acroynms Flashcards
EAP
Extensible Authentication Protocol; an authentication framework used in enterprise wireless networks authenticating to a Radius server.
PEAP
A protocol for wireless authentication.
Protected EAP; encapsulates the EAP in a TLS tunnel.
EAP-TLS
Provides authentication for wireless networks
It uses digital certificates for mutual authentication. Both client and server present and validate certificates to authenticate each other.
TLS is used to establish a secure and encrypted communication channel between the client and authentication server.
Not used that much because of the challenges.
EAP-TTLS
A tunneled transport layer, unlike EAP-TLS, it does not require the client to have a certificate. Inside the tunnel the client authentication credentials are exchanged.
the client needs to install extra software.
TACACS+
Terminal Access Controller Access Control System Plus;
A Cisco designed extension that uses TCP traffic for authentication, authorization and accounting services, it provides full packet control.
CHAP
A authentication protocol. Challenge Handshake Authentication Protocol;
uses an encrypted challenge and 3 way handshake to send credentials.
Instead of sending a password, the client proves it’s identity by correctly responding to a challenge.
RADIUS
it relies on a LDAP backend. Remote Authentication Dial In User Service. It can operate TCP or UDP
Kerberos
is a secure authentication protocol designed for networked environments.
It enables secure identity verification between clients and services by using symmetric key cryptography.
It uses authentication tickets to grant session keys for service.
OCSP
Online Certificate Status Protocol
protocol used to check the revocation status of an X.509 digital certificate in real-time
It allows clients, such as web browsers, to verify whether a certificate is still valid or has been revoked,
You need the serial number to check if the certificate is invalid.
RSA
Is a public key algorithm, it’s algorithm depends on the computational difficulty inherent in factoring large prime numbers. Commonly used in asymmetric cryptography.
TPM
Trusted Platform Module; data from booting is stored on a TPM hardware chip. The UEFI will hash everything that is in the boot process and store the data in the TPM chip and the logs can be validated remotely. The chip also provides encryption, remote attestation. Ensure devices boot with only trusted hardware.
HSM
Hardware Security Modules; are external devices or plugin cards to manage keys for cryptographic functions.
KMS
key management system; used to store keys and certifications as well as managing them.
Symmetric Encryption
uses the same shared key to encrypt and decrypt and does not implement non-repudiation. It uses the Diffie-Hellman algorithms
Asymmetric Encryption
each user uses a public and private key which uses the RSA algorithms.
The sender encrypts the message using the recipient’s public key.
Only the recipient, who holds the corresponding private key, can decrypt it.
Decryption:
The recipient uses their private key to decrypt the message.
Digital Signatures:
The sender can use their private key to sign a message.
The recipient verifies the signature using the sender’s public key.
Perfect Forward Secrecy
a method for anonymously routing traffic across the internet with layers of encryption.
preventing nodes in the relay chain from reading anything other than the traffic they need to accept or forward.
which ensures that the traffic sent between client and server is secured even if the password has been compromised.
Blockchain
a distributed and immutable open public ledger, it creates a datastore that nobody can tamper or destroy it.
If a mistake is made in a ledger, a new transaction must be processed.
SAML
Security Assertion Markup Language; xml based standard for exchange authentication and authorization information.
OpenID
Users authenticate with a trusted IdP such as Google or Facebook. It’s decentralized.
EDR
endpoint detection and response tools; it is monitoring capabilities on end points using a client software where data can be searchable. It prevents malicious software installs like ransomware. And they also use hashing to match known malicious files.
HIDS
host based detection system; can do what a HIPS does but it cannot take action.
HIPS
host based intrusion prevention system; analyzes traffic before it reaches its final destination – it can take action on the intrusion
WPA-2 Personal
allow wireless clients to authenticate without a authentication server infrastructure; it uses a pre-shared key. It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code protocol using AES.
WPA-2 Enterprise
allows wireless clients from large organization to authenticate to a Radius server; each user will have unique credentials.
It uses AES (Advanced Encryption Standard) for data encryption and EAP for authentication.
It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code
WPA3-Personal
It is a wireless authentication protocol that uses SAE, Simultaneous Authentication of Equals which replaces pre-shared keys.
Interaction between client and network are validated on both sides.
It also uses Perfect Forward Secrecy, which ensures that the traffic sent between client and server is secured even if the password has been compromised.
WPA3-Enterprise
Next generation WiFi security protocol, it offers an optional AES 192 bit security mode.
