General Security Concepts Flashcards
CIA Triad
Confidentiality, Integrity, and Availability
DAD Triade
Disclosure, Alteration, and Destruction
AAA
Authentication, Authorization, Accounting/Auditing
MSSP
Managed Security Service Provider. Offers network security services to an organization. It’s third party that can alleviate the strain on IT teams, and saves the organization time to expand and support operations.
Saas
Software as a service. A cloud based software delivery model that allows users to access software applications over the internet. Ex: Dropbox, Google Workspace, and Salesforce.
Iaas
Infrastructure as a service. A type of cloud computing service that offers essential compute, storage, and networking resources on demand also a pay as you go basis.
Paas
Platform as a service. A complete development and deployment environment in the cloud, with resources that enable you to deliver everything from cloud based apps to sophisticated, cloud-enabled enterprise application.
Daas
Desktop as a service. Provides a fully virtualized desktop environment from within a cloud-based service. (Virtualized desktop Infrastructure)
AES
Advanced Encryption Standard. A specification for the encryption of electronic data, and was established by the National Institute of Standards and Technology (NIST) in 2001. Blocker cipher. It is Symmetric.
Diffie-Hellman
Key exchange between two parties usually between VPNs, over a public channel to establish a mutual secret without it being transmitted over the internet. It enables the two to use public key to encrypt and decrypt their conversations or data using symmetric cryptography.
RSA
One of the first public key cryptosystems and used for data transmission. Asymmetric algorithm.
DSA
Asymmetric cryptographic algorithm.
ECC
Asymmetric cryptographic algorithm
Blowfish
A variable length that is symmetric, a 64 bit block cipher. General purpose algorithm. It was made to be used to provide a fast, and free drop in alternative to the DES data encryption standard and international encryption algorithm. IDEA
RCA
A form of stream cipher. It encrypts messages one byte at a time from an algorithm. Also a symmetric algorithm.
Incremental Backup Approach
Used when the amount of data has to be protected is too extensive to do a complete backup of that data everyday. Only backing up changed data. Incremental backups save restore time and disk space.
SQL Injection
Cyberattack that injects malicious (sql) code into an application allow the attacker to view or modify a database. One of the web application most serious attacks.
Web Application
Software that runs your software.
FTK Imager
Can create perfect copies for forensic images of computer data without making changes to the original evidence.
Memdump
Used to collect content within the RAM on a given host.
Autopsy
Used to collect, open source forensic tool suite.
Zero Day Vulnerability
In a software unpatched by the developer on an attack that exploits such a vulnerability.
ADT
Advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. Intends to steal data rather than to cause damage to the network or organization.
Spear Fishing
Fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.
Worm
Malware computer program that replicates itself to spread to other computers. Usually, it uses a computer network to spread itself, relying on security failures on the target computer to access it.
Pharming
A type of social engineering attack that redirects a request for a website, typically an e-commerce site.
Spimming
A type of spam targeting users of instant messaging (IM) services, SMS, or privates messages within websites and social media.
Firewall
Computer network security system that restricts internet traffic within a private network. Three types: Hardware, software, and cloud.
Database Server
Networked computers dedicated to database storage and data retrieval from the database. Database server is a key component in a client/server computing environment.
Operating System (OS)
When loaded, the program into the computer by a boot program, manages all of the other application programs in a computer.
WEP (Wired Equivalent Privacy)
Oldest most common Wi-Fi security protocol.
WPA2 (WiFi protected access 2)
It is an encrypted security protocol that protects internet traffic on wireless networks. It catches flaws and offers more powerful encryption.
WPS (Wi-Fi protected setup)
A router with WPS can allow any device to automatically connect to your router when the WPS button is pressed.
SSID
Displays the name of your network in the available networks when nearby users try to connect their wireless devices.
Directory Traversal
Web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. May include application code and data, credentials for back-end systems, and sensitive operating system files.
XML Injection
An injection attack technique used to manipulate or compromise the logic of an XML application document. It usually occurs when user-supplies input is not properly escaped or sanitized before being added to a web applications XML documents.
Password Spraying
When an attacker uses common passwords to attempt to access several accounts on one ddomain.
