glossary of key terms Flashcards
The maintenance and verification of a desired level of
quality of software, a product, or service.
quality assurance (QA)
Policies that define the rules restricting how a computer, network, or other system may be used.
acceptable use policies
A list of permissions attached to an object specifying what level of access a user, users, or groups have to that object. When you’re
dealing with firewalls a set of rules that apply to a list of network
names, IP addresses, and port numbers
access control list (ACL)
A collection of policies to determine the level of access
that a subject (user or system) has on a resource (the system, application, or data
to be protected). There are four major types
access control model / Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC).
In digital forensics, the process of collecting specific data related to
an attack, intrusion, or investigation, which can include computer media and other
devices that store electronic data.
acquisition
A Microsoft directory service that authenticates and authorizes
users and computers.
Active Directory
An attacker’s method that is carried out on a target mostly
by using network and vulnerability scanners.
active reconnaissance
Assessment that measures risk by using exact monetary values. It attempts to give an expected yearly loss in dollars for any given risk.
It also defines asset values to servers, routers, and other network equipment.
quantitative risk assessment
A load-balancing scenario in which each device performs work
simultaneously, thus sharing the load.
active/active
A load-balancing scenario in which one device actively performs
work while the other works in a standby mode.
active/passive
A programming method involving
random arrangement of different address spaces used by a program (or process). It
helps prevent the exploitation of buffer overflows, remote code execution, and memory corruption vulnerabilities. It also can aid in protecting mobile devices (and other
systems) from exploits caused by memory-management problems
address space layout randomization (ASLR)
Accounts on a system with higher-level privileges. They
are similar to root accounts on a Linux system.
administrator accounts
A sophisticated attack that can remain undetected for a long time. Also, a government (state actor) attack is often also referred
to
advanced persistent threat (APT)
The tactics, techniques,
and procedures used by attackers to compromise a system or a network.
adversary tactics, techniques, and procedures (TTPs)
A concept that refers to the gap or lack of connection between a computer
and other networks. Because the computer isn’t directly connected to the network, it
can’t be attacked through the network
air gap
A list of allowed applications or functions that are accessible to a specific
resource, such as another application, a system, or a user. The list is inclusive; if the
application is not listed, access is denied
allow list
A VPN client that immediately and automatically establishes a
VPN connection when an Internet connection is made.
always-on VPN
The total expected loss in dollars per year due
to a specific incident.
annualized loss expectancy (ALE)
The number of times per year that a
specific incident occurs.
annualized rate of occurrence (ARO)
A method of obfuscating data such that the data can be used for
legitimate purposes while not exposing the identity of the data owner.
anonymization
Software that protects against infections caused by many types of
malware, including all types of viruses, as well as rootkits, ransomware, and spyware.
antimalware
A computer program used to prevent, detect, and remove
malware.
antivirus software
Cloud-based services that don’t fall into SaaS, PaaS,
or IaaS. For example, when a large service provider integrates its security services
into the company/customer’s existing infrastructure, it is often referred to as Security as a service (SECaaS).
anything as a service (XaaS)
A capability available in all cloud computing
environments. It allows for better automation of workflow deployment. These integrations typically need to be enabled in the environment to utilize them.
API inspection and integration
An index of approved software applications or executable files that are permitted to be present and active on a computer system.
application approved list
An index or list of undesirable or unauthorized
programs used to prevent their execution.
application block list/deny list
Attacks that target the resources of Layer 7 applications and often leverage known vulnerabilities against specific software.
application DDoS attacks
A programmatic framework that
enables other systems to interact with an application; however, lack of adequate
controls and monitoring make effective security testing of _____ difficult to
automate, which makes them vulnerable targets.
application programming interface (API)
A process to adequately and securely deploy an application on-premises or in the cloud.
application provisioning
Devices used to assess application-specific vulnerabilities
and operate at the upper layers of the OSI model.
application scanners
When an attacker manipulates the ARP cache on a host to
redirect traffic and perform an on-path attack.
ARP cache poisoning
Remnants of an intrusion that can be identified on a host or network
artifacts
A policy for onboarding and offboarding devices; it specifies
how they are registered and activated and how they are later decommissioned.
asset management
A process that uses a public-key and private-key pair to
encrypt and decrypt messages when communicating.
asymmetric encryption
A set of matrices created by MITRE to document and explain the
adversarial tactics and techniques used by attackers to compromise systems and
networks.
ATT&CK
A process that serves to bear witness and to confirm, authenticate,
verify, and document.
attestation
An access model that is dynamic and
context-aware. Access rights are granted to users through the use of multiple policies
that can combine various user, group, and resource attributes together.
attribute-based access control (ABAC)
An assessment that assigns numeric values to the
probability of a risk and the impact it can have on the system or network.
qualitative risk assessment
Characteristics that authenticate a user in either a physical or behavioral manner
attributes
A technique used to transmit hidden information by modifying an audio signal in an imperceptible manner.
audio steganography
The process or action of proving something to be true or valid,
verifying the identity of a user or process.
authentication
A program that generates security codes for signing
into assets.
authentication application
As specified in RFC 4302, a protocol that defines
an optional packet header to be used to guarantee connectionless integrity and data
origin authentication for IP packets and to protect against replays.
Authentication Header (AH)
A nonmalicious hacker—for example, an IT person who
attempts to “hack” into a computer system before it goes live to test the system.
authorized hacker
A DevOps environment component for secure
provisioning and deprovisioning of software, services, and infrastructure.
automated courses of action
An automated way to share indicators of
compromise (IOCs) and threat intelligence information
automated indicator sharing (AIS)
The technology and processes of executing a task without human
intervention.
automation
A digital forensics platform and graphical interface to The Sleuth Kit and
other digital forensics tools. It is used by law enforcement, military, and corporate
examiners to investigate what happened on a computer.
Autopsy
A method used in computer programs to bypass normal authentication
and other security mechanisms in place.
backdoor
A Common Vulnerability Scoring System (CVSS) group that represents the intrinsic characteristics of a vulnerability that are constant over time and
do not depend on a user-specific environment.
base group
The original frequency range of transmission signal before it is
modulated. It can also refer to the type of data transmission in which analog data is
sent over a single nonmultiplex channel.
baseband radio
A method used to assess the current security state of computers, servers, network devices, and the network in general after a
minimum desired state of security is defined.
baseline configuration (baselining)
The process of reporting the security state of computers, servers, network devices, and the network after a baseline has been determined.
baseline reporting
A Linux/UNIX-based scripting shell and framework.
