Acronyms + Description Flashcards
3DES
Triple Digital Encryption Standard
Symmetric block cipher encrypts 64-bit blocks
A/A
Active/Active
A type of server load balancing where all the servers are active simultaneously. If one server fails, all others can pick up the load.
AAA
Authentication, Authorization, Accounting
- Authentication has 2 components: Identification (Username or email address) and the authentication factor (Something you know, Something you have, Something you are, Somewhere you are or are not, Something you do)
- Authorization: the rights and privileges assigned to a user to be able to perform their job.
- Accounting or Auditing: Accounting is the process of recording system activities and resource access. Auditing is part of accounting where an administrator examines logs of what was recorded.
ABAC
Attribute-based Access Control:
Access control based on different attributes: group membership, OS being used, IP address, the presence of up-to-date patches and anti-malware, geographic location. Typically used in an SDN (Software Defined Network).
ACE
Access Control Entry
Within an ACL, a record of subjects and the permissions they hold on the resource
ACI
Adjacent Channel Interference
If access points are physically close, then they should not share frequencies, otherwise they channels may interfere with each other.
ACL
Access Control List:
A list of objects and what subjects can access them. For example; A user accesses a directory but only has read access to the documents inside.
Routers and firewalls both employ ACLs, either allowing or denying access to different parts of the network.
ADS
Alternate Data Streams
AEAD
Authenticated Encryption with Additional Data
AES
Advanced Encryption Standard:
A symmetric block cipher. Three different block sizes; 128, 192, & 256 bit. Used in BitLocker
AES256
Advanced Encryption Standards 256-bit
AFF
Advanced Forensic Format
AH
Authentication Header:
An IPSec protocol that provides authentication as well as integrity & protection from replay attacks. Uses protocol # 51.
Authentication Header:
An IPSec protocol that provides authentication as well as integrity & protection from replay attacks. Uses protocol # 51.
Artificial Intelligence
AIS
Automated Indicator Sharing
Threat intelligence data feed operated by the DHS
ALE
Annual Loss Expectancy:
The amount of money an organization would lose over the course of a year. The formula is the SLE (Single Loss Expectancy) times the ARO (Annual Rate of Occurrence). SLE x ARO = ALE.
ANN
Artificial Neural Network
AP
Access Point:
Sometimes referred to as a WAP (Wireless Access Point). An AP is a bridge between wireless and wired networks.
A/P
Active/Passive
A type of server load balancer configuration where some of the servers are actively in use and others are on “standby” mode.
API
Application Programming Interface
A software module or component that identifies inputs and outputs for an application
APT
Advanced Persistent Threat:
An attack that uses multiple attack vectors, attempt to remain hidden as to maintain a connection to compromised systems. You can normally tie this to nation-states (foreign countries)
ARO
Annual Rate of Occurrence:
The number of times a year that a particular loss occurs. It is used to measure risk with ALE and SLE in a quantitative risk assessment.
ARP
Address Resolution Protocol:
Matches the MAC address to a known IP address. Easily spoofed, used in MITM (Man-in-the-Middle) attack.
ASLR
Address Space Layout Randomization
(ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory
ASP
Active Server Page
Provides an application as a service over a network
ATT&CK
Adversarial Tactics, Techniques,
and Common Knowledge
A knowledge base maintained by MITRE
AUP
Acceptable Use Policy
A-V
Anti-Virus
AV
Asset Value:
Asset Value is half of the formula for a one-time loss or SLE (Single Loss Expectancy). AV x EF (Exposure Factor) = SLE
AVT
Advanced Volatile Threat
BASH
Bourne Again Shell
Linux command line
BCP
Business Continuity Planning
Need to identify critical business systems, which systems need to be protected the most, and have resources available to help recover them
BGP
Border Gateway Protocol
BeEF
Browser Exploitation Frameworks
BIA
Business Impact Analysis
Identify resources that are critical to an organization’s ability to sustain operations against threats to those resources. It also assesses the possibility that each threat will occur and the impact those occurrences will have on the organization.
BIOS
Basic Input/Output System
The firmware sends instructions to the hardware so the system can boot.
BPA
Business Partnership Agreement
The agreement between two entities, what is expected with respect to finances, services, and security.
BPDU
Bridge Protocol Data Unit
BSSID
Basic Service Set Identifier
BYOD
Bring Your Own Device
The model where the organization allows a user to use their personal device for business needs also covers allowing the end-user to use the company’s Internet with their personal electronic devices.
