Other Flashcards
Data owner
Person who is responsible for specific data. Usually a senior officer.
Data controller
Manages the purposes and means by which data is processed.
(E.g payroll controller defines payroll amounts and time frames, but the processor will process the payroll and store employee information.)
Data processor
Processes data on behalf of the data controller. Often a third-party.
(E.g payroll controller defines payroll amounts and time frames, but the processor will process the payroll and store employee information.)
Data custodian/steward
Responsible for accuracy, privacy, and security of data. Associates sensitivity labels to the data. Ensures compliance of data with applicable laws and standards. Manages access rights to the data. Implements security controls.
DPO
Data Protection Officer
Responsible for the organization’s data privacy. Sets policies, implements processes and procedures.
Data minimization
Only collect and retain necessary data.
Data masking
*****2512
Anonymization
Make impossible to identify individual data from a dataset
Pseudo-anonymization
Replace personal information with pseudonyms. Used to maintain statistical relationships.
PHI
Protected Health Information
PIA
Privacy Impact Assessment
Identifying how the privacy of our customer’s data will be affected by our new product, feature, or platform.
RTO
Recovery Time Objective
Describes how long it would take back to get to a particular service level.
RPO
Recovery Point Objective
A minimum level of service we need to achieve after disaster.
MTTR
Mean Time To Repair
Average time required to fix the issue.
MTBF
Mean Time Between Failures
Average time between failures.
DRP
Disaster Recovery Plan
BIA
Business Impact Analysis
Part of the overall BCP. Identifies critical systems and components that are essential to the organization’s success. Does not provide solutions. Just information about which systems are important, maximum downtime, and scenarios that are likely to affect these systems.
BCP
Business Continuity Plan
Outline disaster recovery and provides steps used to return critical functions to operation after an outage.
Risk Register
Document that identifies risks and possible solutions.
Risk matrix
Visualize the results of a risk assessment. Red is bad, green is less bad.
Inherent Risk
Risk that exists in the absence of controls.
Residual Risk
Risk that exists after implementing controls.
GDPR
General Data Protection Regulation
Data protection and privacy for individuals in the EU. Prevents privacy data from being exported outside of the EU and gives the user the power to have it removed. Requires the organization to explain their privacy policy.
HIPAA
Types of Risk Assessment
- Qualitative - e.g Colors in a chart, red bad, green less bad
- Quantitative - Numbers
ARO
Annualized Rate of Occurrence
How many times the event occurs in a year.
SLE
Single Loss Expectancy
Amount we lose for one occurrence of the event.
ALE
Annualized Loss Expectancy
ARO x SLE, How much we expect to lose in a year from the event occurring.
MDM
Mobile Device Manager
Enable or disable phone and tablet functionality regardless of location.
SLA
Service Level Agreement
Minimum terms for services provided. Uptime, response time agreement etc. Used between customers and service providers.
MOU
Memorandum Of Understanding
Both sides agree to the contents of the memorandum. Statements of confidentiality. Informal letter of intent, not a full blown contract.
MSA
Measurement System Analysis
Assesses the measurement process. Calculates measurement uncertainty.
BPA
Business Partnership Agreement
Provides details about owner stake, financial contract, decision-making agreements, prepare for contingencies.
NDA
Non-disclosure agreement
Creates confidentiality between parties.
EOL
End of life
Manufacturer stops selling OR supporting a product.
EOSL
End of Service life
Manufacturer stops selling AND doesn’t support the product (BOTH).
CBT
Computer-based training
CIS CSC
Center for Internet Security Critical Security Controls for Effective Cyber Defense
FRAMEWORK that identifies twenty key security controls that can be implemented for different organization sizes.
NIST RMF
National Institute of Standards and Technology Risk Management Framework
A 6 step FRAMEWORK required by government agencies.
1. Categorize - Define the environment
2. Select - Pick appropriate controls
3. Implement - Define proper implementation
4. Assess - Determine if the controls are working
5. Authorize - Make a decision to authorize a system
6. Monitor - Check for ongoing compliance
NIST CSF
National Institute of Standards and Technology Cybersecurity Framework
FRAMEWORK for commercial implementation rather than government.
