers within IP networks. It is widely used in both LAN and WAN environments for centralized network management.
Net flow
A flow collector is a means of recording metadata and statistics about Network traffic rather than recording each frame. Network traffic and flow data may come from a wide variety of resources for probes, such as switches, routers, firewalls and web proxies flow analysis tools can provide features such as the following highlighting of trends and patterns and traffic generated by applications, host and host ports alerting base on detection of anomalies, flow analysis patterns or custom triggers. Visualization tools that show a map of network and connections and make interpretation of patterns of traffic and flow data easier, identification of traffic patterns revealing rogue user behavior malware and transit, tunneling or applications exceeding their allocated bandwidth. Identification of attempts by malware to contact a handler or command and control CNC channel.
SIEM
Security Information and Event Management (SIEM) is a cybersecurity solution that combines Security Information Management (SIM) and Security Event Management (SEM) to provide centralized monitoring, analysis, and response to security threats across an organization’s IT environment. SIEM systems are widely used in Security Operations Centers (SOCs) to detect, investigate, and respond to incidents in real-time.
SOC
Security Operations Center
(SOC) is a centralized team or facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats in real time. SOCs are critical for protecting an organization’s IT infrastructure, including networks, devices, applications, and data.
SIM
Security Information Management (SIM) is a cybersecurity process and software solution focused on the collection, aggregation, and analysis of log data from various IT systems to identify security threats, monitor trends, and support compliance. It is a key component of broader security frameworks like SIEM (Security Information and Event Management).
SEM
Security Event Management (SEM) is a cybersecurity process focused on the real-time monitoring, correlation, and management of security events within an organization’s IT infrastructure. It is designed to detect and respond to potential security incidents as they occur.
MSSP
A Managed Security Service Provider (MSSP) is a third-party organization that offers outsourced cybersecurity services, including the monitoring, management, and protection of an organization’s IT infrastructure. MSSPs help businesses address security challenges such as malware threats, data breaches, and compliance requirements by leveraging specialized expertise and tools.
Key Services Provided by MSSPs:
24/7 Monitoring: Continuous surveillance of networks, endpoints, and systems to detect and respond to threats.
Incident Response: Rapid investigation and remediation of security incidents.
Threat Detection: Use of tools like SIEM and intrusion detection systems to identify vulnerabilities.
Firewall and Endpoint Management: Configuration and monitoring of firewalls and device security.
Compliance Support: Assistance with meeting regulatory standards like HIPAA or PCI DSS.
SOAR
Security Orchestration, Automation, and Response (SOAR) is a cybersecurity solution designed to improve the efficiency and effectiveness of security operations by integrating various tools, automating repetitive tasks, and streamlining incident response workflows.
CPU
Central Processing Unit (CPU), also called the processor, is the primary hardware component in a computer responsible for executing instructions from programs. It performs essential tasks such as arithmetic calculations, logical operations, and input/output management, making it the “brain” of the computer.
SCAP
The Security Content Automation Protocol (SCAP) is a framework of open security standards designed to automate and standardize the management of software vulnerabilities, security configurations, and compliance evaluations. Developed by NIST, SCAP facilitates efficient communication of security-related information between systems and tools.
Key Features:
Automation: SCAP automates vulnerability management, policy compliance checks, and security configuration verification.
Standardization: It uses standardized formats and nomenclatures (e.g., XCCDF, OVAL) to ensure consistent communication across platforms.
Interoperability: Enables tools from different vendors to work together seamlessly by adhering to SCAP standards.
Components:
XCCDF (Extensible Configuration Checklist Description Format): Defines security policies and checklists.
OVAL (Open Vulnerability and Assessment Language): Describes vulnerabilities and configuration states.
CVSS (Common Vulnerability Scoring System): Scores vulnerability severity.
ARF (Asset Reporting Format): Standardizes reporting outputs.
Use Cases:
Vulnerability Management: Identifies and prioritizes vulnerabilities for remediation.
Compliance Auditing: Automates checks against regulatory frameworks like HIPAA or FISMA.
Configuration Management: Ensures systems meet secure baseline configurations.
SCAP enhances organizational cybersecurity by streamlining processes, improving accuracy, and reducing human error in managing security risks
CISO
Chief Information Security Officer (CISO) is a senior-level executive responsible for overseeing an organization’s information security strategy and ensuring the protection of its data, systems, and assets from cyber threats. The CISO plays a critical role in managing security risks, compliance, and incident response while aligning cybersecurity initiatives with business objectives.
NGFW
Next-Generation Firewall (NGFW) is an advanced type of firewall that goes beyond traditional firewalls by providing additional security features like application-level inspection, intrusion prevention systems (IPS), and threat intelligence integration. NGFWs operate at multiple layers of the OSI model, including the application layer (Layer 7), enabling more granular control and deeper traffic analysis.
OSI
(Open Systems Interconnection) model is a conceptual framework that describes how computer systems communicate over a network. It divides communication into seven layers, each with specific functions, to standardize and simplify networking.
7 Layers of the OSI Model
7 Layers of the OSI Model:
Physical Layer (Layer 1): Handles the transmission of raw data (bits) over physical media like cables, modems, or wireless signals. Examples: Ethernet, USB, Bluetooth.
Data Link Layer (Layer 2): Ensures reliable data transfer between devices by handling error detection and correction. It organizes data into frames for transmission. Examples: MAC addresses, switches.
Network Layer (Layer 3): Manages routing and forwarding of packets across networks. It determines the best path for data to travel. Examples: IP, routers.
Transport Layer (Layer 4): Ensures reliable data delivery with error checking and flow control. It segments data and assigns port numbers. Examples: TCP, UDP.
Session Layer (Layer 5): Establishes, manages, and terminates communication sessions between applications. Examples: Authentication protocols, ZIP.