C2
Command & Control
CA
Certificate Authority:
Sometimes referred to as PKI (Public Key Infrastructure). Issues and signs certificates, and maintains the public / private key pair.
CAC
Common Access Card
Considered a smart card or digital certificate. Typically issued to military personnel and contractors that need access to DoD (Department of Defense) systems and facilities. This falls under the “Something you have” authentication factor.
CAPTCHA
Completely Automated Public Turing
Test to Tell Computers and Humans
Apart
An image of text characters or audio of some speech that
is difficult for a computer to interpret
CAR
Corrective Action Report
A report to document actions taken to correct an event, incident, or outage.
CASB
Cloud Access Security Broker
Enterprise management software
designed to mediate access to cloud services by users across all types of devices
CBC
Cipher Block Chaining
A mode of operation for DES, which uses an IV (Initialization Vector) for the first plaintext block and then combines with the next plaintext block using XOR (Exclusive OR). There is a delay using this process. With this method, no plain-text block produces the same ciphertext.
CBT
Computer-based Training
CCI
Co-Channel Interference
CCMP
Cipher Block Chaining Message
Authentication Code Protocol
Strongest wireless encryption, replaces TKIP, used with AES
CCTV
Closed-circuit Television
Detective Control, Deterrent Control
CE
Cryptographic Erase
A method of sanitizing a self-encrypting drive by erasing the media encryption key
CER
Cross-over Error Rate
A metric for biometric technologies are rated. The CER is the point where the FRR (False Rejection Rate) and FAR (False Acceptance Rate) meet. The lowest possible CER is most desirable.
CERT
Computer Emergency Response Team
CFB
Cipher Feedback
This AES mode of operation is the streaming cipher version of CBC. It uses an IV and chaining. The IV is first encrypted and then the result is XORed with the previous plain-text block.
CHAP
Challenge Handshake Authentication Protocol
An encrypted authentication protocol normally used for remote access.
CI
Continuous Integration
CIA
Confidentiality, Integrity, Availability
CIO
Chief Information Officer
CIRT
Computer Incident Response Team
CIS
CIS
CISO
Chief Information Security Officer
CMS
Content Management System
SaaS (Software as a Service)
CN
Common Name
An X500 (LDAP) attribute
expressing a host or user name, also used as the subject identifier for a digital certificate
COBO
Corporate Owned, Business Only
Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.
COOP
Continuity of Operations Plan
Designing operations and systems to be as little affected by an incident and to have resources to recover from them.
COPE
Corporate Owned, Personally Enabled
Company owns and supplies the device. The employee may use the device for web browsing, personal email, and personal social media sites.
CP
Contingency Planning
CRC
Cyclical Redundancy Check
Error-detecting code used to detect errors in the packet during transmission.
CRL
Certificate Revocation List
A list of certificates that were revoked before they were configured to expire
CSA
Cloud Security Alliance
CSF
Cybersecurity Framework
CSIRT
Computer Security Incident Response Team
CSO
Chief Security Officer
CSP - 1
Cloud Service Provider
CSP - 2
Content Security Policy
CSP - 3
Cryptographic Service Provider
CSR
Certificate Signing Request
When a subject wants a certificate, it completes a CSR and submits it to a CA (Certificate Authority)
CSRF
Cross-Site Request Forgery
The attacker passes an HTTP request to the victim’s browser in an attempt to gain the user’s password and username. The output of the attack could include keywords such as “Buy” or “Purchase” or “Pay To”
CSU
Channel Service Unit
CTF
Capture The Flag
CTI
Cyber Threat Intelligence
CTM
Counter-Mode
The fastest of the modes. An encryption mode that uses a constantly changing IV also functions similarly to a stream cipher.
CTO
Chief Technology Officer
CVE
Common Vulnerabilities and Exposures
This is a place to find out what platforms have vulnerabilities
CVSS
Common Vulnerability Scoring System
This scoring system lets you know the criticality / impact to the system
CVV
Card Verification Value
CYOD
Choose Your Own Device
A mobile deployment model where the company gives the employees a list of approved mobile devices they can use on the corporate network. This helps keep the devices with more current models.
DAC
Discretionary Access Control
Access control is set by the data owner, or possibly the administrator. The permissions can be applied to a group or an individual.
DBA
Database Administrator
DBMS
Database Management Systems
dd
Data Duplicator
Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging
DDoS
Distributed Denial of Service
Many devices attacking a single device. The devices can be PCs’ laptops, DVRs, Webcams, etc. This type of attack is carried out via a botnet, and the devices are known as drones or zombies.
