Full List Flashcards
CIA
- Confidentiality: prevent unauthorized information disclosure.
- Integrity: data remains unaltered
- Availability: information is accessible to authorized users
AAA
- Authentication: prove your identity, e.g. password
- Authorization: what resources you have access to.
- Accounting: record of the resources used, e.g. login time, logout time
PKI
Public Key Infrastructure: A system of policies, procedures, and technology for managing digital certificates to securely link public keys to people or devices, enabling trusted communication.
TPM
Trusted Platform Module: a microprocessor that provides cryptographic functions for a single device, e.g. storing BitLocker keys.
HSM
Hardware Security Module: a dedicated device for storing and managing encryption keys for many devices, typically used in large environments.
CA
Certificate Authority: A trusted organization that issues and manages digital certificates to verify the identity of entities.
CRL
Certificate Revocation List: list of invalidated certificates that’s maintained by the Certificate Authority.
OCSP
Online Certificate Status Protocol: real-time certificate validity checks through browser.
CSR
Certificate Signing Request: request the Certificate Authority to issue a digital certificate.
SMS
Short Message Service: a text messaging service that allows the exchange of short text messages between mobile devices.
IM
Instant Messaging: the exchange of near-real-time messages through online software.
MSP
Managed Service Providers: A company that manages IT infrastructure and services for organizations remotely.
TOC/TOU
Time-of-check to Time-of-use: exploiting the gap between verification and execution in race conditions. A race condition is exploiting processes running simultaneously.
SQLi
Structured Query Language injection: injecting malicious SQL commands into a database query.
XSS
Cross Site Scripting: injecting scripts into web pages viewed by users.
VM escape
Virtual Machine escape: gaining access to a host from a virtual machine.
RFID cloning
Radio Frequency Identification cloning: duplicating RFID cards or tags.
DDoS
Distributed Denial of Service: flooding a service with requests from several computers to cause downtime.
DNS attack
Domain Name System: exploiting vulnerabilities in DNS to redirect traffic from a website.
IoT
Internet of Things: A network of interconnected devices that communicate and exchange data over the internet.
VLAN
Virtual Local Area Network: a network segmentation technique that groups devices logically to improve performance and security
ACL
Access Control List: a list of rules that lists access permissions based on an allow/deny list.
HIPS
Host-based Intrusion Prevention System: a security software that detects and prevents unauthorized access to a system on a host.
IaC
Infrastructure as Code: Managing and provisioning infrastructure through code, useful in software development to build, test, and deploy applications.
SDN
Software-defined Networking: network infrastructure that enables the network to be centrally controlled using software applications.
ICS/SCADA
Industrial Control Systems & Supervisory Control and Data Acquisition System: systems used to monitor and control industrial processes, e.g. power generation, energy, manufacturing.
RTOS
Real-time Operating System: low-latency systems with high security demands, an OS with deterministic processing schedule, e.g. military environments.
IPS/IDS
Intrusion Prevention/Detection System: designed to monitor and alert (IDS) or actively block (IPS) malicious activities in a network.
PSK
Pre-shared Key: A shared password used for authentication in wireless networks like WPA2/WPA3.
EAP
Extensible Authentication Protocol: authentication framework for secure communication, can be used withan authentication database like RADIUS, LDAP, or TACACS+.
802.1X
IEEE 802.1X: port-based network access control that authenticates users using EAP
WAF
Web Application Firewall: a firewall that protects against web threats like SQL injection, it applies rules to HTTP/HTTPS conversations.
UTM
Unified Threat Management: all-in-one security appliance in one device, can contain IDS/IPS, URL filter, spam filter, etc.
NGFW
Next-generation Firewall: advanced firewall with application-layer filtering, has deep packet inspection.
VPN
Virtual Private Network: encrypting data going through a public network for secure remote access.
TLS
Transport Layer Security: encrypting data communication over a network through port 443 (HTTPS) at the application layer.
IPSec
Internet Protocol Security: secures internet communications by encrypting and authenticating data packets at the network layer.
SD-WAN
Software-defined Wide Area Network: a WAN built for the cloud giving efficient access to public cloud applications.