Bash
Security controls that provide a unique way of making sure that people
are who they say they are by monitoring/matching human characteristics such as a
fingerprint, retina, or voice.
biometrics
An attack on a hashing system that attempts to send two different
messages with the same hash function, causing a collision.
birthday attack
A way of testing the internal workings of an application or
system where the tester has no knowledge of the system being tested.
black-box testing
An encryption method that applies a deterministic algorithm along
with a symmetric key to encrypt a block of text instead of encrypting one bit at a
time as in stream ciphers.
block cipher
A list used to deny individual application access—a common
method used when working with email, and by antivirus and HIDS programs
block list/deny list
A term used to identity the defenders of an organization. ____ _____ typically include the computer security incident response team (CSIRT) and information security (InfoSec) team.
blue team
Sending unsolicited messages to Bluetooth-enabled devices such as
mobile phones and tablets.
bluejacking
Accessing information without authorization from a wireless device
through a Bluetooth connection.
bluesnarfing
A standalone post used for physical security purposes. It is typically steel,
short, and sturdy, and anchored in a hard surface such as concrete.
bollard
A process that allows a remote platform to measure and report
its system state in a secure way to a third party
boot attestation
The reliability of the operating system and loading mechanism
during the booting process; it can be checked using a secure method
boot integrity
A large group of compromised systems known as robots or simply bots
botnet
Compromised computers (also known as zombies) that are part of a larger group called a botnet. They are used to distribute malware across the Internet.
bots
A password attack where every possible password is attempted.
brute-force attack
A situation that occurs when a process stores data outside the
memory that the developer intended.
buffer overflow
The recognition and compensation provided by an organization to
security researchers for reporting security vulnerabilities (which are basically bugs in
code or hardware).
bug bounties
A current, tested plan in the hands of all personnel responsible for carrying out any part of that plan for the purpose of giving your
organization the best shot at success during a disaster
business continuity plan (BCP)
Enacted in 2003, a law that requires California businesses
that store computerized personal information to immediately disclose breaches of
security.
California SB 1386
The complicating of source code to make it more difficult for people
to understand. See also obfuscation.
camouflage
A method used by hotels, coffee shops, etc., that directs users to a
web page for authentication (typically through email) prior to normal Internet use.
The whole point of the technology is to be able to track users who access the free
wireless network. If the user performs any suspect actions, that user can be traced
by way of email address, IP address, and MAC address, in addition to other means if
multifactor authentication is used.
captive portal
A method of user awareness training where students play in a red
team/blue team scenario.
capture the flag
An attack method where the attacker clones a credit card, a
smartphone SIM card, or a building access badge or card.
card cloning attack
A Linux command that copies standard input to standard output
cat
an encryption protocol used with WPA2 that addresses
the vulnerabilities of TKIP and meets the requirements of IEEE 802.11i.
CCMP Counter Mode with Cipher Block Chaining Message Authentication
Code (CBC-MAC) Protocol
An entity (usually a server) that issues certificates to users.
certificate authority (CA)
A list of digitally signed certificates revoked
by the certificate authority for security purposes. If a certificate is compromised,
it is revoked and placed on the ____. ____ are later generated and published
periodically.
certificate revocation list (CRL)
Digitally signed electronic documents that bind a public key with a
user identity.
certificates
A process that provides assurances that evidence has been controlled and handled properly after collection.
chain of custody
An authentication
scheme used by the Point-to-Point Protocol (PPP), which in turn is the standard
for dial-up connections. It uses a challenge-response mechanism with one-way
encryption.
Challenge-Handshake Authentication Protocol (CHAP)
The process that is put in place to handle requests to make
changes to a system in a more efficient and coordinated manner.
change control
A structured way of changing the state of a computer
system, network, or IT procedure.
change management
The Linux command and system call that is used to change the access
permissions of file system objects.
chmod
A device policy where employees select a
device from a company-approved list.
choose your own device (CYOD)
A set of algorithms that help secure a network connection that uses
Transport Layer Security (TLS). The set of algorithms that _____ _____ usually
contain include a key exchange algorithm, bulk encryption algorithm, and message
authentication code (MAC) algorithm.
cipher suite
The process of completely removing any residual files or data from target
systems after the testing phases of a penetration testing engagement are complete.
cleanup
Anything that is being performed (a command, script,
or otherwise) at the client end of the communication. Typically executed on the
client’s browser rather than on the web server, it allows for more responsive web
applications.
client-side execution
The ability to properly handle application and user input to
prevent a security vulnerability and client-side execution.
client-side validation
A tool that is utilized in organizations to
control access to and use of cloud-based computing environments.
cloud access security broker (CASB)
A framework established by the Cloud Security Alliance
for cloud computing.
Cloud Controls Matrix
The act of reusing third-party, open-source software, or code developed internally by an organization.
code reuse
A location belonging to an organization that has tables, chairs, bathrooms, and possibly some technical setup—for example, basic phone, data, and
electric lines. Otherwise, a lot of configuration of computers and data restoration is
necessary before the site can be properly utilized. This type of site is used only if a
company can handle the stress of being nonproductive for a week or more.
cold site
A situation that occurs when two different files end up using the same
hash, which is possible with less secure hashing algorithms.
collision
The controlling master computer directing the actions of
a botnet, which distributes Internet malware.
command and control
A standard that enables different stakeholders across different organizations to share critical security-related
information in a single format, speeding up information exchange and digestion.
Common Security Advisory Framework (CSAF)
A standard created by MITRE
(www.mitre.org) that provides a mechanism to assign an identifier to vulnerabilities
so that you can correlate the reports of those vulnerabilities among sites, tools, and
feeds.
Common Vulnerabilities and Exposures (CVE)
A mix of public and private cloud deployments where multiple
organizations can share the public portion
community cloud
Mechanisms put in place to satisfy security requirements
that are either impractical or too difficult to implement. For example, instead of
using expensive hardware-based encryption modules, an organization might opt to
use network access control (NAC), data loss prevention (DLP), and other security
methods. Or, on the personnel side, instead of implementing segregation of duties,
an organization might opt to do additional logging and auditing. Also known as
alternative controls.
compensating controls
A program that translates, verifies, and processes source code created
in a specific programming language.
compiler
Program errors that occur while the program is being
compiled.
compile-time errors
An access control model where access is granted based on specific criteria requirements.
conditional access
A classification of information where unauthorized access to the
information would cause damage to national security.
confidentia
An ongoing process created with the goal of maintaining computer systems, servers, network infrastructure, and software in a desired,
consistent state.
configuration management
The process of reviewing system configurations to reveal
potential security problems.
configuration reviews
The use of various tools for securing containerized cloud computing environments. Some of these tools are native to the actual cloud computing
environment, and some are third-party solutions and run on those environments.
container security
Logical units of software that package applications and all the dependencies needed to run it. ______ are lightweight, standalone executable software
packages that include code, runtime environments, system tools, and related software libraries. Two of the most popular examples of ______ solutions are Docker
and Linux LXC
containers
The methodology whereby access to information, files, systems or
networks is controlled.
containment
Using a program to screen and/or exclude access to web
pages, URLs, or email deemed objectionable.
content URL/filtering
A federal initiative to encourage
people and departments to plan to address how critical operations will continue
under a broad range of circumstances.
continuity of operations planning (COOP)
A software development process in which developers produce
software in short cycles while making sure that the software is reliable and secure.
continuous delivery
The automation of the application deployment, provisioning, and underlying network components and infrastructure.