- Framework Core - Identify, Protect, Detect, Respond, Recover
- Framework implementation tiers - Organization’s view of cybersecurity risk and processes to manage the risk
- Framework Profile - Alignment of standards, guidelines and practices to the framework core
ISO/IEC 27001
STANDARD, ISMS (Information Security Management Systems)
Organizations can implement the ISMS requirements. Then they go through a 3 stage process to become ISO 27001 compliant.
ISO/IEC 27002
STANDARD
Complement to the ISO 27001. Provides best practice guidelines for organizations relating to implementing the ISMS requirements.
ISO/IEC 27701
STANDARD, PIMS (Privacy Information Management System)
Based on ISO 2700. Outlines a framework for managing and protecting PII. Provides guidelines for complying with GDPR.
ISO 31000
STANDARD
Related to risk management. Guidelines for organizations to help manage risk.
SSAE SOC 2 TYPE I
A report, assesses how well security controls address risk. Not how effective they are in process.
SSAE SOC 2 TYPE II
A report, assess how well security controls actually work in practice over a particular interval of time.
CSA CCM
Cloud Security Alliance Cloud Controls Matrix FRAMEWORK
Cloud-specific security controls.
PCI DSS
Payment Card Industry Data Security Standard
A STANDARD for protecting credit cards. Six control objectives.
1. Build and maintain secure network and systems
2. Protect cardholder data
3. Maintain a vulnerability management program
4. Implement strong access controls measures
5. Regularly monitor and test networks
6. Maintain information security policy
Non-repudiation
Proof of data integrity and the origin of the data.
MAC (Crypto)
Message Authentication Code
Provides non-repudiation.
Data volatility Chart
- CPU registers, CPU cache
- Router tables, ARP cache, process table, kernel statistics, memory
- Temporary file systems
- Disk
- Remote logging and monitoring data
- Physical configuration, network topology
- Archival media
RFC 3227
Guidelines for evidence collection and archiving.
ESI
Electronically Stored Information
A legal hold can be placed on this type of data for it to be stored for a certain amount of indefinite amount of time.
Admissibility
Not all data you collect can be used in a court of law. Data must be collected with a set of standards in order to be used in court.
Chain of Custody
Control the evidence in order to main integrity. A document and hashes that verify that the data remains unchanged and who was responsible for it at any given time.
SOAR
Security Orchestration Automation and Response
Integrate third-party tools and data sources. Runbooks. Playbooks.
1. Orchestration - Connect many different tools together
2. Automation - Handle security tasks automatically
3. Response - Make changes immediately
Syslog
Standard for message logging. Diverse systems can create a consolidated log. Requires central log collected usually found in the SIEM.
Some flavors: Rsyslog, syslog-ng, NXLog
NetFlow
Gather traffic statistics from all traffic flows. Probe and collector. Probe sends summary records to the collector.
IPFIX
Newer, NetFlow-based standard
sFlow
Only looks at a portion of the actual network traffic. Unlike NetFlow and IPFIX which look at everything. Switches and routers might already support sFlow.
MITRE ATT&CK
ATTACK FRAMEWORK, MITRE Adversary Tactics Techniques and Common Knowledge
Gives a bunch of different attack methods that an adversary might use as well as mitigations and detection techniques.
Diamond Model of Intrusion Analysis
Cyber Kill Chain
- Reconnaissance
- Weaponization - Building the payload
- Delivery - Fire the payload
- Exploit - Activate it
- Installation - Install malware
- Command & Control - C2 channel created
- Actions on objectives
COOP
Continuity of Operations Planning
Plan that explains how to continue operations with certain systems being unavailable. E.g paper receipts, manual transactions, etc
CIRT
Computer Incident Response Team
DD command
Create a disk image: dd if=/dev/sda
of=/temp/sda-image.img
Restore from an image:
dd if=/temp/sda-image.img of=/dev/sda`
Wireshark, tcpdump, tcprelay
Packet analyzers aka protocol analyzers
Linux permissions string
Owner, group, user
rwxrwxrwx
logger
Add entries to the system log syslog.
OCSP Stapling
Online Certificate Status Protocol Stapling
Provides scalability for OSCP checks. Lets a client determine if a certificate is revoked on their own without contacting the CA. OSCP status is “stapled” into the SSL/TLS handshake.
Pinning
Pin the expected certificate or public key to an application. Complied in the app or added at first run.
