Misc Vocabulary Flashcards

1
Q

Zigbee

A

communication technology often found in a home automation system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Collision attack

A

This happens when a hacker discovers an input that generates the same hash value as a legitimate input. The attacker can then replace the legitimate content with the altered content and the digital signature will still say it’s good. This similar to how a rainbow table works, although in that case the hacker finds the hash of a lot of common passwords then looks for those hashes in the database table containing hashed passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Flood guard

A

technology used to block DoS attacks. Does not help prevent routing loops.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

eDiscovery

A

reference model. Phases include identification, collection, processing, review, and production. Attorney review of collected material takes place in the Review phase.

Mnemonic: I collect peer review processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Nessus

A

vulnerability scanner that can also perform compliance auditing such as PCI DSS audit scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Lockheed Martin cyber kill chain

A

Analysis framework that implicitly assumes that adversaries never retreat during an attack. Compare to AlienVault, MITRE ATT&CK, and Diamond Model of Intrusion Analysis, each of which allow for a broader range of adversary behaviors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Iris recognition tech

A

Biometric auth technique. Nonintrusive, low false positive rate. Iris patterns remain stable throughout a person’s life and may be scanned from a distance. Unfortunately the scanners can be fooled by an image of a person’s face.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Purple team

A

In a pen test, the purple team includes all participants: red, blue and white team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Man-in-the-browser attack

A

Attack made on a web application, typically by exploiting a browser extension. This gives the attacker access to all the information accessed by the browser. Best defense is to disable browser extensions, but that has to be done on the client, not the web server. This is a type of proxy Trojan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DOM-based XSS attack

A

Type of cross site scripting attack where the attack code is hidden within a Document Object Model. Viewing the HTML on the page would not show this attack code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Identity provider

A

In Federated authentication, the identity provider (IdP) is the organization where the user logs in. this organization then asserts to the other members of the federation that the user is valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Digital signature

A

The sender of the email encrypts a message digest (usually a hash of the email message) using the sender’s private key. This has to be decrypted using the sender’s public key, which verifies that the sender is the one who sent it.

Contrast that to sending an encrypted email: there the message itself is encrypted using the recipient’s public key, and the recipient decrypts it using the recipient’s private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Confusion, diffusion

A

In the context of encryption algorithms, “confusion” ensures that any relationship between the algorithm and the key is extremely complex. Diffusion is another property, that takes any statistical patterns in the plaintext and prevents them from appearing in the ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Vendor diversity

A

Having similar components in the same network but coming from different vendors. This reduces risk - if an attack works against one of them, the second is unlikely to have the same vulnerability so it prevents the attacker from getting further into the network. CompTIA really likes vendor diversity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Embedded system constraints

A

NOT a constraint: physical form factors, heat.

Common constraints: power, compute, network, crypto, inability to patch, authentication, range, cost, implied trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Restoration Order Documentation

A

Used when restoring operations after a disaster. Specifies the order for restoring systems and services to insure that dependencies are available before those that depend on them, and that mission-critical services are restored first.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Vertical Scaling

A

Adding additional capacity to an existing server, such as more hard drive space or another CPU. Compare to horizontal scaling which adds an additional server of the same type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Incident Response Process

A

Cycle steps are preparation, identification, containment, eradication, recovery, lessons learned. It’s a cycle so it continues back at preparation.

Mnemomic: Perhaps I Can Eat Rice Later

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Walkthrough

A

Typical part of yearly incident response preparations. The team goes through a sample incident step by step, making sure each person knows what they would need to do. Compare to a tabletop exercise, which has each person being asked what they would do at each step and has more flexibility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Cyber Kill Chain

A

Attack model created by Lockheed Martin. Phases are: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control, Actions on Objective.

Mnemonic: Real Women Date Engineers In Commando Armor

NOTE: this model never has the attacker retreating. Several other popular models are more flexible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

pathping

A

Windows command line tool that shows network latency and loss at each step along a route. Tracert gives the route but not the extra information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Out-of-band management

A

Security technique that places the administration interface of a switch, router, or other device on a separate network, or else requires direct connectivity to the device to access and manage it. This prevents an attacker that gains access to the organization’s network from making changes to the network devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Jailbreaking

A

For a mobile device, jailbreaking allows enhanced third-party operating systems or applications to be used. This can be considered a privilege escalation attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Blowfish

A

Symmetric key block cipher. Used in the Bcrypt key stretching function.

25
Q

Diamond Model of Intrusion Analysis

A

Incident response approach. Core elements are:

  • Adversary (the attacker)
  • Capability (tools and techniques used by the adversary)
  • Infrastructure (what the adversary uses to attack)
  • Victim (who or what was attacked)
26
Q

journalctl

A

Linux command available in CentOS and Red Hat Enterprise Linux that allows you to view journal logs that contain application information.

27
Q

Data custodian

A

Individual charged with safekeeping of information under the guidance of the data owner. Often this is a sys admin.

28
Q

pagefile

A

The Windows paging file, or pagefile, is sometimes called Windows 10 virtual memory. It supports system crash dumps and enables the system to use physical RAM more efficiently by writing some file content to a hard disk if the main memory is near capacity. It is stored on disk.

29
Q

WinHex

A

Commercial disk editor that provides a number of useful forensic tools.

30
Q

Pass-the-hash

A

technique where an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems. The threat actor doesn’t need to decrypt the hash to obtain a plain text password. This is most commonly done using a Windows domain workstation.