Presentation Layer (Layer 6): Translates data formats, handles encryption/decryption, and compresses data for the application layer. Examples: SSL/TLS.
Application Layer (Layer 7): Closest to the user, it enables interaction with software applications like browsers or email clients. Examples: HTTP, FTP.
Each layer interacts with the one above and below it to ensure seamless communication across networks.
UDP
User Datagram Protocol (UDP) is a lightweight, connectionless transport layer protocol used for fast and efficient data transmission in networks. It is defined in RFC 768 and operates without establishing a connection between sender and receiver, making it faster but less reliable than TCP.
TCP
Transmission Control Protocol (TCP) is a connection-oriented transport layer protocol in the OSI model that ensures reliable, ordered, and error-checked delivery of data between devices on a network. It is a core component of the TCP/IP suite, which powers most internet communications.
TLS
TLS (Transport Layer Security) is a cryptographic protocol that ensures secure communication over a network by providing privacy, data integrity, and authentication. It is widely used to secure web traffic (e.g., HTTPS), email, and other internet-based communications.
Endpoint logs
Endpoint logs are records of events and activities generated by endpoint devices such as laptops, desktops, mobile devices, and servers. These logs capture detailed information about the operations, security events, and user interactions on endpoints, making them critical for monitoring, troubleshooting, and securing an organization’s IT environment.
NAS
Network Attached Storage
-A standalone storage device for appliance that acts as a file server
SAN
Storage area network
-a special Network composed of high speed storage that is shared by multiple servers
ACL
An Access Control List (ACL) is a set of rules that defines permissions for users, systems, or processes to access specific resources, such as files, directories, or network devices. Each entry in an ACL specifies who or what is allowed or denied access and what actions can be performed.
UDP
UDP = (User Datagram Protocol) is a connectionless protocol that does not require a formal setup or teardown process for communication. It simply sends data from one device to another without acknowledgments or retransmissions, making it an unreliable protocol to. This means the sender does not know if the data has been received correctly, which is suitable for applications like Voice over IP where real-time transmission is prioritized over reliability
TCP
TCP is a core protocol in the Internet Protocol (IP) suite that ensures reliable, ordered, & error-checked delivery of data between devices on a network. It operates at the transport layer of the OSI model & is connection-oriented, meaning it establishes a connection before data transfer begins & maintains it until completion.
Nmap
Nmap = (Network Mapper) is a powerful open-source network scanning and discovery tool created by Gordon Lyon. It is used to explore networks, detect open ports, identify services, and assess security vulnerabilities.
Key features of Nmap include:
- Host discovery: Identifying active devices on a network.
- Port scanning: Determining open ports on target systems.
- Service/version detection: Identifying applications and their versions running on ports.
- OS fingerprinting: Detecting the operating system of target devices.
- Scriptable interactions: Using the Nmap Scripting Engine (NSE) for advanced tasks.
RST packet
RST stands for Reset, which is a flag used in the TCP protocol to abruptly terminate a connection. It is sent when:
A packet is received for a closed or invalid socket.
A connection needs to be forcibly terminated due to errors, unexpected conditions, or security policies.
A device (e.g., firewall) detects malicious traffic or anomalies and resets the session.
The RST packet immediately closes the connection without the usual termination handshake, releasing resources quickly and signaling the other party that the connection is no longer valid
RFID
Radio Frequency Identification (RFID) is a wireless technology that uses electromagnetic fields to automatically identify and track objects, animals, or people. It consists of three main components: RFID tags, readers, and a backend system for data processing.
How RFID Works:
RFID Tags: These are small devices containing a microchip and an antenna. Tags can be:
Passive: Powered by the reader’s radio waves.
Active: Contain a battery for extended range and functionality.
RFID Readers: Emit radio waves to activate tags and receive data transmitted by them.
Data Processing: The collected data is sent to a computer system for analysis or storage.
Applications:
Supply Chain Management: Tracks inventory and reduces errors in logistics.
Healthcare: Identifies patients, tracks equipment, and ensures medication safety.
Retail: Speeds up checkout processes and prevents theft.
Animal Tracking: Identifies livestock or pets via implanted microchips.
Access Control: Used in ID cards for secure entry.
Advantages:
No line-of-sight required (unlike barcodes).
Can scan multiple tags simultaneously.
Stores more data than traditional barcodes.
Challenges:
Security Risks: Vulnerable to eavesdropping or unauthorized access without encryption (e.g., RC4 or AES)24.
Privacy Concerns: Potential misuse of personal information if improperly secured69.
RFID is a scalable and efficient solution for automating identification and tracking processes, with growing adoption across industries.
NFC
Near Field Communication (NFC) is a short-range wireless technology that enables communication between two electronic devices when they are within close proximity, typically 4 cm or less. It operates at a frequency of 13.56 MHz and supports data transfer rates ranging from 106 to 848 kbit/s
DoT
DNS over TLS (DoT)
How It Works: Encrypts DNS queries using TLS, securing communication between the client and DNS server. It uses a dedicated port (port 853) for encrypted traffic
DoH
DNS over HTTPS (DoH)
How It Works: Encrypts DNS queries by encapsulating them in HTTPS traffic, using port 443 (the same as standard web traffic)
IKE
Internet key exchange
Like helps established automatic SAs and a insecure tunnel by providing a protected exchange of keys before the full IP section begins what I asked for small but I’m trying this when there’s one with that I think that’s a hawk or something but I also got an owl in there and I haven’t heard anything so maybe at work you ain’t got any who Scientology it’s very much receive a $10 digital Costco shop card $10 March 30th wasn’t it $45 the last time yeah when Melissa told us to join us $45 oh you mean the membership costs that or we got that it was a Groupon thing Q