PKI (Public Key Infrastructure)
A system of processes, technologies, and policies that allows you to encrypt and sign data.
HTTPS Protocol
Port 443. The internet engineering task force (IFTF) recognizes the TCP port number 443 as the default HTTPS protocol. It provides an encryption algorithm for exchanging information between web servers and browsers. It works by securing network traffic packets before the data transmission occurs.
Port Scan Targeting
Common technique hackers use to discover open doors or weak points in a weak point in a network. Helps cyber criminals if they are sending or receiving data. It can also show if firewalls are being used by an organization.
Denial of Service Attack (DoS)
Attack that is meant to shut down a machine or make it inaccessible to its intended users.
MAC address filtering
Allows you to block traffic from coming from certain known machine devices. Traffic coming in from a specified MAC address will be filtered depending on the policy.
WPA
Key password that you use to connect to a wireless network. You can get the WPA password from whoever runs the network.
WPA 2
Uses a dynamic key encryption, so it regularly changes the key to make it more difficult to crack.
Session Hijacking
The exploitation of the web session control mechanism.
Social Engineering Attack
Manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal/financial info. It also uses psychological manipulation to trick users.
Privilege Escalation
Cyber attack to gain unauthorized access into a system.
ARP Poisoning (Address Resolution Protocol)
A form of spoofing attack that hackers use to intercept data. A hacker usually does this by tricking one device into sending messages to the hacker instead of the original recipient.
Cross-site scripting (XSS)
An attack that an attacker injects malicious executable scripts into the code of a trusted application website. Usually attackers do this by sending a suspicious link hoping the user clicks on it.
On Path Attack
An aggressor that sits between two stations and can change data that is being sent across the organization. Can happen secretly.
Mission Essential Functions (MEFs)
The limited set of organizations functions that continue though or resume rapidly after a disturbance or regular operations. So important and crucial to planning..
Single point of Failure
Vulnerability that causes the whole system to fail.
Block Cipher
A method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm. It processes fixed-size blocks simultaneously. A stream cipher, which encrypts data one at a time.
Hashing algorithm
A mathematical function that garbles data and makes it unreadable. One way programs so the text cannot be decoded by anyone.
CRC (Cyclical Redundancy Check)
A method to ensure data has not been altered after being sent through a communication channel. (Error detection)
Stream Cipher
An encryption algorithm that uses symmetric key to encrypt and decrypt a given amount of data.
Wildcard Certificate
A temporary character that is used as substitutes for one or multiple characters. (Secure domain hosts)
Why would a company want to use a wildcard certificate for their servers?
To reduce the certificate management burden. This saves money and reduces the management burden of managing more than on subdomain and will secure all of them at once.
SSL
An older technology your applications or browsers used to create a secure encrypted communication channel over any network, but because this is older and has some flaws, TLS is used now.
TLS (Transport Layer Security
Security protocol designed to facilitate privacy and data security for communications over the internet. Mainly used for encrypting the communication between web applications and servers, like web browsers and loading a website. It also fixes existing SSL vulnerabilities.
Data at Rest
Data that isnt being used anymore accessed. (Store data)
Data in transit
Data that is currently being transferred between locations over a private network or the internet. Data is more vulnerable at this time. It can be intercepted and modified.
MTTR (Mean time to respond)
On average, time it takes to recover from a product or system failure from the time when are first alerted to the specific failure.
RPO (Recovery Point Objective)
A period of time in which enterprises operations must be restored following a disruptive event.
RTO (Recovery Time Object)
The maximum tolerable length of time that a computer, system, or network or application can be down after a failure or disaster occurs.
MTBF (Mean time between failures)
Average time between repairable failures of a technology product. It’s used to track availability and reliability of a product. It’s used to track the availability and reliability of a product. The higher the time there is between failures, the more reliable the system is.
LDAP (Lightweight directory access protocol)
Helps users fine data about organizations, people, and more. The two main goals are to store data in the LDAP directory and authenticate users in the directory. **It is not shared authentication protocols. (OpenID, OAuth, and Facebook connect are all shared authentication protocols.
