E-L Flashcards
Eavesdropping
Listening on a private communication without permission
Egress
Network communications going out
Elliptical curve cryptography (ECC)
An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic factoring. Smaller keys are more suitable to mobile devices.
Encapsulation security payload (ESP)
Protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, and anti-replay service and limited traffic flow confidentiality.
Encryption key
piece of digital information, used by an encryption algorithm to convert the plaintext to the ciphertext
Eradication
when containment measures have been deployed after an incident occurs, the root cause of the incident must be identified and removed from the network. Eradication methods include; restoring backups to achieve a clean state of the system, removing the root cause, improving defenses and performing vulnerability analysis to find further potential damage form the same root cause.
Event
Something that happens at a specific place or time
Exploit
Full use of a vulnerability for the benefit of an attacker.
File Transfer Protocol (FTP)
A protocol used to transfer files over a transmission control protocol/ Internet protocol (TCP/IP) network
Firewall
A system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet
Gateway
device (router, firewall) on a network that services as an entrance to another network
governance
ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. conditions can include the cost of capital, foreign exchange rates, etc. Options can include shifting manufacturing to other locations, subctontracting portions of the enterprise to third parties, selecting a product mix from many available choices.
Guideline
A description of a particular way of accomplishing something that is less prescriptive than a procedure
Hash function
An algorithm that maps or translate one set of bits into another so that a message yields the same result every time the algorithm is executed using the same message as input. It i computationally infeasible for a message to be derived or reconstituted from the result produced by the algorithm or to find 2 different messages that produce the same hash result using the same algorithm.
Hash total
total of any numeric data field in a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Hashing
Using a hash function (algorithm) to create hash valued or checksums that validate message integrity.
Honeypot
specially configured server, also known as a decoy server, designed to attract and monitor intruders in a manner such that their actions do not affect production systems. Also known as “decoy server”
Horizontal defense in depth
Controls are placed in various places in the path to access an asset
Hubs
A common connection point for devices in a network, hubs are used to connect segments of a local area network (LAN). A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.
Hypertext Transfer Protocol (HTTP)
communication protocol used to connect to servers on the WWW. It is primary function is to establish a connection with a web server and transmit hypertext markup language (HTML), extensible markup language (XML) or other pages to client browsers
IEEE (Institute of Electrical and Electronic Engineers)
an organization composed of engineers, scientists and students
IEEE 802.11
A family of specifications developed by the IEEE for wireless local area network (WLAN) technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between 2 wireless clients.
Imaging
A process that allows one to obtain a bit-for-bit copy of data to avoid damage of original data or information when multiple analyses may be performed.
Impact
Magnitude of loss resulting from a threat exploiting a vulnerability
Impact Analysis
A study to prioritize the criticality of information resources for the enterprise base on costs of adverse events. In an impact analysis, threats to asset are identified and potential business losses determined for different time periods. This assessment is used to justify the extent of safeguards that are required and recovery time frames
Incident
any event that is not part of the standard operations of a service and that causes, or may cause, an interruption to, or a reduction in, the quality of that service
incident response
may include: evacuation of a facility, initiating a disaster recovery plan (DRP), performing damage assessment, and any other measures necessary to bring an enterprise to a more stable status.
incident response plan
operational component of incident management. The plan includes documented procedures and guidelines for defining the criticality of incidents, reporting and escalation process, and recovery procedures
Information security
Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and nonaccess when required (availability).
Infrastructure as a Service (IaaS)
Offers the capability to provision processing, storage, networks, and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating system (OSs) and applications
Ingestion
a process to convert information extracted to a format that can be understood by investigators
Ingress
Network communications coming in
Inherent risk
risk level or exposure without taking into account the actions that mgmt has taken or might take
Injection
a general term for attack types which consist of injecting code that is then interpreted/ executed by the application
Integrity
guarding against improper information modification/ destruction, and includes ensuring information repudiation and authenticity.
Internet Assigned Numbers Authority (IANA)
Responsible for the global coordination of the DNS root, IP addressing, and other Internet protocol resources
Internet Control Message Protocol (ICMP)
A set of protocols that allow systems to communicate information about the state of service on other systems. For example, ICMP is used in determining whether systems are up, maximum packet sizes on links, whether a destination host/network/port is available.
Internet Protocol (IP)
Specifies the format of packets and the addressing scheme.
Internet Protocol (IP) packet spoofing
attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses.
Internetwork Packet Exchange/ Sequenced Packet Exchange (IPX/ SPX)
IPX is layer 3 of the open systems interconnect (OSI) model network protocol; SPX is layer 4 transport protocol. The SPX layer sits on the op of IPX layer and provides connection-oriented services between 2 nodes on the network.
interrogation
used to obtain prior indicators or relationships, including personal information, from extracted data
Investigation
collection and analysis of evidence with the goal to identifying the perpetrator of an attack or unauthorized use or access
IP Authentication Header (AH)
Protocol used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays. Ah ensures data inegrity with a checksum that a message authentication code, such as MD5, generates. To ensure data origin authentication, AH includes a secret shared key in the algorithm that it uses for authentication. To ensure replay protection, AH uses a sequence number field within the IP authentication header.
IP Security (IPSec)
A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange of packets.
IT Governance
The responsibility of executives and the BoD, consist of the leadership organization structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives
Kernel mode
used of execution of privileged instruction for the internal operations of the system. No protections from errors or malicious activity and all parts of the system and memory are accessible
Key risk indicator (KRI)
subset of risk indicators that are highly relevant and posses a high probability of predicting or indicating important risk.
Keylogger
Software used to record all keystrokes on a computer
Latency
Time it takes a system and network delay to respond. More specifically, system latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Layer 2 switches
Data link level devices that can divide and interconnect network segments and help to reduce collision domains in Ethernet-based network
Layer 3 and 4 switches
switchese with operating cabilities at layer 3 and layer 4 of the open systems interconnect (OSI) model. These switches look at the incoming packet’s network protocol and then compare the designation IP address to the list of addresses in their tables, to actively calculate the best way to send packet to its destination.
Layer 4-7 switches
used for load balancing among groups of servers. Also known as content-switches, content services switches, web-switches or application-switches
Local area network (LAN)
Communication network that serves several users within a specified geographic area. A personal computer LAN functions as a distributed processing system n which each computer in the network does its own processing and manages some of its data. Shared data are stored in a file server that acts a a remote disk drive for all users in the network.
