Glossary J-K-L-M

Question 1

jamming

Answer 1

An attack in which radio waves disrupt 802.11 wireless signals.

Question 2

job rotation

Answer 2

The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person’s duties.

Question 3

jump server

Answer 3

A hardened server that provides access to other hosts. Also known as jumpbox.

Question 4

Kerberos

Answer 4

A single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

Question 5

keylogger

Answer 5

Malicious software or hardware that can record user keystrokes.

Question 6

kill chain

Answer 6

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.

Question 7

L2TP (Layer 2 Tunneling Protocol)

Answer 7

VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.

Question 8

lateral movement

Answer 8

The process by which an attacker is able to move from one part of a computing environment to another.

Question 9

LDAP (Lightweight Directory Access Protocol)

Answer 9

A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

Question 10

LDAP injection

Answer 10

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input.

Question 11

LDAPS (Lightweight Directory Access Protocol Secure)

Answer 11

A method of implementing LDAP using SSL/TLS encryption.

Question 12

LEAP (Lightweight Extensible Authentication Protocol)

Answer 12

Cisco Systems’ proprietary EAP implementation.

Question 13

least privilege

Answer 13

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Question 14

lightweight cryptography

Answer 14

Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.

Question 15

LLR (lessons learned report)

Answer 15

An analysis of events that can provide insight into how to improve response processes in the future. Also known as after action report or AAR.

Question 16

load balancer

Answer 16

A type of switch or router that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.

Question 17

logger command

Answer 17

Linux utility that writes data to the system log

Question 18

logic bomb

Answer 18

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Question 19

loop protection

Answer 19

If broadcast traffic is allowed to continually loop around a network, the number of broadcast packets increases exponentially, crashing the network. Loop protection in switches (such as Spanning Tree Protocol), and in routers (Time To Live for instance) is designed to prevent this.

Question 20

MaaS (monitoring as a service)

Answer 20

Cloud service providing ongoing security and availability monitoring of on-premises and/or cloud-based hosts and services.

Question 21

MAC (Mandatory Access Control)

Answer 21

Access control model where resources are protected by inflexible, system defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Question 22

MAC (Message Authentication Code)

Answer 22

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

Question 23

MAC cloning (Media Access Control cloning)

Answer 23

An attack in which an attacker falsifies the factory-assigned MAC address of a device’s network interface. Also known as MAC spoofing.

Question 24

MAC filtering (Media Access Control filtering)

Answer 24

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

Question 25

MAC flooding

Answer 25

A variation of an ARP poisoning attack where a switch’s cache table is inundated with frames from random source MAC addresses.

Question 26

MAM (mobile application management)

Answer 26

Enterprise management function that enables control over apps and storage for mobile devices and other endpoints.

Question 27

managerial control

Answer 27

A category of security control that gives oversight of the information system.

Question 28

mandatory vacations

Answer 28

The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.

Question 29

maneuver

Answer 29

In threat hunting, the concept that threat actor and defender may use deception or counterattacking strategies to gain positional advantage.

Question 30

mantrap (access control vestibule)

Answer 30

A secure entry system with two gateways, only one of which is open at any one time.

Question 31

MD5 (Message Digest Algorithm v5)

Answer 31

A cryptographic hash function producing a 128-bit output.

Question 32

MDM (mobile device management)

Answer 32

The process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.

Question 33

measured boot

Answer 33

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

Question 34

MEF (mission essential function)

Answer 34

A business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

Question 35

memdump command

Answer 35

Linux utility developed as part of the Coroner’s Toolkit to dump system memory data to a file.

Question 36

memory leak

Answer 36

A software vulnerability that can occur when software does not release allocated memory when it is done using it, potentially leading to system instability.

Question 37

metadata

Answer 37

Information stored or recorded as a property of an object, state of a system, or transaction.

Question 38

MFA (multifactor authentication)

Answer 38

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Question 39

microservices

Answer 39

A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.

Question 40

mirroring

Answer 40

A type of RAID that using two hard disks, providing the simplest way of protecting a single disk against failure. Data is written to both disks and can be read from either disk.

Question 41

MitB attack (Man-in-the-Browser attack)

Answer 41

An attack when the web browser is compromised by installing malicious plug-ins or scripts, or intercepting API calls between the browser process and DLLs.

Question 42

MitM attack (Man-in-the-Middle attack)

Answer 42

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Question 43

MMS (multimedia messaging service)

Answer 43

Extension to SMS allowing digital data (picture, video, or audio) to be sent over a cellular data connection.

Question 44

mode of operation

Answer 44

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Question 45

MoU (memorandum of understanding)

Answer 45

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

Question 46

MPLS (Multiprotocol Label Switching)

Answer 46

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service, and Quality of Service within a packet switched, rather than circuit switched, network.

Question 47

MSA (measurement systems analysis)

Answer 47

Evaluates the data collection and statistical methods used by a quality management process to ensure they are robust.

Question 48

MSSP (managed security service provider)

Answer 48

Third-party provision of security configuration and monitoring as an outsourced service.

Question 49

MTBF (mean time between failures)

Answer 49

The rating on a device or component that predicts the expected time between failures.

Question 50

MTD (maximum tolerable downtime)

Answer 50

The longest period of time a business can be inoperable without causing irrevocable business failure.

Question 51

MTTF (mean time to failure)

Answer 51

The average time a device or component is expected to be in operation.

Question 52

MTTR (mean time to repair/replace/recover)

Answer 52

The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Question 53

multi-cloud

Answer 53

A cloud deployment model where the cloud consumer uses multiple public cloud services.

Question 54

multipath

Answer 54

Overprovisioning controllers and cabling so that a host has failover connections to storage media.