General Flashcards
F5 ASM
- define it
- provide function
Definition:
Application Security Manager is a flexible web application firewall
Function:
Secures web apps in traditional, virtual and private cloud environments.
Helps secure apps against unknown vulnerabilities, DNS poisoning and DDoS attacks.
Summary - filters and monitors by using policies to determine which traffic is malicious and which is safe
Pipeline (Azure)
- define it
- provide function
Definition:
Azure Pipelines is a fully featured continuous integration (CI) and continuous delivery (CD) service.
Function:
It works with your preferred Git provider and can deploy to most major cloud services, which include Azure services.
McAfee MVISION
- define it
- provide function
Definition:
McAfee MVISION Cloud (formerly Skyhigh Networks) protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It’s cloud-native data security.
Function:
Protects data and stops threats across devices, networks, clouds (IaaS, PaaS, and SaaS), and on-premises environments.
CASB
- define it
- provide function
Definition:
A cloud access security broker (CASB) is a software tool or service that sits between an organization’s on-premises infrastructure and a cloud provider’s infrastructure.
Function:
A CASB acts as a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure.
Summary - tool that acts as gatekeeper between cloud and on-prem
Logging
- define it
- provide function
Definition:
In computing, a log file is a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software.
Function:
Logging is the act of keeping a log.
Hardened images
Hardened images are virtual machine images that have been hardened, or configured, to be more resilient to cyber attacks. These images are available in the Azure Marketplace and can be used by Azure customers to create new, securely configured virtual machines.
ISO27001
- define it
- provide function
Definition:
ISO27001 is a specification for an information security management system (ISMS)
Function:
As the leading international standard and certification for information security, ISO 27001 covers 75-80% of GDPR. This makes it the ideal choice of a framework to support GDPR compliance. The connection between GDPR and ISO 27001 is around personal data
RTO & RPO
- define
RTO is concerned with applications and systems. The measurement includes data recovery but primarily describes time limitations on application downtime. RPO is concerned with the amount of data that is lost following a failure event.
F5 Load Balancer
- define it
- provide function
Definition:
A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers.
Function:
Load balancers are used to increase capacity (concurrent users) and reliability of applications.
IP
- define it
- provide function
Definition:
Part of a longer abbreviation — TCP/IP. That stands for Transmission Control Protocol/Internet Protocol. IP stands for ‘Internet Protocol.
Function:
An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: host or network interface identification and location addressing.
Azure Activity Log
Definition:
The Azure Activity Log is a subscription log.
Function:
Provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events
DC
Definition:
A domain controller (DC) is a server that responds to security authentication requests within a Windows Server domain.
Function:
It is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources
Summary - authentication server within Windows Server domain
DNS
Definition:
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses.
Function:
DNS translates domain names to IP addresses so browsers can load Internet resources.
VIP
Definition:
A virtual IP address (VIP or VIPA) is an IP address that doesn’t correspond to an actual physical network interface.
Functions:
Uses for VIPs include network address translation (especially, one-to-many NAT), fault-tolerance, and mobility.
WAF
Definition:
Azure Web Application Firewall is a cloud-native service.
Function:
Protects your web applications from bot attacks and common web vulnerabilities such as SQL injection and cross-site scripting. … This setting ensures that the Azure DDoS Protection service also protects the application gateway virtual IP (VIP).
Logstash
Definition:
Logstash is a free and open server-side data processing pipeline
Function:
Ingests data from a multitude of sources, transforms it, and then sends it to your favorite “stash.”
Elasticsearch vs Logstash vs Kibana (ELK Stack)
Elasticsearch is a search and analytics engine.
Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch.
Kibana lets users visualize data with charts and graphs in Elasticsearch.
Azure Event Hubs
Definition:
Azure Event Hubs is a big data streaming platform and event ingestion service.
Function:
It can receive and process millions of events per second. Data sent to an event hub can be transformed and stored by using any real-time analytics provider or batching/storage adapters.
Summary - used to process and then send data to multiple location for storage or analysis
SaaS
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring and office tools (such as Microsoft Office 365).
PaaS
Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.
IaaS
Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet.
IaC
Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet. It’s one of the four types of cloud services, along with software as a service (SaaS), platform as a service (PaaS), and serverless.
Azure DevOps
Azure DevOps is a Software as a service (SaaS) platform from Microsoft that provides an end-to-end DevOps toolchain for developing and deploying software. It also integrates with most leading tools on the market and is a great option for orchestrating a DevOps toolchain.