It does not use SAE which is Simultaneous authentication of Equals.
It requires EAP-TLS.
Authentication is typically done by a RADIUS server.
RPO
Recovery Point Objectives, a process for recovering from backups, determines how often should backups be taken and thus balance the cost for storage verses the potential for data loss
RTO
It is a critical metric used to define the maximum acceptable amount of time that a system, application, or process can be unavailable after a disruption before causing significant harm to the organization.
SCADA
Supervisory Control and Data Acquisition, large systems that run power and water.
ICS
Industrial Control Systems, broad term for industrial automation.
SPF
Sender Policy Framework
is an email authentication protocol designed to prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send emails on their behalf.
v=spf1 ip4:192.0.2.0 ip4:192.0.2.1 include:examplesender.email -all
SPF record is telling the server that ip4:192.0.2.0 and ip4:192.0.2.1 are authorized to send emails on behalf of the domain
include:examplesender.net is an example of the include tag, which tells the server what third-party organizations are authorized to send emails on behalf of the domain.
-all tells the server that addresses not listed in the SPF record are not authorized to send emails and should be rejected.
DMARC
Domain based message authentication reporting and conformance
DMARC is part of an email authentication framework that works alongside SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to prevent email spoofing and phishing attacks.
It defines how email servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring email security.
When the email is received, it checks the SPF and DKIM.
DMARC ensures that the “From” domain matches the authenticated domains from SPF and DKIM.
v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:forensic-reports@example.com; adkim=s; aspf=s;
p=reject: Policy to reject unauthenticated emails.
Infrared sensor
they look for changes in infrared radiation. Heat radiation. Inexpensive, deployed in small rooms
Used in motion detection
temperature measurement
Pressure sensor
detect a change in pressure. Detects an object being moved.
Microwave sensor
They detect motion through obstacles. They are not heat based and will not capture audio.
ultrasonic sensor
Reflects sound set off by vibration or machinery, used in applications where proximity detection is required.
key stretching
is a technique used to enhance the security of cryptographic keys by increasing the computational effort required to guess or break the key through brute-force attacks.
How Key Stretching Works:
Key stretching typically involves repeatedly applying a cryptographic function (often a hash function) to a key or password, along with a salt (a random value added to the key to ensure uniqueness). This repeated application of the function produces a more robust key.
rainbow attack
A rainbow attack is a type of cryptographic attack used to crack hashed passwords or other hashed data. It leverages a precomputed table called a rainbow table to reverse cryptographic hash functions more efficiently than brute-force attacks.
To prevent these attacks a method called salting which adds a randomly generated value to each password prior to hashing.
TDE
Transport database encryption which encrypts the entire database
CLE
column level encryption which specific columns of tables to be encrypted.
record level encryption
allows individual records of a database to be encrypted
HMAC
hash-based message authentication code;
an algorithm that implements partial digital signatures -
it relies on a single shared key which does not provide non-repudiation.
zero trust
There are no trust boundaries and every action is validated.
Policy engines evaluate policies and uses threat information and other data to determine if access should be granted.
version control
tracking workload is not a security related issue with version control.
What do you need to digitally sign a file?
to sign a file, you need to use your own private key, the recipient can then decrypt the message using the sender’s public key.
Directive controls
What should be done to achieve security objectives. Policies and Procedures are examples of directive controls
gap analysis
A cyber security profesional reviews the security controls of a company. If there is any case where a control does not meet the company’s objective then its a gap, whereas risk analysis is done as part of risk assessment.
tokenization
uses randomly generated values that are assigned to replace existing know values.
key escrow
a third party that stores a protective copy of the key for use in case of an emergency. It’s regulatory compliant
watering hole attack
The attacker exploits vulnerabilities in legitimate websites that are visited by there intended target.
Malicious code is injected into the site, often in the form of malware or links to a malicious server.
What are the common motivation for internal threat actors
blackmail, financial gain, ethical reasons
domain hijacking
occurs when the registration information has changed without owner’s permission whereas dns hijacking inserts false information into a DNS server or man in the middle modifies traffic in transit.
What is the difference between phishing and spam
Phishing is to acquire data to later use for attacks whereas spam is broad term for unwanted emails.
on-path attacks
It is known as man in the middle attack. Eavesdropping. Passively monitor communication to steal sensitive information like credentials or financial data.
Actively alter messages.