continuous deployment
A software development practice in which programmers
merge, test, and deploy code changes in a central repository multiple times a day or
several times per week.
continuous integration
A DevOps environment component that ensures applications and systems are operating correctly and securely.
continuous monitoring
A DevOps environment component where applications
and code must be validated in an automated fashion.
continuous validation
A device policy in which the company supplies employees with a phone that can also be used for personal activities.
corporate-owned, personally enabled (COPE)
Controls used after an event. They limit the extent of damage and help the company recover from damage quickly. Tape backup, hot sites, and
other fault tolerance and disaster recovery methods are also included here. They are
sometimes referred to as compensating controls.
corrective controls
An encryption mode that uses an arbitrary number that changes with each block of text encrypted. The ______ is encrypted with the
cipher, and the result is XOR’d (exclusive OR’d) into ciphertext. Because the _____ changes for each block, the problem of repeating ciphertext that results from the
Electronic Code Book method is avoided.
counter mode
Information gathered and activities conducted to protect
against espionage, other intelligence activities, or sabotage conducted by or on
behalf of other elements.
counterintelligence
The attacking technique or activities of grabbing legitimate
usernames and even passwords to gain access to systems to steal information or to
use them for malicious purposes.
credential harvesting
Centralized enterprises run by people motivated mainly by
money (organized crime).
criminal syndicates
The point where the false rejection rate (FRR) and
the false acceptance rate (FAR) are equal.
Crossover Error Rate (CER)
A type of vulnerability where an attacker lures
the targeted user to execute unwanted actions on a web application. Threat-performing _____ attacks leverage the trust that the application has in the targeted user.
cross-site request forgery (XSRF)
A web application vulnerability where an attacker
can redirect a user to a malicious site, steal session cookies, or steal other sensitive
information.
cross-site scripting (XSS)
Attacks against cryptographic implementations or against
crypto algorithms.
cryptographic attacks
An advanced form of ransomware that leverages advanced encryption techniques to prevent files from being decrypted without a unique key
cryptomalware
Open-source software/sandbox for automating analysis of suspicious
files.
Cuckoo
A Linux command-line tool to transfer data to or from a server, using any
of the supported protocols: HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP,
TELNET, LDAP, or FILE
curl
an industry standard used to
convey information about the severity of vulnerabilities.
CVSS Common Vulnerability Scoring System
A series of steps that trace stages of a cyber attack from the early
reconnaissance stages to the exfiltration of data. The ____ _____ allows you to understand and combat ransomware, security breaches, and advanced persistent threats
(APTs).
cyber kill chain
A type of risk transference (also known as risk sharing)
that an organization can purchase to protect, for example, a group of servers in a
data center.
cybersecurity insurance
A subset of the deep web where many threat actors perform malicious
activities, such as selling stolen credit card numbers, health records, and other personal information.
dark web
Inactive data that is archived—backed up or stored in cloud storage
services.
data at rest
The individual who has the greatest responsibility for data privacy
protection. This person’s main responsibility is to control how the data is used by
applying specific procedures for the data processes.
data controller
The individual who performs day-to-day tasks on behalf
of the data owner. This person’s main responsibility is to ensure that the information
is available to the end user and that security policies, standards, and guidelines are
followed.
data custodian/steward
Data that crosses the network or data that currently
resides in computer memory. Also known as data in motion.
data in transit/motion
Actively used data undergoing constant change; for example, it could be stored in databases or spreadsheets.
data in use/processing
A system that performs content inspection and is
designed to prevent unauthorized use of data as well as prevent the leakage of data
outside the computer (or network) in which it resides.
data loss prevention (DLP)
A privacy enhancing technology designed to protect or obfuscate
sensitive data
data masking
A method of minimizing the amount of personal information
that is consumed by online entities.
data minimization
Also called the information owner; a person who is usually part of
the management team and maintains ownership of and responsibility over a specific
piece or subset of data.
data owner
The organizational leadership role that is responsible for the overall protection and adherence to data protection processes within
the organization.
data protection officer (DPO)
The process of restoring lost data, such as restoring a corrupt file
from a backup.
data recovery
A policy that states how long data must be stored by an
organization.
data retention
The process of irreversibly removing or destroying data stored
on a memory device (hard drives, flash memory/SSDs, mobile devices, CDs, DVDs,
and so on) or in hard copy form
data sanitization
A concept that refers to any information (data) that has been
converted and stored in a digital form.
data sovereignty
A command-line utility for Linux operating systems whose primary purpose is
to convert and copy files.
dd
Software that is no longer in use, but the source code or binary for it
still exists in the system and has not been removed appropriately.
dead code
A data destruction method involving the reduction or elimination of a magnetic field (or data) stored on tape and disk media such as computer and laptop hard drives, diskettes, reels, cassettes, and cartridge tapes.
degaussing
To adequately and securely remove, decommission, and purge an
application and related data on-premises or in the cloud.
deprovision
Controls aimed at monitoring and detecting any unauthorized
behavior or hazard. These types of controls are generally used to alert to a failure in
other types of controls such as preventive, deterrent, and compensating controls.
detective controls
A control that is used by an organization to try to deter a
threat actor from executing an offensive assault on its environment.
deterrent controls
The environment where you create code on your computer or in
the cloud.
development
A security feature that protects against Layer 2 attacks such as
DHCP spoofing and abuse.
DHCP snooping
A cybersecurity/threat intelligence model
used to analyze and track the characteristics of cyber intrusions by advanced threat
actors that emphasizes the relationships and characteristics of the adversary, capabilities, infrastructure, and victims.
Diamond Model of Intrusion Analysis
A password attack that uses a prearranged list of likely
words, trying each of them one at a time.
dictionary-based attack
Data backups that preserve data, saving only the difference
in the data since the last full backup.
differential backups
A Linux tool for querying DNS nameservers for information about host
addresses, mail exchanges, nameservers, and related information.
dig
The name given to a set of access control
technologies that are used to control the use of proprietary hardware, software, and
copyrighted works. ____ solutions are used to restrict the use, modification, and
distribution of copyrighted works and the underlying systems used to enforce such
policies.
digital rights management (DRM)
Mathematical schemes for verifying the authenticity of digital
messages or documents.
digital signatures
A method of accessing unauthorized parent (or worse, root)
directories. It is often used on web servers that have PHP files and are Linux- or
UNIX-based, but it can also be perpetrated on Microsoft operating systems. This
attack is designed to get access to files such as ones that contain passwords. Also
known as the ../ (dot-dot-slash) attack.
directory traversal
A formal document created by organizations that
contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks, or other disruptive events.
disaster recovery plan (DRP)
An access control policy generally determined by the owner. Objects such as files and printers can be created and accessed
by the owner. Also, the owner decides which users are allowed to have access to the
objects, and what level of access they may have. The levels of access, or permissions,
are stored in access control lists (ACLs).
discretionary access control (DAC)
A technology that protects information by converting it into
unreadable code that cannot be deciphered easily by unauthorized people.
disk encryption
The principle behind writing data to two or more disks at the
same time.
disk redundancy
A restricted variant of Basic Encoding
Rules (BER) that allows for only one type of encoding, and has restrictive rules for
length, character strings, and how elements are sorted. It is widely used for X.509
certificates.
