Acronyms "Q, R, S" Flashcards
QA
Quality Assurance
QoS
Quality of Service
RA
Recovery Agent
RACE
Research and Development in Advanced Communication Technologies in Europe
RAD
Rapid Application Development
- Agile software development approach
- Focuses on ongoing software projects and user feedback and less on following a strict plan
- Emphasizes rapid prototyping over costly planning
RADIUS
Remote Authentication Dial-in User Service
- Provides centralized authentication to protect networks against unauthorized use
- Could also be used for device administration, but its primary purpose is network authentication
- Combines authentication and authorization
- Encrypts only the password field, not the entire packet.
RAID
Redundant Array of Inexpensive Disks
- Storage virtualization technology that combines multiple physical disk drive components into one or more logical units
- Used to increase data redundancy, performance, or both
- Striping - spreads blocks of data across multiple disks. Great for increased performance but provides zero data redundancy or protection
- Mirroring - copies the same data across disks. Provides data redundancy and protection from failure, but requires more disks which increases cost
- Parity - calculated value that gets used to restore data from multiple drives if one of the drives were to fail. This prevents the need to mirror using separate drives since parity is spread among disks.
- RAID 0 - striping
- Needs 2 drives minimum
- RAID 1 - mirroring
- Needs 2 drives minimum
- RAID 4 - striping and parity
- Needs 3 drives minimum
- RAID 5 - striping and parity
- Needs 3 drives minimum
- RAID 6 - striping and parity
- Needs 4 drives minimum
RAM
Random Access Memory
RAS
Remote Access Server
RAT
Remote Access Trojan
- Malware that gives the attacker admin control over the target computer
- Typically used to then take further action
RBAC
Role-Based Access Control
- Used to assign rights and permissions based on roles of users
- Roles are usually assigned by groups
RC4
Rivest Cipher 4
- Insecure
- WEP
RCS
Rich Communication Services
- Communication protocol between mobile telephone carriers and between phone and carrier, aiming at replacing SMS messages with a text-message system that is richer, provides phonebook polling (for service discovery), and can transmit in-call multimedia. It is part of the broader IP Multimedia Subsystem. Google added support for end-to-end encryption for one-on-one conversations in their own extension.
RFC
Request for Comment
RFID
Radio Frequency Identifier
- Uses electromagnetic fields to automatically identify and track tags attached to objects
- Consists of a tiny radio transponder, a radio receiver, and a transmitter
- Made up of tags and readers
RIPEMD
RACE Integrity Primitives Evaluation Message Digest
ROI
Return on Investment
RPO
Recovery Point Objective
- an RPO of 24 hours means that the data can be recovered (from a backup copy) to a point not more than 24 hours
- The maximum amount of data (measured by time) that can be lost after a recovery from a disaster or failure
- Used to determine the frequency of backups
- ie: if an RPO is 70 minutes, you require system backups every 70 minutes
RSA
Rivest, Shamir, Adleman
- Algorithm used to encrypt and decrypt messages (public-key cryptosystem)
- Asymmetric…the public key can be known to everyone
- Messages encrypted using the public key can only be decrypted with the private key
- Slower than some
RTBH
Remote Triggered Black Hole
- Can be used to drop traffic before it enters a protected network
- A common use is to mitigate DDoS
RTO
Recovery Time Objective
- Max amount of time it can take to recover after a failure or disaster before the business is significantly impacted
RTOS
Real-Time Operating System
- Event-driven and preemptive
- Switches between tasks based on their priorities (event-driven) or on a regular clocked interrupts and on events (time-sharing)
RTP
Real-Time Transport Protocol
- Used to transfer audio/video over IP networks
- Streaming media, for example
S/MIME
Secure/Multipurpose Internet Mail Extensions
- Provides a way to integrate public-key encryption and digital signatures into most modern email clients.
- This would encrypt all email information from client to client, regardless of the communication used between email servers
SaaS
Software as a Service
SAE
Simultaneous Authentication of Equals
- Secure password-based authentication and password-authenticated key agreement method
SAML
Security Assertions Markup Language
- XML-based markup language for security assertions
- Allows an IdP to authenticate users and then pass an auth token to another application (service provider)
SAN (Network)
Storage Area Network
- Dedicated, independent high-speed network that interconnects and delivers shared pools of storage devices to multiple servers
SAN (Digital Certificates)
Subject Alternative Name
- Extension to X.509 that allows various values to be associated with a security certificate
SCADA
System Control and Data Acquisition
- Control system for high-level supervision of machines and processes
SCAP
Security Content Automation Protocol
- A synthesis of interoperable specifications derived from community ideas
SCEP
Simple Certificate Enrollment Protocol
- Makes the request and issuing of digital certificates as simple as possible
SDK
Software Development Kit
- Collection of software development tools you can install in one package
SDLC
Software Development Life Cycle
SDLM
Software Development Life Cycle Methodology
SDN
Software Defined Networking
- Makes networking a bit more like cloud computing than traditional network management by defining network technology via software
SDV
Software Defined Visibility
- Framework that allows customers, security and network equipment vendors, as well as MSPs, to control and program Gigamon’s Visibility Fabric via REST-based APIs
SED
Self-Encrypting Drive
- Data gets encrypted as it gets added to disk (HDD and SSD)
SEH
Structured Exception Handler
- A way of handling both software and hardware exceptions/failures gracefully
SFTP
Secure File Transfer Protocol
SHA
Secure Hashing Algorithm
SHTTP
Secure Hypertext Transfer Protocol
- Obsolete Alternative to HTTPS
SIEM
Security Information and Event Management
SIM
Subscriber Identity Module
- SIM Card for phones
SIP
Session Initiation Protocol
- Used to initiate, maintain, and terminate real-time sessions that include voice, video, and messaging apps
SLA
Service Level Agreement
SLE
Single Loss Expectancy
- Monetary value of an asset
- % of loss for each realized threat
SMS
Short Message Service
SMTP
Simple Mail Transfer Protocol
SMTPS
Simple Mail Transfer Protocol Secure
SNMP
Simple Network Management Protocol
- Networking protocols used for the management and monitoring of network-connected devices in IP networks
SOAP
Simple Object Access Protocol
- Lightweight XML-based protocol that’s used for exchanging information in decentralized, distributed application environments
- Versus REST, which mostly uses JSON
SOAR
Security Orchestration Automation Response
- Technologies that enable orgs to collect inputs monitored by the security operations team
- ie: alerts from the SIEM and other security tech where incident analysis and triage can be performed by leveraging a combination of human and machine power
SOC (Hardware)
System on a Chip
- Raspberry Pi is an example of SoC
- Multiple components running on a single chip
SOC
Security Operations Center
SPF
Sender Policy Framework
- Email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain
SPIM
Spam over Instant Message
SQL
Structured Query Language
SQLi
Structured Query Language Injection
SRTP
Secure Real-Time Transfer Protocol
- Provides encryption, message authentication and integrity, and replay attack protection to the RTP data
SSD
Solid State Drive
SSH
Secure Shell
SSL
Secure Sockets Layer
SSO
Single Sign On
STIX
Structured Threat Information eXchange
- XML structured language for sharing threat intelligence
- Like TAXII, STIX is a community-driven project
STP
Shielded Twisted Pair
SWG
Secure Web Gateway
- Protects users from web-based threads and applies and enforces corporate acceptable use policies
- Instead of connecting directly to a website, the user accesses the SWG, which then connects the user to the desired website
- This helps with URL filtering, web visibility, malicious content inspection, web access controls, and more