IMAP (Internet Message Access Protocol) Protocol for accessing email or bulletin board messages from a (Possibly shared) mail service. It allows client E-mail program to access remote message stores as if they are local.
Protocol for accessing email or bulletin board messages from a (Possibly shared) mail service. It allows client E-mail program to access remote message stores as if they are local.
MySQL
Protects sensitive data access by way of encryption. Some are Asymmetric Public Key Encryption/Decryption.
Botnet
Network of private computers infected with malicious software and controlled as a group w/out knowledge to send spam.
Trojan
Type of malware that downloads onto a computer disguised as a legitimate program,
Ransomware
Malicious software designed to block access to a computer system until a sum of money is paid.
Rootkit
A set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
SYN Flood
A type of denial of service (DDoS)
Smurf Attack
DDoS attack in which an attacker attempts to flood a targeted server with internet control message protocol (ICMP) packets.
Ping Flood
A DDoS attack. A targeted device gets flooded which makes it inaccessible to normal traffic.
DAC (Discretionary Access Control)
A type of security access control that allows restriction of object access from an access policy determined by an objects owner group.
ABAC (Attribute based access control)
Authorization methodology that makes and enforces policies based on characteristics like, department, location, manager, and time of day.
TCP (Transmission control protocol)
Communications standard that enables application programs and computing devices to exchange messages over a network.
MECM (Microsoft Endpoint Configuration Manager)
Provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
DevSecOps (Deployment security and operations)
Automates the integration of security at every phase of the software development lifecycle.
Tokenization
Replaces a sensitive data element. No essential or exploitable value or meaning.
Hypervisors (VMM/Virtual machine monitor)
Software that creates and runs machines. Allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.
Spoofing
Used to inject the attacker into the conversation path between the two parties. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
Brute Force Attack
An attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.
Cain and Abel
A windows based password cracking tool that is effective against Microsoft operating systems. Hackers with this tool can recover the passwords from their target machines.
Nessus
Platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems and cloud services and other network resources.
Familiarity
Social engineering technique that relies on assuming a known organizations persona.
RSA
Public key cryptography widely used for data encryption of e-mail and other digital transactions over the internet.
3DES (Triple Encryption Standard)
Cryptography where block cipher algorithms are applied three times to each data block.
SAH-256 (Secure Hash Algorithm)
Widely used cryptographic algorithm that produces a fixed length. It’s to create a unique digital fingerprint of a piece of data like a message or file.
1701 Port Used for L2TP (Layer Two Tunneling Protocol)
An extension of the point to point Tunneling Protocol. Usually used with IPSec to establish a Virtual Private Network (VPN).
3389 Port
Allows users to connect remote computers. (RDP) Remote Desktop Protocol.
88 Port
Standard port for kerberos authentication. Outbound connections from your storage system.
389 Port
Used for (LDAP) directory, replication, user and computer authentication, group policy and trusts.
Deterrent
May not control or may not physically or logically prevent access.
BYOD (Bring your own device)
People an bring their own devices to the corporate network, and their devices may contain vulnerabilities that could be allowed to roam free on a corporate network.
COPE (Company owned/personally enabled)
Company that provides the users with a smartphone primarily for work use, but functions like voice calls, messaging and personal applications are allowed, with some controls on usage and flexibility.
CYOD
User can choose which device they wish to use from a small selection of devices approved by the company.
MDM (Mobile Device Management)
Gives centralized cover COPE.
Zero-Day-Attack
Attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.
Passive Gathering
Gathers open-source or publicly available information without the organization under investigation being aware that the information is being accessed.
Active Information Gathering
Starts to probe the organizations using DNS Enumeration, port scanning, OS fingerprinting techniques.
Vulnerability Assessments
Form of active information gathering.
Information Reporting
Occurs after the penetration test is complete and involved writing a final report with the results, vulnerabilities, and lessons learned during the assessment.
Information Reporting
Occurs after the penetration test is complete and involved writing a final report with the results, vulnerabilities, lessons learned during the assessment.
Reverse Proxy
Used for directing traffic to internal services if the contents of the traffic comply with policy.
