Network And Application Security Week 6/7 Flashcards
Active directory
A windows component that stores network, domain, and user data. Allows administrators manage permissions and limit network access.
Active directory domain services
Authenticates users and defines which network resources they can access.
Anonymity
A condition in which users conceal their online id without masking their activity.
Asymmetric cryptography (public key cryptography
A cryptographic algorithm that requires two separate keys. One private and the other public. Message is encrypted with the public key and decrypted with the private key.
Authorization
The process that determines whether an id person is allowed access to a resource.
Behavior based detection
A type of threat detection that monitors unusual behavior. Ex a large number of requests for a computer or device resource.
Blacklisting
The practice of allowing anything to enter a network unless expressly prohibited.
Cloud DLP
A type of data loss prevention that encrypts cloud acct.
Correlation rule
A rule that instructs a sec mechanism as to which sequence of events may indicate anomalies, security vulnerabilities, or a cyber-attack
Data Loss Prevention (DLP)
A security tool that helps ensure users don’t transfer Valuable or sensitive data outside of the organization by monitoring, identifying, and blocking unwanted transfers.
Demilitarized Zone(DMZ)
A subnetwork located between private networks and the public internet which contains services that are fully exposed to the internet. This adds an extra layer of security preventing unnecessary access to private networks.
Domain controllers DC
A server that handles and responds to authentication requests inside a windows server domain.
Discretionary Access Control
Type is access control that restricts access to resources based on subject’s identity or group membership.
Endpoint agent
An EDR agent that monitors and collects data on all endpoint activities and stores it in a centralized database.
Endpoint Detection and Response (EDR)
A security tool that combines monitoring, protection and response to security threats on endpoints in real time.
Endpoint DLP
A type of DLP that doesn’t require a network. It monitors servers, workstations, laptops, and mobile devices that use, transfer, or store critical data. It can also monitor unsecure data storage.
Hashing
A process performed on data such as a file or application to generate a hash value.
Honeypot
A security mechanism that sets up a virtual trap to attract attackers. They are a form of misdirection that enables analysts to study the attackers activity patterns.
Host based firewall
A firewall that runs on a single networked computer or device. This type of firewall protect individual hosts from malware and attacks and control their network spread.
Host based intrusion detection system (HIDS)
A mechanism that runs on each host or endpoint device in a network and checks incoming and outgoing host packets and alerts endpoint users when it detects abnormalities.
Hypertext transfer protocol (HTTP)
A protocol that defines how messages are formatted and transmitted, as well as the actions web servers and browsers should take in response to various commands.
Incident Response
A collection of information security rules and procedures implemented by an organization to detect, contain, and remove cyber attacks.
Incident Detection
A task carried out by analysts to detect and collect data from IT systems, security technologies, and publicly available data as well as detect attack precursors and indicators.
Internet protocol security (IPsec)
A protocol that secures Internet communication across an IP network by verifying the session and encrypting each data packet during the connection.
Kerberos
A system that acts as a boundary between users and the network. It uses strong cryptography to allow clients to prove their ID to a server over an insecure network connection.
Key Distribution Center (KDC)
An access control component responsible for issuing access tickets and session keys in response to user requests for resource access.
Lightweight Directory Access Protocol (LDAP)
A protocol that allows programs to access user information quickly. It’s a simple client-server protocol used to access directory services.
Local Area Network
A collection of interconnected computers in a small area such as a building or an office.
Mandatory Access Control (MAC)
A type of access control in which the ability to grant or deny access to resource objects in a file system is restricted by an OS.
MD5
A type of hashing algorithm that encodes a string of information into a 128 bit fingerprint.
Network DLP
A type of DLP that secures network data by monitoring and analyzing network traffic.
Network based Firewall
A type of firewall that protects computer networks from attacks and restricts network traffic so that only authorized packets can access the organizations network, servers and assets.
New technology LAN Manager (NTLM)
A challenge response authentication mechanism that allows clients to prove their ID without submitting a password to the server.
Network based intrusion Detection system (NIDS)
A mechanism that monitors network traffic to detect threats. It examines al network packets content and headers.
OpenVPN
A type of VPN that creates secure point to point or site to site connections and remote access. It runs client and server apps.
Privacy
A condition in which no one can see a users actions but they may be able to determine who the user is.
Psuedonymity
The id of a person by a name that isn’t their actual name.
Remote access VPN
a type of VPN that allows remote users to securely access and use apps and data located in a remote network by encrypting all outgoing and incoming traffic.
Role based access control (RBAC)
A method for restricting access to a resource based on a users position within the organization.
Secure shell protocol (SSH)
A protocol that provides users a secure way to access a computer over an unsecured network.
Secure sockets layer protocol (SLL)
A protocol responsible for protecting data sent between web browsers and servers. It encrypts the connection between the two parties to protect their data.
SHA
Hashing algorithms that encrypt data and are considered very secure. The subtypes include SHA1 and SHA256. The greater the number following SHA the more recent and sophisticated the version.
Single sign on(SSO)
Authentication that allows a user to authenticate and securely with multiple applications and websites using a single set of credentials.
Site to site VPN
A type of VPN that relies on router to router communication, one router serves as the VPN client and the other is the VPN Server.
Stateful firewall
A type of firewall capable of monitoring all aspects of network traffic, including communication channels and characteristics.
Symmetric key cryptography
An encryption system where the sender and receiver of a message share a single key to both encrypt and decrypt the message.
The 3 a’s
Stands for Access Control, authentication, and Authorization. An indispensable framework for network management and security.
Ticket granting ticket
A user authentication token generated by the KDC that is used to request access to particular resources/systems without repeatedly entering credentials.
Transport Layer Security Protocols (TLS)
An enhanced and more secure version of ssl. TLS offers end to end security for different data transmissions between applications and services.
Web application Firewall
Protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
Whitelisting
The practice of defining permitted access as opposed to blocking prohibited access.