Key escrow
Someone else holds your decryption keys.
CA
Certificate Authority
Issues, manages, validates, and revokes certs. Can be public or private. Public are big ones like GoDaddy. Can be locally hosted or not.
Intermediate CA
Issues certs to child CAs
Child CA
Issues certs to devices or end users.
CSR
Certificate Signing Request.
Request sent to the CA which will validate your identity and create a cert for you. You can then register this cert with your site.
RA
Registration Authority
Can assist the CA by collecting registration information. Never issues certificates, only assists in the registration process.
Root CA
Public key cert that identifies the root CA. The starting point.
PKI
Public Key Infrastructure
Policies, procedures, hardware, software, people involved in creating, distributing, managing, storing, and revoking certs. PKI creates the foundation of trust for all certs in your organization.
CRL
Certificate Revocation List
Maintained by the CA.
MAC (Access Control)
Mandatory Access Control
Every object gets a label: confidential, secret, top secret. If user’s labels matches the object, then they get access to the object
DAC
Discretionary Access Control
User is the owner and decides permissions.
RBAC
Role-based Access control
Roles are given to users. Roles have associated permissions/rights. Think groups in Windows.
ABAC
Attribute Based Access Control
Access based on many different criteria. User must hqve certain attributee as well as satisfy the critera. IP address, time of day, desired action, relationship to data, in department etc
Rule-BAC
Rule-based access control
Generic term. Access determined through system-enforced rules. E.g only between 9 AM and 5 PM.
PAM
Privileged Access Management
Store privileged accounts in a digital vault. Admins can check out the access for a temporary period of time.
SAML
Security Assertion Markup Language
Open standard for authentication and authorization.
OAuth
Authorization framework. Determines what resources a user will be able to access. Not an authentication protocol. “Zapier wants to access your Google Account.”
RADIUS
AAA protocol. Centralize authentication for users.
TACACS+
Remote authentication protocol. AAA Protocol.
Kerberos
Single sign on. Sign on once and we don’t need to do it again throughout the day.
IEEE 802.1X
Port Based Network Access Control (NAC)
Mostly wireless but can be used for wired as well. Linked directly with EAP. Used in conjunction with an access database RADIUS, LDAP, TACACS+, DIAMETER.
PAP
Password Authentication Protocol
An authentication protocol. Old, bad, clear text. Simple password.
CHAP
Challenge-Handshake Authentication Protocol
Another authentication protocol. Encrypted challenge sent over the network.
MS-CHAP
Microsoft’s implementation of CHAP
MS-CHAPv2 and MS-CHAP are not secure.
TPM
Trusted Platform Module
Hardware module or part of motherboard that provides with additional secure cryptography functions like key generations. Might have keys burned into the TPM. Can also securely store keys protected from brute force.
HSM
Hardware Security Module
Plug in card or separate hardware device that performs cryptographic functions very quickly. Contains cryptographic accelerators.
KBA
Knowledge-based Authentication
Personal knowledge as an authentication factor. Static KBA and dynamic KBA. Static KBA are security questions like normal. Dynamic KBA are questions determined dynamically from information gathered on the internet.
SSH commands
ssh-keygen
- Create public/private key pairssh-copy-id user@host
- Copy public key to SSH serverssh user@host
- Connect without password prompt
CASB
Cloud Access Security Broker.
Can be located on your network edge or edge of cloud. Determines what users can do on the cloud, what they can access, which data they can transfer etc.
SWG
Next-Gen secure Web Gateway
Examines JSON strings and API calls. Allows or disallow certain activities.
VPC
Virtual Private Cloud
Pool of resources created in a public cloud.
VDI/VMI
Virtual Desktop Infrastructure / Virtual Mobile Infrastructure
All data is stored externally. Remote access software used to access it.
OTA
Over the Air
Firmware updates applied to a device over the air.
WiFi Direct/ad Hoc
Allows devices to connect wirelessly directly.
UEM
Unified Endpoint Management
Mostly applies to mobile devices but could be applied to any device. Refers to managing endpoint devices.
MAM
Mobile Application Management
Provision, update, remote apps. Create an enterprise app catalog.
Point-to-point 802.11 connection
One-to-one connection between two devices. E.g Wi-Fi repeaters connected to eachother
Point-to-multipoint 802.11 connection
Devices communicate with multiple other devices.