Distinguished Encoding Rules (DER)
An attack in which a group of
compromised systems attacks a single target, causing a denial of service to occur at
that host.
distributed denial-of-service (DDoS) attack
Adequate distance between primary and secondary (or backup) sites; this
is an important disaster recovery term.
diversity
The process of running code within the address space of another
process by forcing it to load a dynamic link library. Ultimately, this can influence the behavior of a program in a way that was not originally intended.
DLL injection
a system utilized on networks to translate domain
names to IP addresses.
DNS Domain Name System
An attack that generates a high volume of packets ultimately intended to flood a target website.
DNS amplification attack
The modification of name resolution information that should be
in a DNS server’s cache in order to redirect client computers to incorrect websites.
DNS poisoning
A suite of specifications that provide secure answer validation. It does this through public key cryptography. It is
backward-compatible and can be deployed side by side with traditional DNS.
DNS Security Extensions (DNSSEC)
A deception and disruption technique used when you configure
one or more DNS servers to provide false results to attackers and redirect them
to areas in the network where you can observe their tactics and techniques
DNS sinkhole
A command-line tool that automatically identifies basic DNS records
such as MX, mail exchange servers, NS, domain name servers, or the address record
for a domain.
dnsenum
An attack in which the attacker changes the registration of a
domain name without the permission of the original owner or registrant.
domain hijacking
A method that provides gateway-based
cryptographic signing of outgoing messages. It allows you to embed verification
data in an email header and for email recipients to verify the integrity of the email
messages.
Domain Keys Identified Mail (DKIM)
The process of deleting a domain name during the five-day grace period (known as the add grace period, or AGP) and immediately reregistering it for another five-day period. This process is repeated any number of times with the end result of having the domain registered without ever actually paying for it. It is a malicious attack on the entire Domain Name System (DNS) by misusing the domain-tasting grace period. The result is that a legitimate company or organization often cannot secure the domain name of its choice.
domain name kiting
A technique to validate the authenticity of a domain and the
services using such domains (including websites and email messages).
domain reputation
The process the certificate authority uses to check the
rights of the applicant to use a specific domain name.
domain validation (DV)
A standard that was designed to thwart spammers from spoofing your
domain to send email. Spammers can counterfeit the “From” address on an email
message for it to appear to come from a user in your domain
Domain-based Message Authentication, Reporting & Conformance
DMARC
A type of attack in which a protocol (such as TLS or SSL) is
downgraded from the current version to a previous version, exploiting backward
compatibility
downgrade attack
Power that is supplied to the building via multiple paths; it ensures a
single path failure does not interrupt power to the building.
dual supply
The process of trying to understand the source code of
a program to adequately build a series of correct inputs for test coverage. Analysis
software has the capability to find security issues caused by the code’s interactions
with other system components.
dynamic code analysis
A method to determine if an ARP packet is valid based on IP-to-MAC address bindings stored in a
trusted database.
Dynamic Host Configuration Protocol (DHCP) snooping
The capability of a cloud computing environment
to efficiently allocate resources to tenants based on demand. Without this capability,
a cloud-based computing environment would not be feasible.
dynamic resource allocation
A concept referring to network traffic flow within a data center
between servers.
east-west traffic
An ecosystem of resources and applications in new network
services (including 5G and IoT).
edge computing
The process of identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI) in litigation.
E-discovery
The capability of an underlying infrastructure to react to a sudden
increase in demand by provisioning more resources in an automated way
elasticity
The act of gaining knowledge or information from people
eliciting information
An approach to public-key cryptography
based on the algebraic structure of elliptic curves over finite fields
elliptic-curve cryptography (ECC)
Microprocessor-based computer hardware systems with software that is designed to perform a dedicated function, either as an independent system or as a part of a larger system.
embedded systems
Specified in RFC 4303; an optional
packet header that can be used to provide confidentiality through encryption of the
packet, as well as integrity protection, data origin authentication, access control, and
optional protection against replays or traffic analysis.
Encapsulating Security Payload (ESP)
The process used to protect data by encoding plaintext data using
cryptographic algorithms.
encryption
The date when a product or service will no longer be sold or
supported by a third party.
end of life (EOL)
Typically, the last day of service for a product, meaning a third party is no longer providing service if there is a failure.
end of service life (EOSL)
An integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data
with rules-based automated response and analysis capabilities.
endpoint detection and response (EDR)
Often used interchangeably with endpoint security; security
solutions that address endpoint device security issues, securing and protecting endpoints against zero-day exploits, attacks, and inadvertent data leakage resulting from
human error.
endpoint protection
In cybersecurity, a measure of the randomness or diversity of a datagenerating function.
entropy
Cryptographic keys that can be used more than once within a
single session, such as for broadcast applications, where the sender generates only one ephemeral key pair per message, and the private key is combined separately with
each recipient’s public key
ephemeral keys
The process of engaging senior analysts and other stakeholders during
the incident response process.
escalation
An expert at breaking into systems who can attack systems on
behalf of the system’s owner and with the owner’s consent.
ethical hacker
A rogue and unauthorized wireless access point that uses the same service set identifier (SSID) name as a nearby wireless network, often a public hotspot.
evil twin
Software packages that contain reliable exploit modules
and other hacker technique tools such as agents used for successful repositioning.
exploitation frameworks
Certificates that conduct a thorough vetting of an
organization. Issuance of these certificates is strictly defined.
extended validation (EV)
Specified in IETF RFC 3748 [18]; a
framework for access authentication, which supports different authentication methods that are specified as ___ methods. As described in RFC 4017 [19], it is desirable
for ___ methods used for wireless LAN to support mutual authentication and key
derivation.
Extensible Authentication Protocol (EAP)
A type of Extensible Authentication Protocol authentication that uses a protected access credential instead of a certificate to achieve
mutual authentication.
Extensible Authentication Protocol - Flexible Authentication via Secure
Tunneling (EAP-FAST)
A
type of Extensible Authentication Protocol authentication that uses Transport Layer
Security, which is a certificate-based system that does enable mutual authentication.
It does not work well in enterprise scenarios because certificates must be configured
or managed on the client side and server side.
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)
A type of Extensible Authentication Protocol authentication that
uses Tunneled Transport Layer Security and is basically the same as TLS except that
it is done through an encrypted channel and requires only server-side certificates.
