Explain Important System and Network Architecture Concepts Flashcards
System Hardening
A process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.
Containers
An operating system virtualization deployment containing everything required to run a service, application, or microservice.
Microservices
A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.
Application Virtualization
A software delivery model where the code runs a server and is streamed to a client
Serverless
A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.
Virtual Private Cloud(VPC)
A private network segment made available to a single cloud consumer on a public cloud.
Software-Defined Networking(SDN)
APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.
Secure Access Service Edge(SASE)
A networking and security architecture that provides secure access to cloud applications and services while reducing complexity. It combines security services like firewalls, identity and access management, and secure web gateway with networking services such as SD-WAN.
Out-of-Band Mechanisms
Use of a communication channel that is different than the one currently being used.
In-band Authentication
Use of a communication channel that is the same as the one currently being used.
Single Sign-On(SSO)
Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.
Privileged Access Management(PAM)
Policies, procedures, and support software for managing accounts and credentials with administrative permissions.
Federation
A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.
OpenID
An identity federation method that enables users to be authenticated on cooperating websites by a third-party authentication service.
Security Assertion Markup Language(SAML)
An XML-based data format used to exchange authentication information between a client and a service.
Simple Object Access Protocol(SOAP)
An XML-based web services protocol that is used to exchange messages.
Cloud Access Security Broker(CASB)
Enterprise management software designed to mediate access to cloud services by users across all types of devices.
Forward Proxy
A server that mediates the communications between a client and another server. It can filter and often modify communications as well as provide caching services to improve performance.
Reverse Proxy
A type of proxy server that protects servers from direct contact with client requests.
Data Loss Prevention(DLP)
A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.
Personally Identifiable Information(PII)
Data that can be used to identify or contact an individual (or, in the case of identity theft, to impersonate them).
Protected Health Information(PHI)
Data that can be used to identify an individual and includes information about past, present, or future health, as well as related payments and data used in the operation of a healthcare business.
Personal Identifiable Financial Information(PIFI)
Personal information about a consumer provided to a financial institution that can include account number, credit/debit card number, name, social security number and other information.
Cardholder Data(CHD)
Any type of personally identifiable information (PII) associated with a person who has a payment card, such as a credit or debit card.