MD-5
Creates a 128-bit fixed output
SHA-1
Creates a 160 bit fixed output
SHA-2
Creates a 256 bit fixed output
RIPEMD
Creates a 160 bit fixed output
SSO (Single sign on)
Authentication process that allows users multiple applications with one set of login credentials.
Permission Propagation
Technician sets permissions on a folder on a drive, and the folder under that folder properties apply those permissions to all of the folder under that folder tree.
RADIUS (Remote Authentication In User Service)
A networking protocol that authorizes and authenticates users with remote networks.
Kerberos
System or router that provides a gateway between users and the internet. Helps prevent cyber attacks from entering a private network. Uses a system of tickets to allow nodes to communicate over a non-secure network and securely prove their identity. A protocol.
PCI-DSS (Payment Card Industry Data Security Standard)
Applies to companies of any size that accept credit card payments. If your company intends to accept credit card payment and store process, and transit cardholder data, you need to securely host your data and follow PCI compliance requirements.
GDPR (The General Data Protection Plan)
Creates provisions and requirements protect the personal data European Union.
PII (Personally Identifiable Information)
Used to identify, contact, or locate and individual
PHI (Protected Health Information)
Refers to medical and insurance records, and associated hospital and lab test results.
Defense in Depth
Layering various network appliances and configurations to create more secure and defensible architecture.
Network Segmentation
Dividing networks
Load Balancer
Used to distribute network or application traffic across servers.
ISA (Interconnection Security Agreement)
Used by any federal agency interconnecting its IT system to a third party.
SLA (Service Level Agreement)
Contractual agreement that sets out the detailed terms under which service is provided.
DSUA (Data Sharing and Use Agreement)
Specify how a database can be analyzed and proscribe the use of re-identification techniques.
UTM (Unified Threat Management)
Multiple Security features or services are combined into a single device for your network.
White Team
Acts and judges, enforces rules, observes, and scores. Resolves issues.
Purple Team
Gets both teams to come together and work together.
Diamond Model of Intrusion Analysis
A great methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly. Made around graphical representation of an attacker’s behavior.
MITRE ATTACK Framework
Gives explicit psuedo-code examples for detecting mitigating a given threat within a network and ties specific behaviors back to individual actors.
Lockheed Martin Cyber Kill Chain
Provides a general life cycle description of how attacks occur but does not deal with the specific of how to mitigate them,
OPEN IOC
Depth of research on APTs but does not integrate that detection and mitigation strategy.
Zombie
Computer connected to the internet that has been compromised by a hacker, computer virus, or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction.
Bugs
Error, flaw, or fault in an application. Causes the application to produce an unintended or unexpected result, such as crashing or producing invalid results.
APT (Advanced Threat Protection)
Security solutions to defend sensitive data against complex cyber attacks, like malware, phishing campaigns.
Lesson learned report
When detailed information on when an incident was detected, how impactful the incident was, how it was remediated, the effectiveness of the incident response and identified gaps that may require improvement.
Rapid elasticity
Used to describe the scalable provisioning or capability to provide scalable cloud computing services. Very critical to meet the fluctuating demands of cloud users. But it can cause significant loading of the system due to high resources number.
Metered Services
Pre paid or pay per use
Aircracking-ng
A complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks. Includes packet capture and export of the data collected as a text file or pcap file.
GPO (Group Policy Object)
A collection of group policy settings that defines what a system will look and how it will behave for a defined group of users. Primary administration tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization.
John the Ripper
A password cracking software tool.
Port 25
Default port for SMTP (Simple message transfer protocol). If port 25 is open, because a Nmap scan of a server found it, the risk would be open mail relay.
Account management policy
Should contain the requirements for removing a user’s access when an employee is terminated.
Zero Day Vulnerability
Refers to a hole in software unknown to the vendor and newly discovered, it can be exploited by hackers before the vendor becomes aware of it and can fix it.
Input Validation Attack
Any malicious action against a computer system that involves manually entering strange information into a normal user input field that is successful due to an input validation flaw.
Port 25
Default port SMTP (Simple Message Transfer Protocol) used for sending an email.
HTTP (Header injection Vulnerability)
Occur when user input is insecurely included within server response headers.