31
Q

Purpose limitation

A

Organizations should only use data for the purpose disclosed during the collection of that data.

32
Q

Data controller

A

Person who determines the reasons for processing personal information and direct the methods of processing that data. Used primarily in EU law.

33
Q

Data processor

A

processes data given to them by the data controller (or data owner). Often this is a third party. The data processor does not own the data that they process nor do they control it. This means that the data processor will not be able to change the purpose and the means in which the data is used. Furthermore, data processors are bound by the instructions given by the data controller.

34
Q

Interactive testing

A

application testing that analyzes code while a tester manipulates inputs to the application. This combines static and dynamic analysis.

35
Q

Boot attestation

A

The system attests to a verification platform about the trustworthiness of the software it is running after it completes the boot process

36
Q

Shared responsibility model

A

This applies between a cloud service provider and the customer (organization buying the cloud services from the cloud service provider). The customer always retains either full or partial responsibility for data security. The cloud provider is always responsible for hardware and physical datacenters. Responsibility for applications is customer’s under IaaS, provider’s under SaaS, and shared under PaaS.

37
Q

Opal

A

Opal storage specification defines how devices protect the confidentiality of user data. This is provided by Trusted Computing Group. For example, it would define self-encrypting drives.

38
Q

Input whitelisting

A

Technique that defines the specific input type or range that users may provide for an app. When developers can write clear business rules defining allowable user input, whitelisting is the most effective way to prevent injection attacks.

39
Q

sFlow

A

sFlow is a multi-vendor, packet sampling technology used to monitor network devices including routers, switches, host devices and wireless access points. sFlow is an embedded technology – it is implemented through dedicated hardware chips embedded in the router/switch.

Concern: sFlow samples only network traffic, so some detail will be lost.
Good point: it scales well, because it just samples the data.

40
Q

Standard

A

In the context of security controls, a standard is a document that describes acceptable mechanisms for doing a particular task, such as obtaining remote administrative access to servers. This information is too nuts and bolts to be a policy, and not detailed enough to be a procedure. Guidelines are not mandatory.

41
Q

Volatility

A

a memory forensics toolkit that includes memdump

42
Q

Certificate stapling

A

attaches a current OCSP response to the certificate to allow the client to validate the cert without contacting the OCSP server.

Compare to certificate pinning which is used to provide an expected key, not to check cert status.

43
Q

Inline CASB

A

Inline CASB solutions require either network configuration or the use of a software agent. They intercept requests from users to cloud providers, so they are able to both monitor activity and enforce policy.

44
Q

proxy Trojan

A

intercepts traffic and modifies it for malicious purposes. typical example is a man-in-the-browser attack.

45
Q

Password spraying

A

Attack that uses known usernames and passwords to attempt to log in as the same user on other services and sites. For example, if site A gets the user info stolen, the attacker would then try those usernames and passwords on site B, C, D, etc. because a lot of people use the same username and password on multiple sites.

According to a different source, it’s just using a list of common passwords, and trying one on all the usernames you can guess for a given network (from OSINT or dumpster diving), then trying another on all the accounts. Repeat until you find one that works. This gets around password lockout policies usually.

46
Q

Watermarking

A

identification technique for sensitive data. Tag all your sensitive files with digital watermarks to flag them to the DLP system.

47
Q

theHarvester

A

security tool designed to help collect open source intelligence from search engines, including SHODAN security search engine. This lets it build lists of info like email addresses, domains, systems, open ports, and banners.

48
Q

SSL/TLS Inspection

A

When enabled, all TLS traffic will be intercepted, decrypted, inspected, reencrypted, then sent on to the destination. (unless blocked of course)

49
Q

NIST SP 500-292

A

Reference model for cloud computing, at a high level. Explains interactions between different organizations and services in a cloud deployment.

50
Q

Tap

A

A tap is a device that independently sends a copy of network traffic to another path or location. Both active and passive taps exist, and they don’t add any additional load to the switch or router that the traffic is passing through.

51
Q

BitLocker

A

Microsoft BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. It requires either a TPM or a removable drive to store elements of the encryption key.

52
Q

FTK Imager

A

Proprietary tool used to create forensic disk images. The forensic image is identical to the original including copying the slack, unallocated, and free space.

A similar but non-proprietary tool is dd.

53
Q

CIS Controls

A

Center for Internet Security Critical Security Controls, aka “Top 20 Controls” or “CIS Controls”.
This is a framework composed of 20 control groups covering topics ranging from hardware inventory to penetration testing.

54
Q

IPFIX

A

IP Flow Information Export protocol

based on NetFlow v9. Groups traffic into flows which are then sent to a centralized collection point

55
Q

Transitive access

A

Security issue that inadvertently gives an end user advanced access to another part of the application or system on which it is hosted.

56
Q

IP spoofing

A

common type of on-path attack, where the attacker splits a connection between the client and server into two connections, by spoofing the IP address of one of them.

57
Q

Smurf attack

A

Attacker sends a single ping with a spoofed source address to the broadcast address of a network. This results in each device on that network getting a ping and responding to it, which floods the spoofed source address with ping responses. This can be prevented by blocking external ICMP requests at the firewall to the internet for the network with the broadcast address. It’s harder to prevent on the victim.

58
Q

Data steward

A

Responsible for implementing a set of data quality guidelines and ensuring that they are being carried out on a day-to-day basis.