EAP
WIreless Authentication Protocol that integrates directly with 802.1X port based network access control. Support many different flavors.
EAP-FAST
Flexible Authentication via Secure Tunnel. Creates a secure tunnel between the supplicant and the authentication server. Uses a PAC, Protected Access Credential (shared secret). Uses a TLS tunnel.
PEAP
Protected EAP
Cisco created. Creates a TLS tunnel, but doesn’t use a PAC. Instead uses a digital certificate on the server only to setup the tunnel between the supplicant and the auth server.
EAP-TLS
EAP Transport Layer Security
Unlike PEAP requires certs on the clients and server. Mutual authentication is performed before the TLS tunnel is setup between the supplicant and the auth server.
EAP-TTLS
EAP Tunneled Transport Layer Security
Allows you to tunnel other authentication protocols in the TLS tunnel. Only requires a single certificate on the auth server which is used to setup the TLS tunnel. Then we can use MSCHAPv2, other versions of EAP, etc inside of that tunnel.
RADIUS Federation
RADIUS on the backend, EAP to authenticate. e.g eduroam.
WPA3-Personal / WPA3-PSK
WPA3 with a pre-shared key. Everyone uses the same key. WPA3 session key derived from the PSK using SAE (Simultaneously Authentication of Equals)
WPA3-Enterprise / WPA3-802.1X
Uses a centralized authentication server e.g RADIUS, TACACS+, LDAP
WPS
Wi-Fi Protected Setup
Press a button on the router to connect. Use a basic pin.
CCMP
Counter Mode with Cipher BLock Chaining Message Authentication Code Protocol or Counter/CBC-MAC protocol
GCMP
Galois/Counter Mode
Jump Server
Access secure network zones via hardened server. Jump into the DMZ/screened subnet.
NIST SP800-61
Computer Security Incident Handling Guide
- Preparation
- Detection and Analysis
- Containment, Eradication, and Recovery
- Post-incident Activity
memdump
Copy information in system memory.
Forward Proxy
The proxy visits the site on your behalf.
Reverse Proxy
Internet users use the proxy to get access to resources on your internal network.
Open Proxy
3rd party proxy on the internet that anyone can use.
Out-of-band Management
Managing a device without using the network. E.g connecting to a serial port on a router to manage it.
NAC
Network Access Control
- Performs health checks and posture assessment on devices
- Persistent agent - Permanently installed onto a system
- Dissolvable agent - No installation required. Runs during the posture assessment. Terminates when no longer required.
- Agentless NAC - Checks are made during login and logoff. Part of the OS itself, on Windows it integrates with AD.
QoS
Refers to network traffic congestion control and guaranteeing a fast stable connection.
FIM
File Integrity Monitoring
Monitoring files to check for changes. Some files should never change. Often used to monitor important operating system and application files.
Broadcast Storm Control
Feature on switches to prevent a broadcast storm by limiting and detecting the number of broadcasts.
BPDU
Bridge Protocol Data Unit
Frames that are used in spanning tree protocol. BPDU guard is a feature on switches.
MAC Filtering
Only allow certain MAC addresses on your network.
Remote Access VPN
Allows you to access resources within a private network from a public network.
VPN Protocols
- L2TP
- IPSEC in tunnel mode
- TLS
- HTML5
VPN: Full Tunnel Mode
All traffic goes through the tunnel. Not selective.
VPN: Split Tunnel Mode
Some of the traffic goes through the tunnel, other traffic does not. This is determined by the system administrator. Most likely all the traffic going to the internal private network will be tunneled, the rest maybe not.
Site-to-site VPN
Two networks connected via VPN. Think of a firewall on each network edge.
IPSEC Modes
- Transport mode - Payload encrypted. Headers are not.
- Tunnel mode - Payload and headers both encrypted. Hence, is more suited for VPNs.
IPSEC Components
- AH - Authentication Header. A protocol. Does NOT provide encryption. Provides Data integrity, guarantees origin, prevents replay attacks.
- ESP - Encapsulation Security Payload - Encrypts and authenticates the tunneled data. Integrity checking.
- Combine them to achieve integrity and authentication.
Screened Subnet
Previously known as a DMZ. A sectioned off network by a firewall with a different security zone. We might we use a jump server to access it.