Time-To-Check Time-Of-Use
A class software bug caused by changes in a system between checking a condition like a security credential, and using the checks results and the difference in time passed.
Port 23
Used by telnet and is not considered secure because it sends all of its data in cleartext, including authentication data like usernames and passwords.
TPM (Trusted Platform Module)
A hardware based cryptographic processing component that is part of the motherboard.
PAM (Pluggable authentication module)
A device that looks like a USB thumb drive and is used as a software key in cryptography.
FDE (Full Disk Encryption)
Can be hardware or software-based.
AES (Advanced Encryption System)
Cryptographic algorithm. It is also symmetric.
NAC (Network Access control)
An approach to computer security that attempts to unify endpoint security technology, the user or the system authentication, and network security enforcement. Restricts data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs.
UTM (Unified Threat Management)
Provides multiple security features in a single device or network appliance.
Banner Grabbing
Conducted by actively connecting to the server using telnet or netcat and collecting the web servers response. This banner usually contains the servers operating system and the version number of the service (SSH) being run.
IPsec
The most secure protocol that works with VPNs.
Integer Overflow
Occurs when an arithmetic operation results in a large number to be stored in the space in the space allocated for it. Integers are stored in 32 bits on the X86 architecture.
Non-repudiation
Occurs when a sender cannot claim they didn’t send an email when they did.
Unknown Environmental Penetration Testing
Requires no previous information that usually takes the approach of an uninformed attacker.
Threat Hunting
The utilization of insights gained from threat research and threat modeling to proactively discover evidence of an adversarial TTP within a network or system.
Penetration Test
Verifies that a threat exists, actively tests, and bypasses security controls, and finally exploits vulnerabilities on the system.
Buffer Overflow Attack
Is an anomaly that occurs when a program overruns the buffers boundary and overwrites adjacent memory locations while writing data to the buffer.
Cross-site Scripting (XXS)
Are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. They occur when the attacker uses a web application to send malicious code, usually in a browser side script, to a different end user.
SQL Injection
A code injection technique used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution, like dumping the database contents to the attacker.
Netstat
Command use to display active TCP connections ports on which the computer is listening, Ethernet statistics, the IP routing table, on a windows machine. It’s useful when determining if any malware has been installed on the system and maybe maintaining a remote connection with a command and control server.
Ipconfig
Tool that displays all the current TCP/IP network configuration values on a given system.
Ping
Command is used to test a host’s reachability on an internet Protocol network.
Net Use
Command use to connect to, remove, and configure connections to shared resources such as mapped drives and network printers.
Machine Learning (ML)
A type that would classify as malicious.
Deep learning System
Can determine what is malicious traffic without having prior benefit of being told what is benign/malicious.
Generative Adversarial network
An underlying strategy used to accomplish deep learning but is not specific to the scenario described.
PII
Personally Identifiable Information
FISMA (Federal Information Security Management ACT)
A United States federal law that defines a comprehensive framework to protect government information, operates, and assets against natural or human made threats.
COPPA (Childrens Online Privacy Protection ACT)
A United States federal law that imposes certain requirements on operators of websites or online services directed to children under 113 years of age and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years.
SOX (Sarbanes Okley)
A United States federal law that sets ner or expanded requirements for all U.S. public company boards, management, and public accounting firms.
False Positive
Occurs when an alert is triggered. (The system believes malicious activity occured) when there is no malicious activity involved. Error in some evaluation process in which a condition tested for is mistakenly found to have been detected.
Biometric Authentication
Crossover error rate (overall accuracy)
Syslog
Server that is centralized log management solution. All of the logs are retained on the Syslog server all of the network devices and servers.
Firewall Logs
Would help determine why the network connectivity between host and destination may have been disrupted.
NIDS (Network Intrusion Detection System)
Used to detect hacking activities, denial of service attacks, and port scans on a computer network.
IDS (Intrusion Detection System)
A device or software application that monitors a network or system for malicious activity or policy violations.
TPM (Trusted Platform Module)
Hardware based cryptographic processing component that is part of the motherboard.
PAM (Pluggable Authentication Module)
A device that looks like a USB thumb drive and is used as a software key in cryptography.