Extensible Authentication Protocol - Tunneled Transport Layer Security
(EAP-TTLS)
System decoys and breadcrumbs designed to lure and trick
attackers.
fake telemetry
The process of measuring the likelihood and probability that a biometric system will authorize a person who was not meant to be
authorized.
false acceptance rate (FAR)
A network intrusion device’s inability to detect true security
events under certain circumstances—in other words, a malicious activity that is not
detected by the security device.
false negative
A situation in which a security device triggers an alarm, but no
malicious activity or actual attack is taking place. In other words, ____ _____ are
false alarms, and they are also called benign triggers.
false positive
The process of measuring the likelihood and probability that a biometric system fails to recognize an authorized user
false rejection rate (FRR)
An enclosure designed to block any RF signals from entering or
leaving, or having effect on devices inside the cage.
Faraday cage
An array of programmable logic blocks
and a hierarchy of “reconfigurable interconnects” that allow the blocks to be “wired
together.” Logic blocks can be configured to perform complex combinational functions, or merely simple logic gates such as the AND gate, OR gate, and NOT gate.
Field-Programmable Gate Array (FPGA)
Systems used to store and track changes in source code
and files.
file and code repositories
A form of malware that functions without putting malicious executables within the file system and instead works in a memory-based environment.
fileless malware
The remote configuration and deployment of mobile devices performed via a messaging service, such as Short Message Service (SMS),
Multimedia Messaging Service (MMS), Rich Communication Service (RCS), or
Wireless Application Protocol (WAP).
firmware over-the-air (OTA) updates
The decentralization of computing infrastructure by “bringing
the cloud to the ground” This architecture enables components
of the edge computing concept to easily push compute power away from the public
cloud to improve scalability and performance
fog computing
A by-product of attacker reconnaissance on an application, system,
or network in order to find vulnerabilities that could potentially be exploited
footprinting
A process that deals with the recovery and investigation of material
found in digital devices.
forensics
A proxy server that clients looking for websites, or files via an FTP
connection, pass their requests through to the proxy.
forward proxy
A data preview and imaging tool that lets you quickly assess electronic evidence to determine whether further analysis with a forensic tool such as
AccessData Forensic Toolkit (FTK) is warranted.
FTK Imager
A type of configuration in which all traffic is sent through the VPN
tunnel back to the head end and out through the corporate network.
full tunnel
The process of encrypting data as it is written to the
disk and decrypting data as it is read off the disk. It is most applicable to laptops.
full-disk encryption (FDE)
An automated software testing technique that involves providing invalid,
unexpected, or random data as inputs to a computer program.
fuzzing
A European Union (EU) law
that was enacted in 2018 with an overall focus on data protection and privacy for
individuals.
General Data Protection Regulation (GDPR)
The use of a virtual fence defining the boundaries of an actual geographical area.
geofencing
The process of placing compute assets in strategic locations to ensure the ability to recover in case of an attack or natural disaster.
geographical dispersal
Law enacted in 1999 that enables commercial banks,
investment banks, securities firms, and insurance companies to consolidate. It protects against pretexting. Individuals need proper authority to gain access to nonpublic information such as Social Security numbers.
Gramm-Leach-Bliley Act
A Linux command for finding matching patterns, to search for a string of
characters in a specified file.
grep
The act of applying levels of security to protect applications from
intellectual property theft, misuse, vulnerability exploitation, tampering, or even
repackaging by people with ill intentions. Also known as application shielding.
hardening
The foundation on which all secure operations of a computing system depend.
hardware root of trust
Physical devices that act as secure cryptoprocessors. This means that they are used for encryption during secure login/
authentication processes, during digital signings of data, and for payment security
systems. faster than software encryption.
hardware security modules (HSMs)(or a
Trusted Platform Module, or TPM)
A cryptographic function that is a mathematical algorithm used to map data
of arbitrary size to a bit array of a fixed size.
hash
A one-way function where data is mapped to a fixed-length value.
hashing
A Linux-centric command that reads the first 10 lines of any given filename.
head
Law enacted in 1996 that
governs the disclosure and protection of health information.
Health Insurance Portability and Accountability Act
Components of a wireless site survey that shows all wireless activity in
an area.
heat maps
A characteristic of a system which aims to ensure an agreed level
of operational performance, usually uptime, for a higher than normal period.
high availability
The components of a high availability environment deployed across multiple zones to greatly reduce the risk of an outage. In
cloud computing environments, high availability is addressed using the concept of
regions or zones.
high availability across zones
Hash-based password algorithm
that is used as a one-time password.
HMAC-based one-time password (HOTP)
An attempt to deceive people into believing something that is false.
hoax
A form of encryption enabling you to perform calculations on encrypted data without decrypting it first.
homomorphic encryption
Files used as bait intended to lure adversaries to access and then send
alarms to security analysts for detection. They can also be used to potentially learn
the tactics and techniques used by attackers.
honeyfiles
One or more computers, servers, or an area of a network that does not
house any important company information and is designed to lure attackers so that
you can study what tools and techniques they are using in order to discover potential
network vulnerabilities.
honeynet
A computer, virtual machine (VM), or container that is used to attract
attacker traffic to learn the adversary’s tactics, techniques, and procedures.
honeypot
A firewall installed on each individual desktop, laptop computer, or server that controls incoming and outgoing network traffic and determines
whether to allow it into a particular device.
host-based firewall
An application that operates on
information collected from individual computer systems. It can detect and alert on
malicious activity but cannot stop this activity.
host-based intrusion detection system (HIDS)
A system that is capable of
monitoring and analyzing the internals of a computing system “server” as well as the
network packets on its network. It can prevent malware infiltration.
host-based intrusion prevention system (HIPS)
In its simplest form, a type of data center design that involves lining up
server racks in alternating rows with hot air exhausts facing one way and cold air
intakes facing the other.
hot aisle
A near duplicate of the original site of an organization that can be up and
running within minutes (maybe longer). Computers and phones are installed and
ready to go, a simulated version of the server room stands ready, and the vast majority of the data is replicated to the site on a regular basis in the event that the original
site is not accessible to users for whatever reason.
hot site
A free TCP/IP packet generator, assembler, and analyzer that can be used to
send large volumes of TCP traffic at a target while spoofing the source IP address,
making it appear random or even originating from a specific user-defined source.
hping
A mixture of public and private clouds. Dedicated servers located
within the organization and cloud servers from a third party are used together to
form the collective network
hybrid cloud
A technique used to manipulate people’s sentiment (often political
or religious beliefs) with potentially false information or propaganda.
hybrid warfare
The service provider that also manages the authentication
and authorization process on behalf of the other systems in a federation.
identity provider (IdP)
An IEEE standard that defines port-based network access control
(PNAC). is a data link layer authentication technology used to connect
devices to a LAN or WLAN. It defines EAP.