Summary - SaaS for developing and deploying software
Azure Tenant vs Subscription
Subscription = billing Tenant = might be one or more per sub. Is the org that owns and manages a specific instance of MS cloud services
What is RBAC?
Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them.
Summary - adds layer on top of network access on a per user basis
What is AKS?
Azure Kubernetes Service (AKS) is a managed container orchestration service, based on the open source Kubernetes system, which is available on the Microsoft Azure public cloud. An organization can use AKS to deploy, scale and manage Docker containers and container-based applications across a cluster of container hosts
AKS - used to deploy and manage Docker containers
What is telemetry?
Telemetry is the collection of measurements or other data at remote points and their automatic transmission to receiving equipment for monitoring. The word is derived from the Greek roots tele, “remote”, and metron, “measure”
Summary - collection of data and then transmission to monitoring services
What is an OU in AD?
An organizational unit (OU) is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units. You can create organizational units to mirror your organization’s functional or business structure.
What is NTP?
NTP stands for Network Time Protocol, and it is an Internet protocol used to synchronize the clocks of computers to some time reference.
What is a DMZ?
In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet.
What is SCIM?
System for Cross-domain Identity Management is a standard for automating the exchange of user identity information between identity domains, or IT systems.
What is a NIC?
Network Interface Control
NIC allows both wired and wireless communications (be it local (LAN) or over internet (IP)
What is DNS Forwarding?
The DNS forwarder(s) tell the DNS service where to send queries if it doesn’t “know” the answer
PIM
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services like Office 365 or Microsoft Intune.
Shift left Security
In the parlance of DevOps and security, a shift left simply means that security is built into the process and designed into the application at an earlier stage of the development cycle.
Managed identity vs service principal
So an managed identity (MSI) is basically a service principal without the hassle. When you set up a functions app, you can turn on the option for an MSI. … This managed identity is linked to your functions app, and can be used to authenticate to other Azure resources, just like a normal service principal.
Self-signed cert
In cryptography and computer security, a self-signed certificate is a certificate that is not signed by a certificate authority (CA). These certificates are easy to make and do not cost money. However, they do not provide all of the security properties that certificates signed by a CA aim to provide.
Man-in-the-middle attack
Is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems. A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
Problem with using self signed cert
Man-in-the-middle attack
Drives away potential clients for fear that website does not secure creds
LDAP
LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X. 500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.
Azure Locks
Resource Manager Locks provide a way for administrators to lock down Azure resources to prevent deletion or changing of a resource. These locks sit outside of the Role Based Access Controls (RBAC) hierarchy and when applied will place the restriction on the resource for all users.
Service principal
An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. Think of it as a ‘user identity’ (login and password or certificate) with a specific role, and tightly controlled permissions to access your resources.
SSL
Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook)
Largely deprecated
TLS
Transport Layer Security is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet.
Padlock when secure session is established
SSL vs TLS
SSL and TLS are cryptographic protocols that authenticate data transfer between servers, systems, applications and users.
TLS is newer version. Technical differences are… technical (handshake process, alert messages, cipher suites, record protocol, message auth)
Azure Postgres
Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. It’s a fully managed database-as-a-service offering that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability.
Azure Conditional Access
The modern security perimeter now extends beyond an organization’s network to include user and device identity. Organizations can utilize these identity signals as part of their access control decisions.
Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. Conditional Access is at the heart of the new identity driven control plane.
Checksum
A checksum is a small-sized datum derived from a block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage.
SPI (Security)
The Security Parameter Index (SPI) is an identifier used to uniquely identify both manually and dynamically established IPSec Security Associations.
Azure Automation
Azure Automation is a new service in Azure that allows you to automate your Azure management tasks and to orchestrate actions across external systems from right within Azure.
In Automation they are a container for all your runbook, runbook executions (jobs), and the assets that your runbooks depend on
Azure Private Links
Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services. It simplifies the network architecture and secures the connection between endpoints in Azure by eliminating data exposure to the public internet.
statsD
Monitoring/Logging tool
A set of tools that can be used to send, collect, and aggregate custom metrics from any application.
What’s the difference between bandwidth and internet speed?
Internet speed is how fast your internet connection is. It can vary from moment to moment, depending on network traffic and other factors. Bandwidth is the maximum speed your internet connection is capable of. This doesn’t change unless you change your internet plan.
What’s a good latency for internet?
Browsing <100ms
Gaming <50ms
Mock API
mock API server imitates a real API server by providing realistic responses to requests
Pen testing
Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.
Blue-Green deployments
Blue-Green deployment is a software rollout method that can reduce the impact of interruptions caused due to issues in the new version being deployed
NTE
Network Termination Equipment - device connecting customer to carrier line.