What is Spear phishing
Is a targeted and deceptive email or electronic communication attack that aims to trick a specific individual or group into disclosing sensitive information, such as login credentials, financial details, or other confidential data. For example, insurance professionals would be a target group.
What is a VM escape vulnerability
A VM escape vulnerability is a security flaw that allows an attacker to breach the isolation between a virtual machine (VM) and its host system, potentially gaining unauthorized access to the host operating system or other VMs running on the same hypervisor.
Jailbreaking
Jailbreaking typically relies on exploiting security flaws in the operating system or bootloader to bypass restrictions.
After exploiting the system, the user gains administrative (root) privileges, allowing full control over the device.
Hardware vendor supply chain issues
Malware, modified firmware, and lack of availability are common concerns for supply chains but hardware modification remains relatively uncommon.
What is a zero day exploit
A zero-day exploit refers to a type of cyberattack that takes advantage of a previously unknown vulnerability in software, hardware, or firmware. These vulnerabilities are termed “zero-day” because the software vendor or developer has had zero days to patch or address the issue.
Zero-day exploits are particularly dangerous because they are typically used before the vulnerability is publicly disclosed or fixed, leaving systems and users defenseless.
What do ACL do?
allow or deny traffic based on the rules that include protocol, IPs, ports whereas VLANs can’t do what ACLs do because VLANS mainly segment traffic.
integer overflow
Placing larger integer value into a smaller integer variable. There is no such thing as a memory overflow.
cryptographic collision attack
A cryptographic collision attack is a type of attack against cryptographic hash functions.
zero day vulnerability
A zero-day vulnerability is a previously unknown security flaw in software, hardware, or firmware that has not been identified or addressed by the vendor or developer.
blue snarfing
Typically involves accessing data from a Bluetooth device within range.
bluejacking
Involves sending unsolicited messages to a Bluetooth device within range.
What are the three common situations involving race conditions
time-of-check, time-of-use, and time-of-evaluation.
What is a subject in a zero trust environment
users, services, systems, devices
What is a policy engine in a zero trust environment
Makes policy decisions based on rules to grant, deny, or revoke but the policy administrator takes the action based on the decision.
What is the policy administrator in a zero trust environment
If the decision is denied, the policy administrator tells the policy enforcement point to end the session.
air gapping
It literally means air between the server and network – this prevents malware from infecting the backups.
How to keep the OS of devices being modified
Requiring signed and encrypted firmware for OS updates.
How to know if someone’s account is being used when they are not using it.
Implement auditing of account usage
Do serverless account require a system administrator
No, because they considered function-as-a-service. But they can scale up and scale down.
What is a microservice?
is an architecture that builds apps that provide specific functions using light weight protocols.
What is IaC
Infrastructure as code is the process of managing and provisioning computers and data centers through scripted code or machine-readable definition files. It’s part of the DevOps process.
What is RTOS
Commonly used in embedded systems, this is when apps needs to deal with input immediately Using secure firmware will keep it secured.
What are the security challenges of an embedded system
They are built with limited capabilities as far as cpu is concerned because of the computational power needed for cryptography.
Data soverignity
data that is stored and collected is subject to that country’s laws.
What two connection methods are popular with geofencing?
GPS data and data about local Wi-Fi networks are the two commonly used protocols to help geofencing.
What is AH in an ipsec for VPN solution
Provides authnetication and integrity which protects against data tampering. AH uses hashes and a shared key to insure the integrity of data. It authenticates the packet and header. It does not provide encryption.
What is ESP in an IPsec VPN?
Encapsulating Security Payload, Operates in transport or tunnel mode. In tunnel mode, it provides integrity and authentication to the entire packet. In transport mode, it only protects the payload of the packet.
What is a network tap
Copies all network traffic to another location. Allowing traffic visibility w/o a device inline
What is a UTM appliance?
Unified Threat Management; it can be a firewall, IDS/IPS antivirus/antimalware or content filtering.
What is MDM
mobile device management
What is APT
Advanced Persistent Threat. cyberattacks orchestrated by highly skilled adversaries.
How to validate emails from email servers?
Using a DKIM which uses a public key pair for validation
What are UEBA tools
User and entity behavior analytics – is a tool used for behavior based analytics leveraging machine learning.
What is the best practice to set the password history in Windows?
Password history is intended to prevent password reuse.
True or False. Password expiration help reduce the length a time a password could be exposed
True.
What is fuzzing
the process of feeding unexpected data to a program to see how it reacts.