FDE (Full Disk Encryption)
Can be hardware or software based.
Rouge anti-virus
Form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware to the computer. “scareware” that manipulates users through fear and a form of ransomware.
Data Correlation
Is the first step in making sense of data from across numerous sensors. It ensures data is place concerning other pieces of data within the system. Should be performed as soon as the SIEM indexes the data.
Polymorphic Virus
Malware that changes its binary pattern in its code on specific dates or times to avoid detection by antimalware software.
Data Protection Officer
Ensures that their organization processes the personal data of its staff, customers, providers, or any other individuals in compliance with the applicable data protection rules.
SPI (Sensitive Personal Information)
Information about a subjects opinions, beliefs, and nature afforded specifically protected status by privacy legislation.
TLS (Transport Layer Security)
Is used to secure web connections over port 443.
SAML (Security Assertions Markup Language)
An XML based framework for exchanging security related information such as user authentication, entitlement and attributes. Often used in conjunction with SOAP. A solution for providing single sign on (SSO) a federated identity management.
IdP (Identity Provider)
Requests a resource from when conducting a SAML transaction.
Load balancer
Allows for high availability to serve increased demand by splitting the workload across multiple servers.
RAID
High availability technology that allows for multiple hard disks to act logically as one to handle more through, but will not solve the higher demand on the servers limited processing power as a load balancer would.
VPN Concentrator
A networking device that provides the secure creation of VPN connections and the delivery of messages between VPN nodes.
DLP
Data loss prevention, focused on ensuring that intellectual property theft does not occur.
Iris Scan
Rely on the matching of patterns on the surface of the eye using near-infrared imaging. Most likely to used for high-volume applications such as airport security. Can be fooled by a high-resolution photo of someone’s eye.
BCP (Business continuity plan)
The systems or operations listed in a BCP are the most critical systems in a large organization.
TPM Chip
Secure chip is a secure cryptoprocessor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software cannot tamper with the security functions of it.
Hardening
The process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions in a principle, a single-function system is more secure than a multi-purpose one.
Harvesting
Process of gathering data, normally user credentials
Race Conditions
Occur when the outcome from one execution process is directly dependent on the order and timing of certain events. Software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events.
Sensitive Data Exposure
Fault that allows privileged information (token, password, PII) to be read without being subject to the proper access controls
Broken Authentication
Refers to an app that fails to deny access to malicious actors. Dereferencing attempts to access a pointer that references an object at a particular memory location,
VM Data Remnant
The residual representation of digital data that remains even after attempts have been made to remove or erase it.
VM Virtualization Sprawl
A phenomenon that occurs when the number of virtual machines on a network reaches a point when the administrator can no longer manage them effectively.
Virtual Machine Migration
The task of moving a virtual machine from one physical hardware environment to another
Cognitive Password
Form of knowledge based authentication that requires a user to answer a question, presumably something they instinctively know, to verify their identity.
Social Engineering
Refers to the psychological manipulation of people into performing actions or divulging confidential information.
TACACS (Terminal Access Controller Access Control System)
Developed as a proprietary protocol by cisco.
Kerberos (Remote Authentication Dial-in User Service)
A networking protocol that operates on port 1812 and provides centralized Authentication, authorization, and authentication for client/server applications using secret-key cryptography developed by MIT
CHAP (Challenge Handshake Authentication Protocol)
Used to authenticate a user or network host to an authenticating entity. It is an authentication protocol but does not provide authorization or accounting services.
IDOR (Insecure Direct Object References)
Cyber security issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks.
Weak or default configurations
Commonly a result of incomplete, open cloud storage, misconfigured HTTP headers, unnecessary HTTP methods, permissive cross-origin resource sharing (CORS) and verbose error methods containing sensitive information.
Improper handling of errors
Can reveal detailed information that can provide hackers important clues on the system’s potential flaws.
Scarcity
Used to create a fear in a person of missing out on special deal or offer. This technique is used in advertising all the time, such as “supplies are limited” “only available for the next 4 hours” and other artificial limitations being used.
Familiarity
Social Engineering technique that relies on assuming a widely known organizations persona.