IEEE 802.1X
A command used to configure kernel-resident network interfaces. It is
used at boot time to set up interfaces as necessary. It is used to view TCP/IP configurations on a Linux or macOS system.
ifconfig
A technique used to hide any kind of file inside an image
file.
image steganography
A valuation to determine the potential monetary costs related
to a threat.
impact assessment
A concept related to geolocation and geofencing where a potential compromise is identified based on the fact that it would be
impossible for a user to be in two places at once. For instance, if you authenticated
at 3 p.m. EST from New York and 10 minutes later tried to authenticate from Florida. This would not be possible and is an indication of account compromise.
impossible travel time/risky login
A set of instructions to help IT staff detect, respond to,
and recover from network security incidents. These types of plans address issues like
cybercrime, data loss, and service outages that threaten daily work.
incident response plan
A group of IT professionals in charge of preparing for
and reacting to any type of organizational emergency
incident response team
A series of backup data sets in which daily changes to the
data are compared to the state of the data on the previous day. They all have to be
applied to the original full backup copy to come up with an up-to-date full backup
copy.
incremental backups
Pieces of evidence or information that indicates a
potential breach or compromise. Examples include command and control (C2) communications, IP addresses, domains, malware hashes, and other information.
indicators of compromise
The use of blended images where the surrounding scenery
and the camouflaged structure appear as one, with the goal to deceive passersby to
believe the structure is something else entirely
industrial camouflage
The process of protecting data or information by preventing unauthorized modification.
information assurance
A four-step process of data collection that includes collecting data, storing data, determining how data is used, and disposing of the data.
information lifecycle
Private-sector critical
infrastructure organizations and government institutions that collaborate and share
information between each other. exist for different industry sectors. Examples
include automotive, aviation, communications, IT, natural gas, elections, electricity,
financial services, health care, and many other
Information Sharing and Analysis Centers (ISACs)
A cloud service that offers computer networking, storage, load balancing, routing, and VM hosting
infrastructure as a service (IaaS)
The process of managing and provisioning computer data
centers through machine-readable definition files rather than physical hardware
configuration or interactive configuration tools.
infrastructure as code
The level of untreated risk in a process, system, or activity.
inherent risk
An attack against a cryptographic implementation used to reverse encryption methods (such as RC4) and/or recover a pre-shared
key (PSK).
initialization vector (IV) attack
A category of attacks where the threat actor “injects” malicious
code or malicious traffic.
injection attacks
A process that ensures the correct usage of data; it checks the
data that is input by users into web forms and other similar web elements. If data is
not validated correctly, it can lead to various security vulnerabilities, including sensitive data exposure and the possibility of data corruption.
input validation
A concept used by cloud access security broker solutions to
enforce policies on specific parts of an application
instance awareness
Errors that occur when arithmetic operations in a program
attempt to create a numeric value that is too big for the available memory space.
They create a wrap and can cause resets and undefined behavior in programming
languages such as C and C++.
integer overflows
In a certificate chain, the body that signs the
end-entity certificate. It then handshakes with the root certificate, which represents
the root certificate authority. it not only creates the certificate but also signs it
with its own private key.
intermediate certificate authority
The standards body that
was originally established in 2005 and later updated in 2013 to address the topics of
organizational context, involvement of leadership, planning and objectives, support
including resources and communication, operational aspects, evaluation of performance, and continuous improvement.
International Organization for Standardization (ISO)
An Internet protocol that allows you
to access your email wherever you are, from any device.
Internet Message Access Protocol (IMAP)
An industry protocol
created to collect and analyze network traffic flow information (metadata of the connections established between systems over a network).
Internet Protocol Flow of Information Export (IPFIX)
A Windows command-line tool that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol and
Domain Name System settings.
ipconfig
A standard used to collect and analyze network flow information from
infrastructure devices such as network switches and routers.
IPFIX
A principle that defines the architecture for security services for IP network
traffic. Also known as Internet Protocol Security or IP Security protocol.
IPsec
The process of sending unsolicited wireless signals to cause interference
or a denial of service condition.
jamming
A Linux command-line tool used for viewing logs that are collected by
systemd.
journalctl
An authentication protocol designed at MIT that enables computers
to prove their identity to each other in a secure manner. It is used most often in a
client/server environment; the client and server both verify each other’s identity.
This is known as two-way authentication or mutual authentication.
Kerberos
A process implemented to secure a copy of the user’s private key (not
the public key) in case it is lost.
key escrow
A technique used to make a possibly weak key, typically a password
or passphrase, more secure against a brute-force attack by increasing the resources
(time and possibly space) needed to test each possible key.
key stretching
Spyware that records your keystrokes.
keylogger
Authentication of an individual based
on knowledge of information associated with his or her claimed identity in public
databases.
knowledge-based authentication (KBA)
Penetration test environment where the tester starts
out with a significant amount of information about the organization and its
infrastructure.
known environment
A post-exploitation technique, the main goal of which is to
move from one device to another to avoid detection, steal sensitive data, and maintain access to these devices to exfiltrate the sensitive data. Lateral movement is also
referred to as pivoting
lateral movement
A tunneling protocol used to connect virtual private networks. It does not include confidentiality or encryption on its own. It
uses port 1701 and can be more secure than PPTP if used in conjunction with IPsec.
Layer 2 Tunneling Protocol (L2TP)
An attack similar to SQL injection; it uses a web form input box
to gain access or exploits weak LDAP lookup configurations.
LDAP injection
An approach by which subjects are given only the necessary privileges needed to do their intended job.
least privilege
Technology solutions and platforms that are end-of-sale and
end-of-support by a vendor or considered obsolete.
legacy platforms
An encryption method that features a small footprint
and/or low computational complexity. It is aimed at expanding the applications of
cryptography to constrained devices such as the ever-expanding IoT market.
lightweight cryptography
A protocol used to
read and write information to Active Directory. By default, LDAP traffic is transmitted unsecured, but you can enable LDAPS by using certificates.
Lightweight Directory Access Protocol over SSL (LDAPS)
A USB flash drive or external hard disk drive containing a full
operating system that can be booted to.
live boot media
The act of collecting logs from multiple systems in a network.
log aggregation
Software that is able to receive logs from multiple sources (data
input) and in some cases offers storage capabilities and log analysis functionality.
log collector
Code that has, in some way, been inserted into software; it is meant to
initiate some type of malicious function when specific criteria are met.
logic bomb
An attack in which the attacker sniffs the network for valid
MAC addresses and then uses those MAC addresses to perform other actions.
MAC cloning attack
An attack that sends numerous unknown MAC addresses to
a network switch to cause a DoS condition.
MAC flooding attack
A set of rules or patterns that specify how certain input could trigger a
command, a series of commands, or any other operation in a system.
macros
An access control policy determined by a
computer system, not by a user or owner, as it is in DAC.
mandatory access control (MAC)
The process of reading source code line by line in an
attempt to identify potential vulnerabilities.
manual code review
The average number of failures per million hours of operation for a product in question.
mean time between failures (MTBF)
The amount of time that an asset, system, or
application takes before it fails.
mean time to failure (MTTF)
The time needed to repair a failed device.
mean time to repair (MTTR)
the process of taking all information content in
RAM and writing it to a storage drive.
memdump A memory dump
A document that outlines the terms
and details of an agreement between parties, including each party’s requirements and
responsibilities.
memorandum of understanding (MOU)
Data created from every activity you perform, whether it’s on your
personal computer or online, every email, web search, social and public application.
metadata
Physical devices that act as
secure cryptoprocessors during secure login/authentication processes, during digital
signings of data, and for payment security systems
MicroSD hardware security modules (HSMs)
A tool used by many penetration testers, attackers, and even malware
that can be useful for retrieving password hashes from memory; it is a useful postexploitation tool.