Extranet
A sectioned off network by a firewall. Used by vendors, suppliers, and anyone who needs it. Only authorized users are allowed.
Intranet
Sectioned off network. Only available internally. Employees only.
East-west Traffic
Traffic flow between devices inside the data center.
North-south Traffic
Traffic flow inbound or outbound from the data center.
Active/Passive load balancing
If one of our active server fails, the passive server takes place.
SED
Self Encrypting Drive
Boot integrity order
- Secure boot - Part of UEFI. Verifies the boot loader by checking it’s digital signature.
- Trusted Boot - Verifies the digital signature of the OS kernel
- ELAM - Early Launch Anti-Malware. OS checks signatures of drivers before loading them.
- Measured Boot - Verify that no changes have been made to the OS since last boot. A hash is stored by the UEFI bios in the TPM.
- Remote attestation - Provide verification report to a management server. Attestation server compares the report with what it knows to be trusted, checking for modifications.
EDR
Endpoint Detection and Response
NGFW
Next-generation firewall
Inspects the packets. Keeps track of sessions. Can prevent or block very specific actions.
HIDS and HIPS
Host-based Intrusion Detection System
Host-based Intrusion Prevention System
Secure Protocol: Voice and Video
SRTP - Secure Real-Time transport protocol
Secure Protocol: Time synchronization
NTPsec - NTP Secure
Secure Protocol: Email
S/MIME
Secure POP
Secure IMAP
SMTP encrypted
Secure Protocol: Layer 3
IPSec
Secure Protocol: File Transfer
FTPS
SFTP - Inherently secure
Secure Protocol: Directory Services
LDAPS
Secure Protocol: Remote Access
SSH
Secure Protocol: DNS
DNSEC
Secure Protocol: Routing and Switching
SNMPv3
SSH
HTTPS
Secure Protocol: Network Address Allocation
No secure version of DHCP
ECC
Elliptic Curve Cryptography - Asymmetric
Stream Cipher
- Encrypts 1 bit or byte at a time
- Symmetric
- Uses an IV (nonce) to add randomization
- High speed, low hardware complexity
Block Cipher
- Encrypts in fixed length blocks
- Symmetric
- Has modes of operations to choose from
Block Cipher Mode: ECB
Elctronic Codebook
Each block encrypted with the same key. Identical plaintext blocks create identical ciphertext blocks.
Block Cipher Mode: CBC
Cipher Block Chaining
Each plaintext block is XORed with the previous ciphertext block. Uses an IV for the first block.
Block Cipher Mode: CTR
Counter Mode
Block cipher acts like a stream cipher. Encrypts successive values of a counter.
Block Cipher Mode: GCM
Galois/Counter Mode
Encryption with authentication.
PFS
Perfect Forward Secrecy
Changes the keys used to encrypt and decrypt frequently and automatically. Every sessions has different keys. Elliptic curve or Diffie-Hellman ephermeral
HE
Homophobic Encryption. Perform calculations on the data while it’s encrypted.
PKBDF2
Password-Based Key Derivation Function 2. Key stretching library.
Pulping
Paper destruction. Large tank for washing off ink.
Narrowband
Long distance embedded systems communication.
Baseband
Short range embedded systems communication.
Zigbee
IoT networking standard. Alternative to WiFi and Bluetooth. Longer distances than bluetooth and less power than WiFi.
SoC
System on a Chip
Multiple components running on a single chip. E.g Raspberry Pi
FPGA
Field-Programmable gate array
Integrated circuit that can be configured/programmed after manufacturing. Common in switches, routers, and firewalls.
ICS
Industrial Control System
MFD
Multifunction Device.
Single device that has multiple features. E.g Scanner, printer, and fax all in the same unit.
RTOS
Real-Time Operating System
Operating system with deterministic processing schedule. No time to wait for other processes. Common in industrial equipment, automobiles, and military environments.
HA
High availability
Full Backup
Everything
Incremental Backup
All files changed since the last incremental
Differential backup
All files changed since last full backup
NAS
Network Attached Storage
Provides file level access to a large storage array over the network. If you want to modify a file you have to overwrite the entire file. Requires a lot of bandwidth.