SSL Certificates (Secure Sockets Layer)
A security protocol developed by netscape to provide privacy and authentication over the internet. Independent application that works at layer 5 and can be used with a variety of protocols like (HTTP or FTP).
WPA2
Security key is a pre-shared password used to authenticate and connect to a wireless access point.
VLAN
Segment out network traffic to various parts of the network and stop someone from the open wireless network from logging to the HVAC controls.
Chain of Custody
Forms a list of every person who has worked with or who has touched the evidence that is a part of an investigation. They record every action taken by individual in possession of the evidence.
Legal Hold
A process that an organization uses to preserve all forms of potentially relevant information when litigation is pending or reasonably anticipated.
A right to audit
A clause in contract or service agreement that allows a company the authority to audit the systems and information.
Order of volatility
Refers to the order in which you should collect evidence
IDS (Intrusion Detection System)
A device or software application that monitors a network or system for malicious activity or policy violations.
IPS (Intrusion Prevention System)
Conducts the same functions as an IDS but can also block or take actions against malicious events.
Proxy Server
A server that acts as an intermediary between a client requesting a resource and the server that provides that resource. It can be used to filter content and websites from reaching a user.
Nslookup
Command used to query the Domain Name System to obtain the mapping between a domain name and an IP address or to view other DNS records.
Set Type=ns
Tells nslookup only reports information on name servers.
Set Type=ns
You would recieve information only about mail exchange servers.
802.1x
Standard network authentication protocol that opens ports for access to the network. It defines port security.
War Walking
Conducted by walking around a build while locating wireless networks and devices. It will not help a wired rogue device.
Spear Phishing
Fraudulent practice of sending emails from a seemingly known or trusted sender to induce targeted individuals to reveal confidential information.
Tracert (trace route)
Diagnostic utility determines the route to a destination by sending internet control message protocol (ICMP) echo packets to the destination.
Nbtstat
Command diagnostic tool for NetBIOS over TCP/IP used to trouble shoots NetBIOS name resolution problems.
SOW (The statement of Work)
A formal document stating what will and will not be performed during a penetration test. It also contains the assessments size and scope and a list of the assessments objectives.
MSA (Master Service Agreement)
A contract reached between parties, in which parties agree to most of the terms that will govern future transactions or future agreements. It’s used when a pentester will be on a retainer for multi-year contract, and an individual SOW will be issues for each assessment to define the individual scopes for each one
SLA (A Service Level Agreement)
Contract that outlines that detailed terms under which a service is provided, including reasons the contract may be terminated.
Adversary
The red team acts as the adversary, attempting to penetrate the network or exploit it as a rogue internal attacker. The red team might select members of in house security staff, a third party company, or a consultant contracted to perform the role.
Blue Team
Consists of system administrators, cybersecurity analyst and network defenders.
Malicious Process
Any process running on a system that is outside the norm. This is a host based indicator of compromise (IOC) and not directly associated with an account based IOC.
Off-hours usage
Unauthorized sessions, and failed logins are all account -based examples of an IOC. Occurs when an account is observed to log in during periods outside of normal business hours. An attacker usually uses this to avoid detection during business hours.
Unauthorized sessions
Usually occurs when a device or service is accessed without authorization.
Nessus
A proprietary vulnerability scanner developed by Tenable. It doesn’t contain the ability to conduct a port scan, it’s primary role is as a vulnerability scanner, and it is not an open-source tool.
DD
Tool is used to copy files, disks, and partitions and it can also be used to create forensic disk images.
Nmap
The worlds most popular open-source port scanning utility.
Service.msc
Allows an analyst to disable or enable Window services.
Continuous Deployment
Software development method in which app and platform updates are committed to production rapidly.
Continuous Delivery
A software development method in which app and platform updates are committed to production rapidly.
Continuous Deployment
A software development method in which app and platform updates are committed to production rapidly.
Continuous Delivery
Software development method in which app and platform requirements are frequently tested and validated for immediate availability.
Continuous Integration
Software development method in which code updates are tested and committed to development or build server/code repositories rapidly.
Continuous Monitoring
Technique of constantly evaluating an environment for changed so that new risks may be more quickly detected and business operations improved upon