Mimikatz
A globally-accessible knowledge base of adversary tactics,
techniques, and procedures (TTPs) based on real-world observations of cybersecurity threats.
MITRE ATT&CK
Centralized software solutions that can
control, configure, update, and secure remote mobile devices such as Android, iOS,
BlackBerry, and so on, all from one administrative console.
mobile device management (MDM)
An authentication method that requires the user to
provide two or more verification factors to gain access to a resource.
multifactor authentication
An Internet of Things implementation based on low-power wide-area (LPWA) technology developed to enable a wide
range of new IoT devices and services.
NarrowBand-Internet of Things (NB-IoT)
A remote security scanning tool that scans a computer and notifies the
practitioner if it discovers any vulnerabilities that malicious hackers could use to
gain access to any computer connected to a network.
Nessus
A back-end tool that allows for port scanning and port listening. In addition, you can actually transfer files directly through _____ or use it as a backdoor
into other networked systems
netcat
A session flow protocol that collects and analyzes network traffic data
that can be used to help you understand which applications, users, and protocols
might be consuming the most network bandwidth or if a DoS activity is taking place
and who the actors are.
NetFlow
A Windows and Linux command-line tool that generates a display showing network status and protocol statistics. It is used to view the current TCP/IP
connections on a system.
netstat
Attacks that target network infrastructure resources
(for example, bandwidth, CPU, and memory utilization of the underlying network
infrastructure).
network DDoS attacks
The process of combining two or more
network interfaces to increase network capacity
network interface card (NIC) teaming
The process of adding additional instances of network
devices and connections to help ensure network availability and decrease the risk of
failure
network redundancy
A type of IDS that attempts
to detect malicious network activities—for example, port scans and DoS attacks—by
constantly monitoring network traffic.
network-based intrusion detection system (NIDS)
A type of IPS designed to
inspect traffic and, based on its configuration or security policy, remove, detain, or
redirect malicious traffic.
network-based intrusion prevention system (NIPS)
A popular vulnerability scanner.
nmap
A random number issued by an authentication protocol that can be used
only one time.
nonce
The assurance that someone cannot deny the validity of something; where a statement’s author cannot dispute its authorship.
nonrepudiation
he capability to avoid or reduce data redundancies and anomalies—
a core concept within relational databases.
normalization
A simple but practical command-line tool, that is principally used to
find the IP address that corresponds to a host or the domain name that corresponds
to an IP address.
nslookup
A situation that occurs when a program dereferences a
pointer that it expects to be valid, but is null, which can cause the application to exit
or the system to crash.
null pointer dereference
A tool that is used for centralized logging across various platforms and
supports a myriad of different log types and formats.
NXLog
The complicating of source code to make it more difficult for people
to understand. See also camouflage.
obfuscation
Removing an employee from a federated identity management system, typically when he or she leaves an organization.
offboarding
A dedicated system or application used to crack hashed
or encrypted passwords offline.
offline password cracker
Adding a new employee to an organization and to its identity and
access management system. This process is associated with user training, federated
identity management, and role-based access control (RBAC).
onboarding
An alternative to certificate revocation lists (CRLs) that contains less information than a CRL does, and the client side
of the communication is less complex. does not require encryption,
making it less secure than CRLs.
Online Certificate Status Protocol (OCSP)
An application used to crack passwords while interacting with the targeted system.
online password cracker
Previously known as man-in-the-middle (MITM) or man-in-thebrowser (MITB) attack, this type of attack intercepts all data between a client and
server, sometimes using a Trojan to infect a vulnerable web browser for later nefarious purposes.
on-path attack
An implementation profile for storage devices built to protect the confidentiality of stored user data against unauthorized access after it leaves the owner’s control (involving a power cycle and subsequent deauthentication).
Opal
Information that can be used for reconnaissance from public records, social media sites, DNS records, and other open sources.
It applies to offensive security (ethical hacking/penetration testing) and defensive
security
open-source intelligence (OSINT)
A nonprofit organization
that has chapters all over the world that focus on application and software security.
It has numerous well-known and comprehensive projects designed to increase the
awareness of secure coding and testing, as well as creating tools to help find and prevent security vulnerabilities.
Open Web Application Security Project (OWASP)
A popular SSO protocol for federated systems. In the 2.0 version, the
authentication and authorization process is similar to the one in SAML.
OpenID
A full-featured toolkit for the Transport Layer Security (TLS) and
Secure Sockets Layer (SSL) protocols.
OpenSSL
This category of controls includes the controls executed by
people. They are designed to increase individual and group system security. They
include user awareness and training, fault tolerance and disaster recovery plans,
incident handling, computer support, baseline configuration development, and environmental security. The people who carry out the specific requirements of these
controls must have technical expertise and understand how to implement what management desires of them.
operational controls
The term used to describe physical items that can
be programmed and connected to a network or the Internet. Typically, these devices
are used to control electrical grids, pipelines, automobiles, manufacturing plant
robots, and other critical infrastructure.
operational technology (OT)
The order in which digital evidence is collected from high
volatility (where data is more vulnerable to loss) to low volatility.
order of volatility
A portion of a hard disk or similar media that is reserved as an extension
of RAM.
pagefile
Penetration test environment where the penetration testers may be provided credentials but not full documentation of the network
infrastructure.
partially known environment
A type of attack in which, instead of trying to figure out
what the user’s password is, the attacker just uses a password hash collected from
a compromised system and then uses the same hash to log in to another client or
server system. This is done because password hashes cannot be reversed.
pass the hash attack
An attacker method that can be carried out by researching information about the victim’s public records, social media sites, and other
personal information.
passive reconnaissance
A protocol that sends usernames
and passwords in clear text. Obviously, this protocol is insecure and to be avoided.
Password Authentication Protocol (PAP)
An application program that is used to identify an unknown or
forgotten password to a computer or network resources.
password cracker
A technology typically deployed by corporations when implementing two-factor authentication. The primary use case is remote access to the organization’s environment
password keys
The practice of reusing the same password or part of it, which
consequently increases the risk of password compromise.
password reuse
A type of password brute-force attack where the attacker uses
a single password against targeted user accounts before performing a second attempt
to remain undetected.
password spraying
A central system or piece of software that stores and manages
various sets of credentials in a secure management system. helps
solve the issue of credential storage. has its own set of credentials and
possibly another authentication factor that is used to access
password vault
The process of keeping up with fixes that address software
bugs
patch management
Software bug fixes.
patches
A utility that sends packets to each router on the way to a final destination over a period of time and computes results based on the packets that return
from each hop.
pathping
A standard enacted
in 2006 as a joint effort by the credit card industry with the overall goal to enhance
the security around payment card data processing. The requirement applies to any
organization that processes payment card data and enforces penalties for noncompliance on such organizations.