SASE
Secure Access Service Edge: a next-generation VPN that allows you to connect securely from different locations, or anywhere.
UPS
Uninterruptible Power Supply: battery backup to keep systems running temporarily during power loss.
MDM
Mobile Device Management: software for managing and securing mobile devices within an organization.
BYOD
Bring Your Own Device: employees using personal devices at work.
COPE
Corporate-owned, personally enabled: company provides the device with limited personal use.
CYOD
Choose Your Own Device: employees choose from pre-approved devices.
WPA3
Wi-Fi Protected Access 3: advanced encryption for web networks.
RADIUS
Remote Authentication Dial-in User Service: protocol that provides centralized authentication, authorization, and accounting (AAA) for users accessing a network.
OSINT
Open-Source Intelligence: the process of gathering publicly available information to assess threats.
CVSS
Common Vulnerability Scoring System: evaluate and rank reported vulnerabilities in a standardized way.
CVE
Common Vulnerability Enumeration: identifying and cataloging known vulnerabilities, maintained by MITRE.
SCAP
Security Content Automation Protocol: framework for managing security policies and compliance.
SIEM
Security Information and Event Management: centralised logging and analysis tool used to detect, analyze, and respond to security threats.
DLP
Data Loss Protection: protecting sensitive data from unauthorized sharing or data exflitration.
SNMP traps
Simple Network Management Protocol traps: alerts sent by devices to monitor systems.
URL scanning
Uniform Resource Locator scanning: analysis of URLs for malicious content.
DMARC
Domain-based Message Authentication Reporting and Conformance: builds on SPF and DKIM, letting domain owners set policies for handling unauthenticated emails and receive compliance reports.
DKIM
DomainKeys Identified Mail: digitally signs outgoing emails, validated by receivers using a public key in DNS.
SPF
Sender Policy Framework: list of all servers authorized to send emails for a domain.
NAC
Network Access Controls: controls and restricts device access to a network based on policies.
EDR/XDR
Endpoint Detection and Response/Extended Detection and Response: advanced tools for detecting and responding to endpoint or network based threats.
SSO
Single Sign On: enables users to authenticate on several sites with one set of credentials.
LDAP
Lightweight Directory Access Protocol: protocol for reading and writing directories over an internet network.
OAuth
Open Authorization: an authorization framework that determines what resource a user will be able to access.
SAML
Security Assertions Markup Language: open standard for authentication and authorization, not originally designed for mobile.
RBAC
Role-based Access Control: a security model where access permissions are assigned based on user roles within an organization.
PDACERL (Incident Response Phases)
- Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Lessons Learned
AUP
Acceptable Use Policy: defines acceptable usage of company resources.
SDLC
Software Development Life Cycle: the development process involved to build a software application, security must be applied at every stage.
SLE
Single Loss Expectancy: cost of a single incident
ALE
Annualized Loss Expectancy: yearly cost of a risk, ARO x SLE
ARO
Annualized Rate of Occurrence: frequency of incidents per year.
RTO
Recovery Time Objective: time to restore services after an incident.
RPO
Recovery Point Objective: maximum tolerable data loss measured in time.
MTTR
Mean Time to Repair: average time requested to fix issue.
MTBF
Mean Time Between Failures: time between outages, e.g. total uptime, number of breakdowns
SLA
Service Level Agreement: minumum terms for services provided, e.g. uptime, response time agreement.
MOA
Memorandum of Agreement: documenting mutual obligations, usually a formal or legal document.
MOU
Memorandum of Understanding: outlining informal agreements, states common goals.
MSA
Master Service Agreement: legal contract and agreement of terms, governs long term relationships.
WO/SOW
Work Order/Statement of Work: specific list of items to be completed, specific project terms.
NDA
Non-disclosure Agreement: protecting shared sensitive information, confidentiality agreement.
BPA
Business Partners Agreement: guidelines for business partnerships, lists specific individuals and scope.
MFA
Multifactor Authentication: A security method requiring multiple forms of verification, such as something you know (password), have (token), or are (biometric).
