acroynms Flashcards
EAP
Extensible Authentication Protocol; an authentication framework used in enterprise wireless networks authenticating to a Radius server.
PEAP
A protocol for wireless authentication.
Protected EAP; encapsulates the EAP in a TLS tunnel.
EAP-TLS
Provides authentication for wireless networks
It uses digital certificates for mutual authentication. Both client and server present and validate certificates to authenticate each other.
TLS is used to establish a secure and encrypted communication channel between the client and authentication server.
Not used that much because of the challenges.
EAP-TTLS
A tunneled transport layer, unlike EAP-TLS, it does not require the client to have a certificate. Inside the tunnel the client authentication credentials are exchanged.
the client needs to install extra software.
TACACS+
Terminal Access Controller Access Control System Plus;
A Cisco designed extension that uses TCP traffic for authentication, authorization and accounting services, it provides full packet control.
CHAP
A authentication protocol. Challenge Handshake Authentication Protocol;
uses an encrypted challenge and 3 way handshake to send credentials.
Instead of sending a password, the client proves it’s identity by correctly responding to a challenge.
RADIUS
it relies on a LDAP backend. Remote Authentication Dial In User Service. It can operate TCP or UDP
Kerberos
is a secure authentication protocol designed for networked environments.
It enables secure identity verification between clients and services by using symmetric key cryptography.
It uses authentication tickets to grant session keys for service.
OCSP
Online Certificate Status Protocol
protocol used to check the revocation status of an X.509 digital certificate in real-time
It allows clients, such as web browsers, to verify whether a certificate is still valid or has been revoked,
You need the serial number to check if the certificate is invalid.
RSA
Is a public key algorithm, it’s algorithm depends on the computational difficulty inherent in factoring large prime numbers. Commonly used in asymmetric cryptography.
TPM
Trusted Platform Module; data from booting is stored on a TPM hardware chip. The UEFI will hash everything that is in the boot process and store the data in the TPM chip and the logs can be validated remotely. The chip also provides encryption, remote attestation. Ensure devices boot with only trusted hardware.
HSM
Hardware Security Modules; are external devices or plugin cards to manage keys for cryptographic functions.
KMS
key management system; used to store keys and certifications as well as managing them.
Symmetric Encryption
uses the same shared key to encrypt and decrypt and does not implement non-repudiation. It uses the Diffie-Hellman algorithms
Asymmetric Encryption
each user uses a public and private key which uses the RSA algorithms.
The sender encrypts the message using the recipient’s public key.
Only the recipient, who holds the corresponding private key, can decrypt it.
Decryption:
The recipient uses their private key to decrypt the message.
Digital Signatures:
The sender can use their private key to sign a message.
The recipient verifies the signature using the sender’s public key.
Perfect Forward Secrecy
a method for anonymously routing traffic across the internet with layers of encryption.
preventing nodes in the relay chain from reading anything other than the traffic they need to accept or forward.
which ensures that the traffic sent between client and server is secured even if the password has been compromised.
Blockchain
a distributed and immutable open public ledger, it creates a datastore that nobody can tamper or destroy it.
If a mistake is made in a ledger, a new transaction must be processed.
SAML
Security Assertion Markup Language; xml based standard for exchange authentication and authorization information.
OpenID
Users authenticate with a trusted IdP such as Google or Facebook. It’s decentralized.
EDR
endpoint detection and response tools; it is monitoring capabilities on end points using a client software where data can be searchable. It prevents malicious software installs like ransomware. And they also use hashing to match known malicious files.
HIDS
host based detection system; can do what a HIPS does but it cannot take action.
HIPS
host based intrusion prevention system; analyzes traffic before it reaches its final destination – it can take action on the intrusion
WPA-2 Personal
allow wireless clients to authenticate without a authentication server infrastructure; it uses a pre-shared key. It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code protocol using AES.
WPA-2 Enterprise
allows wireless clients from large organization to authenticate to a Radius server; each user will have unique credentials.
It uses AES (Advanced Encryption Standard) for data encryption and EAP for authentication.
It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code
WPA3-Personal
It is a wireless authentication protocol that uses SAE, Simultaneous Authentication of Equals which replaces pre-shared keys.
Interaction between client and network are validated on both sides.
It also uses Perfect Forward Secrecy, which ensures that the traffic sent between client and server is secured even if the password has been compromised.
WPA3-Enterprise
Next generation WiFi security protocol, it offers an optional AES 192 bit security mode.
It does not use SAE which is Simultaneous authentication of Equals.
It requires EAP-TLS.
Authentication is typically done by a RADIUS server.
RPO
Recovery Point Objectives, a process for recovering from backups, determines how often should backups be taken and thus balance the cost for storage verses the potential for data loss
RTO
It is a critical metric used to define the maximum acceptable amount of time that a system, application, or process can be unavailable after a disruption before causing significant harm to the organization.
SCADA
Supervisory Control and Data Acquisition, large systems that run power and water.
ICS
Industrial Control Systems, broad term for industrial automation.
SPF
Sender Policy Framework
is an email authentication protocol designed to prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send emails on their behalf.
v=spf1 ip4:192.0.2.0 ip4:192.0.2.1 include:examplesender.email -all
SPF record is telling the server that ip4:192.0.2.0 and ip4:192.0.2.1 are authorized to send emails on behalf of the domain
include:examplesender.net is an example of the include tag, which tells the server what third-party organizations are authorized to send emails on behalf of the domain.
-all tells the server that addresses not listed in the SPF record are not authorized to send emails and should be rejected.
DMARC
Domain based message authentication reporting and conformance
DMARC is part of an email authentication framework that works alongside SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to prevent email spoofing and phishing attacks.
It defines how email servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring email security.
When the email is received, it checks the SPF and DKIM.
DMARC ensures that the “From” domain matches the authenticated domains from SPF and DKIM.
v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:forensic-reports@example.com; adkim=s; aspf=s;
p=reject: Policy to reject unauthenticated emails.
Infrared sensor
they look for changes in infrared radiation. Heat radiation. Inexpensive, deployed in small rooms
Used in motion detection
temperature measurement
Pressure sensor
detect a change in pressure. Detects an object being moved.
Microwave sensor
They detect motion through obstacles. They are not heat based and will not capture audio.
ultrasonic sensor
Reflects sound set off by vibration or machinery, used in applications where proximity detection is required.