Payment Card Industry Data Security Standard (PCI DSS)
a common format that uses
base64-encoded ASCII files and can be identified with the .pem file extension, though the format might also use .crt (for example, Microsoft), .cer, or .key
extensions.
PEM Privacy-enhanced Electronic Mail (PEM)
The process of analyzing the security posture of a network’s
or system’s infrastructure in an effort to identify and possibly exploit any security
vulnerabilities found.
penetration testing
A feature of specific key agreement protocols that gives
assurances that session keys will not be compromised even if long-term secrets used
in the session key exchange are compromised.
perfect forward secrecy
The act of maintaining a foothold in a compromised system after
the exploitation phase in order to perform additional tasks such as installing and/or
modifying services to connect back to the compromised system. It is used in a loadbalancing environment, when various mechanisms are used to maintain the preservation of data during transmission between the client and server.
persistence
Information used to uniquely identify, contact, or locate a person. This type of information could be a name, birthday,
Social Security number, biometric information, and so on.
personally identifiable information (PII)
An organization’s system of ensuring employees are
who they say they are. The most common type of authentication is the username/
password combination. Usernames are usually based on a person’s real name.
personnel credential policy
A type of attack in which an attacker redirects one website’s traffic to
another website that is bogus and possibly malicious. The threat actor redirects a
victim from a valid website or resource to a malicious one that could be made to
appear as the valid site to the user. From there, an attempt is made to extract confidential information from the user or to install malware in the victim’s system.
pharming
An attempt at fraudulently obtaining private information, usually done
electronically.
phishing
A verification system in which a user receives an automated phone call that requires him or her to press a certain button or code.
phone call authentication
A physical security system used to control access to organization. It can be considered the first line of defense, sort of like a firewall is the first
line of defense for a network. Implementing physical access security methods should be a top priority for an organization. Proper building entrance access and secure
access to physical equipment are vital. And anyone coming and going should be
logged and surveyed.
physical controls
A type of attack in which an unauthorized person tags along with an
authorized person to gain entry to a restricted area. Also known as tailgating
piggybacking
A TCP/IP command used to verify IP-level connectivity to another TCP/
IP computer by sending Internet Control Message Protocol (ICMP) echo request
messages. Corresponding echo reply messages are displayed, along with round-trip
times. This command is used to test connectivity between two devices on a network
with IPv4
ping
A method of adding security to the certificate validation process. You can
help detect and block many types of on-path attacks by adding an extra step beyond
normal X.509 certificate validation.
pinning
A post-exploitation technique, the main goal of which is to move from
one device to another to avoid detection, steal sensitive data, and maintain access to
these devices to exfiltrate the sensitive data. Also referred to as lateral movement.
pivoting
A cloud service that provides various software solutions to organizations, especially the ability to develop applications in a virtual
environment without the cost or administration of a physical platform. This model
provides everything except applications. Services provided by this model include all
phases of the system development lifecycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software. These solutions
tend to be proprietary, which can cause problems if the customer moves away from
the provider’s platform.
platform as a service (PaaS)
Linear style electronic checklists of required steps and actions needed to
successfully respond to specific incident types or threats.
playbook
A security feature present in routers and switches that is used to
provide access control by restricting the Media Access Control (MAC) addresses
that can be connected to a given port.
port security
Configuring one or more ports on a switch to forward all packets to another port. This procedure is often used when capturing packets
port spanning/port mirroring
A hardware device utilized to provide access to all traffic on a network
segment.
port tap
The use of cryptographic algorithms (usually
public-key algorithms) that are thought to be secure against an attack by a quantum
computer.
post-quantum cryptography
A form of spyware that typically
includes grayware, adware, or jokes.
potentially unwanted programs (PUPs)
A scripting framework used in Windows operating systems.
PowerShell
A machine learning solution to help discover security threats
in your network.
predictive analysis
Adding a message in an email’s subject line to identify emails that
come from outside the organization. You can often configure your email servers or
email cloud services to use this technique.
prepending
The act of making sure that
digital evidence is acquired, handled, and analyzed properly and without any contamination or modification.
preservation of evidence (evidence preservation)
A complex passphrase used to enable connectivity between
wireless clients and the WAP. automatically used when you select WPA2-
Personal in the Security Mode section.
preshared key (PSK)
the act of impersonating or “spoofing” someone else’s
identity.
pretexting
Controls that are employed before an event and are designed
to prevent an incident. Examples include biometric systems designed to keep unauthorized persons out, NIPSs to prevent malicious activity, and RAID 1 to prevent
loss of data. These are also sometimes referred to as deterrent controls.
preventive controls
A type of cloud system designed for a particular organization in
mind. As security administrator, you have more control over the data and infrastructure. A limited number of people have access to the cloud, and they are usually
located behind a firewall of some sort in order to gain access
private cloud
The process of elevating the level of authority (privileges) of
a compromised user or a compromised application.
privilege escalation
A system used to centrally manage access
to privileged accounts. It’s primarily based on the concept of least privilege.
privileged access management (PAM)
The environment where your code fulfills its destiny (where users
access the final code after all of the updates and testing). When you hear people talk
about making their “code go live,” this is the environment they are talking about.
production
Running a network interface or system in monitoring mode
only.
promiscuous mode
A system designed to deter, detect,
and/or make difficult physical access to the communication lines carrying data and/
or voice communications.
protected cable distribution system (PDS)
An authentication protocol used to encapsulate Extensible Authentication Protocol (EAP) packets in order
to safeguard sensitive data.
Protected Extensible Authentication Protocol (PEAP)
Tools that allow network engineers and security teams to capture network traffic and perform analysis on the captured data to identify potential
malicious activity or problems with network traffic.
protocol analyzers
The establishment of a chain of custody for information that can
describe its generation and all subsequent modifications that have led to its current
state.
provenance
A method of obfuscating sensitive data while not anonymizing the nonsensitive data so that it can be used for other business purposes.
pseudo-anonymization
Application and storage space offered to the general public over the
Internet by a service provider.
public cloud
An entire system of hardware and software, policies and procedures, and people. It is used to create, distribute, manage, store, and
revoke digital certificates. If you have connected to a secure website in the past, you
have utilized
public key infrastructure (PKI)
Information organized into a long chain of blocks. When a buyer
and seller engage in a transaction, the blockchain verifies the authenticity of their
accounts.
public ledger
A data destruction method where paper is first shredded and then
reduced to pulp.
pulping
Grinding or shredding media and paper multiple times beyond
recognition.
pulverizing
A team that integrates the defensive capabilities of a blue team with
the adversarial techniques used by the red team. In most cases is
not a separate team, but a solid dynamic between the blue and red teams.
purple team
When software triggers and provides certain information such
as alerts, authentication attempts, updates, or any other notifications to a device
(mobile device, laptop, or desktop) without the user deliberately requesting it.
push notifications