DEP
Data Execution Prevention
A feature that prevents malicious code from executing in memory. This feature is programmed into Windows, AMD CPU’s, & Intel CPU’s. If you were looking at a log output, you might see one of the columns as “DEP”. In the column, if it says “Yes”, good chance the malware did not execute from that area. If it says no, that might be where the attack originated.
DER
Distinguished Encoding Rules
Is used to create a binary representation of the information on the certificate. The DER-encoded binary file can be represented as ASCII characters using Base64 Privacy-enhanced Electronic Mail (PEM) encoding. File extensions .cer and .crt contain either binary DER or ASCII PEM data.
DES
Digital Encryption Standard
Symmetric block cipher that encrypts in blocks of 64 bits and uses a 56-bit key. This method is deprecated and the easiest upgrade is 3DES (Triple DES). Considered weak encryption and has been deprecated
DevOps
Development and Operations
DevSecOps
Development, Security, and Operations
DGA
Domain Generation Algorithm
D-H
Diffie-Hellman
DHCP
Dynamic Host Configuration Protocol
A protocol that provides an automated process of assigning IP addresses. Can also issue optional parameters such as DNS address, DNS suffix, Default Gateway, and subnet mask. Uses Ports 67 & 68 UDP
DHE
Diffie-Hellman Ephemeral
A protocol for the secure exchange of encryption keys. The Ephemeral provides PFS (Perfect Forward Secrecy)
DKIM
Domain Keys Identified Mail
DLL
Dynamic Link Library
Is a binary package used to implement functionality, such as cryptography or establishing a network connection
DLP
Data Loss Prevention
A hardware or software solution that prevents a certain type of information from being exfiltrated from a device or network. Data like PII (Personally Identifiable Information), credit card numbers, Social Security numbers, data that is sensitive using keywords. USB blocking is a form of DLP. Preventing this type of information from being printed is another protection.
DMARC
Domain Message Authentication Reporting and Conformance
Prevents phishing and spear phishing attacks against an organization’s email server
DMZ
Demilitarized Zone
This is where you place your public-facing web servers. DMZ’s are configured as one of the connections or legs on a firewall. Now referred to as a screened subnet
DN
Distinguished Name
DNAT
Destination Network Address Translation
Also called “Port Forwarding”, the router accepts requests from the Internet for an application, and then sends the request to a designated host and port within the DMZ.
DNS
Domain Name Service (Server)
A service that maps / resolves host names to an IP address. Use Port 53 UDP for DNS queries, uses Port 53 TCP for Zone Transfers
DNSSEC
Domain Name System Security Extensions
A security protocol
that provides authentication of DNS data and upholds DNS data integrity
DOM
Document Object Model
DoS
Denial of Service
Is an attack that is one to one. Anything that can keep a device or user from accessing a service or information is a denial of service. One user flooding other user’s accounts with email attachments until the email box is full, cut the network cable or power are just a few examples.
DPO
Data Privacy Officer
DPP
Device Provisioning Protocol
DRDoS
Distributed Reflection Denial of Service
DRP
Disaster Recovery Plan
A step by step procedure to restore the organization to full functionality. This can be a failed web server, firewall, or some other critical component. The cause can be weather-related, man-made either intentional or accidental. Some items needed:
- Inventory list of hardware and software
- Contact info for DRP team members
- Contact info for employees, suppliers, vendors, customers
- Alternate site
- Backups
DSA
Digital Signature Algorithm
Public key encryption used for digital signatures. This is an asymmetric encryption method
DSL
Digital Subscriber Line
DV
Domain Validation
EAP
Extensible Authentication Protocol
EAP allows different authentication methods, most of using a digital certificate on the server and/or the client
EAP-FAST
EAP with Flexible Authentication via Secure Tunneling
Does not require certificates
EAP-TLS
Extensible Authentication Protocol-Transport Layer Security
Requires certificates on the clients and server
EAP-TTLS
EAP-Tunneled TLS
Requires certificates on the server only
EAPoL
EAP over LAN
ECB
Electronic Code Book
Not recommended for use, uses the same key for every packet, break one key, you have the entire message
ECC
Elliptic Curve Cryptography
Asymmetric encryption, used with wireless and mobile devices due to both have less processing power. ECC 128 is stronger than RSA 1024.
ECDHE
Elliptic Curve Diffie-Hellman Ephemeral
A secure method of exchanging shared keys using PFS (Perfect Forward Secrecy)
ECDSA
Elliptic Curve Digital Signature Algorithm
Uses ElGamal with an elliptical curve to implement a digital signature.