Cyber Security Flashcards
SOC
Security Operations Center (SOC)
- centralized unit that monitors and manages an organization’s security posture on a 24/7 basis
NIPS
Network Intrusion Prevention System (NIPS)
- monitors network traffic for suspicious activity and can take automated actions to block or prevent potential threats
WAF
Web Application Firewall (WAF) with DDoS protection
- specifically designed to mitigate and block DDoS attacks by filtering and monitoring incoming traffic to a web application.
PKI
Public Key Infrastructure (PKI)
- involves the use of asymmetric cryptography to provide secure communication and authentication, each device is assigned a unique key pair consisting of a public key and a private key
IDS
Intrusion Detection System (IDS)
- designed to monitor network traffic for suspicious activities or patterns that may indicate unauthorized access, malware infections, or other security threats
ACL
Access Control Lists (ACLs)
- used to control access to network resources by specifying which users of systems are allowed or denied access to specific resources
TPM
Trusted Platform Module (TPM)
- dedicated microcontroller designed to secure hardware by integrated cryptographic keys into devices
SAN Certificate
Subject Alternative Name (SAN) Certificate
- can secure multiple domains and subdomains by specifying them in the certificate’s SAN field
VLAN
Virtual Local Area Network
- logical grouping of network devices that allows devices on different physical LANs to communicate as if they were on the same physical LAN
RSA
Rivest, Shamir, & Adleman
- an asymmetric algorithm used primarily for secure data transmission and digital signature
HMAC
Hash-based Message Authentication Code (HMAC)
- used to verify the integrity and authenticity of a message, requires a shared secret key but does not provide a method for establishing or agreeing upon that key
AES
Advanced Encryption Standard (AES)
- a symmetric encryption algorithm used to encrypt data
TLS
Transport Layer Security (TLS)
- security protocol that protects data and privacy when communicating over the internet
SSL
Secure Socket Layer (SSL)
- standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers)
CRL
Certificate Revocation List (CRL)
- list of digital corticates that have been revoked by the CA (Certificate Authority) before their expiration date
CSRF
Cross-Site Request Forgery (CSRF)
- web-based attack where an attacker tricks a user into performing actions on a web application without their consent
APT
Advanced Persistent Threat (APT)
- highly skilled, well-resourced, and persistent attackers, often associated with state-sponsored groups, that focus on long-term espionage or sabotage
ARP
Address Resolution Protocol (ARP)
- protocol or procedure that connects an ever-changing Internet Protocol (IP) address to a fixed physical machine address, also known as a media access control (MAC) address, in a local-area network (LAN)
WEP
Wired Equivalent Privacy (WEP)
- an outdated encryption standard known to have significant vulnerabilities that can be easily compromised
WPA
Wi-Fi Protected Access (WPA)
- a security standard for wireless networks that protects data transmitted between devices and the internet
PSK
Pre-Shared Key (PSK)
- a complex string of characters that is used to authenticate users on a network and secure wireless communication
AES
Advanced Encryption Standard (AES)
- a symmetric block cipher chosen by the U.S. government to protect classified information
NTLM
New Technology LAN Manager
- suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users
TOC
Time-of-check (TOC)
- refers to the moment when a system checks the state of a resources
TOU
Time-of-use (TOU)
- refers to the moment when a system uses a resource after it has been checked
SSH
Secure Shell (SSH)
- a network protocol that allows secure communication between devices over an unsecured network
HIPS
Host-based Intrusion Prevention System (HIPS)
- a security software that monitors and prevents malicious activity on a device
CVE
Common Vulnerability and Exposure (CVE)
- a system that identifies and tracks publicly known cybersecurity vulnerabilities
EDR
Endpoint Detection and Response (EDR)
- focuses on identifying and addressing security threats at the endpoint level, such as laptops, desktops, and mobile devices
RAT
Remote Access Trojan (RAT)
- re malware designed to allow an attacker to remotely control an infected computer
SCADA
Supervisory Control and Data Acquisition (SCADA)
- provide centralized control, data acquisition, and real-time monitoring of industrial processes
RTO
Recovery Time Objective (RTO)
- the maximum amount of time an organization can tolerate for restoring its systems, applications, and data after a cyber incident
AAA
Authentication, Authorization, and Accounting (AAA)
AES-256
Advanced Encryption Standards 256-bits (AES-256)
AH
Authentication Header (AH)
- an IPSec header used to verify that the contents of a packet have not been modified while the packet was in transit
AIS
Automated Indicator Sharing (AIS)
- program enables organizations to share and receive machine-readable cyber threat indicators (CTIs) and defensive measures (DMs) in real-time for use in monitoring and defending their networks against known threats that are relevant to AIS participants
ALE
Annualized Loss Expectancy (ALE)
- the total loss we can expect from a risk in a one-year timeframe and is calculated by multiplying SLE (Single Loss Expectancy) by ARO (Annualized Rate Occurrence)
APT
Advanced Persistent Threat (APT)
- a type of cyber attack that involves a prolonged, covert intrusion into a network or system
ARO
Annualized Rate Occurrence (ARO)
- the likelihood of a risk being compromised and is calculated by dividing the estimated number of incidents by the time frame
ASLR
Address Space Layout Randomization (ASLR)
- a technique that is used to increase the difficulty of performing a buffer overflow attack that requires the attacker to know the location of an executable in memory
ATT&CK
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
- a comprehensive matrix of tactics and techniques used by cyber adversaries
AUP
Acceptable User Policy (AUP)
- sets rules related to an organization’s IT security policies
BASH
Bourne Again Shell (BASH)
- default shell language in most server computing environments in Linux
BCP
Business Continuity Planning (BCP)
- a proactive approach that prepares an organization to respond and recover from potential cyber threats
BGP
Border Gateway Protocol (BGP)
- a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS)
BIA
Business Impact Analysis (BIA)
- a systematic process that helps organizations evaluate the potential impact of disruptions on their critical assets, processes, and services
BPA
Business Partners Agreement (BPA)
- legal agreements between partners, this is a legal agreement that outlines the terms, conditions, and expectations between the partners
BPDU
Bridge Protocol Data Unit (BPDU)
- a message that helps switches exchange information and determine the best paths for data to travel through a network.
BYOD
Bring Your Own Device (BYOD)
CAPTCHA
Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA)
CAR
Corrective Action Report (CAR)
- a formal document used by organizations to address and rectify issues, errors, non-conformances, or deficiencies identified in processes, products, services, or systems
CASB
Cloud Access Security Broker (CASB)
- a security solution that monitors and enforces an organization’s security policies for cloud applications
CBC
Cipher Block Chain (CBC)
- a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted
CCMP
Counter Mode/CBC-MAC Protocol (CCMP)
- a cryptographic protocol that uses the AES cipher to encrypt data and provide security services