SAN
Storage Area Network
Provides access to a storage drive over the network. Looks and feels like a local storage device. Block level access. If you want to modify a file you only need to change a few blocks not the entire file. Requires a lot of bandwidth.
Image Backup
Capture an exact replica of everything on a storage drive. Can be used to restore the operating system to as specific state later on.
SAN Replication
Data is replicated between two SANS (SAN-to-SAN).
SAN Snapshot
Create a state of data based on a point in time.
UPS
Uninterruptible Power Supply2
- Offline/Standby
- Line-interactive, UPS ramps up as voltage goes down
- On-line/Double-conversion, Always on and providing power, if power goes out there’s no switching process.
Multipath I/O
Form of disk redundancy. Multiple paths for data transfer to a device.
RAID 0
- Striping without parity.
- High performance, NO FAULT TOLERANCE, NO REDUNDANCY
- 2 Disks
RAID 1
- Mirroring
- Duplicates data for fault tolerance, requires twice the disk space
- 2 Disks
RAID 5
- Striping with parity
- Fault tolerant, only requires an additional disk for redundancy
- 3 Disks
RAID 6
- Extension of RAID 5
- 4 Disks
RAID 10 or RAID 1+0
- Combines mirroring (RAID-1) and striping (RAID-0)
- 4 Disks
FAR
False Acceptance Rate
Biometrics. Likelihood that an unauthorized user will be accepted. Not sensitive enough.
FRR
False Rejection Rate
Biometric. Likelihood that an authorized user will be rejected. Too sensitive.
CER
Crossover Error rate
Biometrics. Defines the overall accuracy of the biometric system. Rate at which FAR and FRR are equal.
Attestation
Proving the hardware is really yours and that you can trust the system.
TOTP
Time-Based One Time Password
No incremental counter. Uses secret key and the time of day.
HOTP
HMAC-Based One Time Password
Tokens generated are based on a secret key and a counter.
Software Diversity
Using alternative compiler paths to ensure a different binary each time we compile.
Scalability: Up and Down
Manually adding or taking away compute resources. Physical hardware
Scalability: In and Out
Adding more machines to the cluster.
SDN
Software Defined Networking
Directly programmable network appliances. Infrastructure as code.
SDV
Software Define Visibility
We can see the data passing through our network appliances. Infrastructure as code.
Transit Gateway
How we access our VPC (Virtual Private Cloud). A router in the cloud.
SIAM
Service Integration and Management.
Consolidates our services running on different cloud providers into one interfaces.
FOG Computing
Cloud + IoT
Local decisions made from local data. Immediate data stays local. Long-term analysis can occur in the cloud.
MSP
Managed Service Provider
Cloud service provider. Provides network connectivity management. Backups and disaster recovery. And growth management and planning.
Data Sovereignty
Data that resides in a country is subject to the laws of that country. E.g GDPR
IRM
Information Rights Management
Restrict data access to unauthorized persons: Prevent copy and paste, control screenshots, manage printing, etc
Purple Team
Red and blue teams working together
Pentesting Process
- Initial exploitation
- Later movement - Move from system to system
- Persistence
- Pivoting - Access systems that would normally not be accessible using our current access
- Cleanup
TTP
Tactics, techniques, and procedures
Methods used by the adversaries.
AIS
Automated Indicator Sharing
Automated way of sharing threat information between organizations.
STIX data shared is by TAXII.
WPA2 PSK Mode
Pre-shared Key
Users connect to the network anonymously with a passphrase.
WPA2 Enterprise Mode
Users connect to the network with their own username and password.
Horizontal Priv Esc
User A can access user B resources
Vertical Priv Esc
The attacker gets a higher privilege level
GLB
Gramm-Leach-Bliley
Requires companies to develop privacy practices and policies that detail how they collect, sell, share, and otherwise reuse customer information.
Pharming
Similar to phishing but attacking DNS in order to redirect to your malicious site in order to harvest credentals.
Birthday attack
Find a collison through brute force. Generate multiple versions of plaintext to match hashes.
Bluesnarfing
Access a bluetooth-enabled device and transfer data
e.g Contact list, calendar, email, pictures, video, etc
6 Octal
110
SOX
Sarbanes-oxley act. Data governance regulation that requires that executives take individual responsibility for the accuracy of financial reports.
HIPAA
Health insurance portability and accountability act. A data governance regulation. Mandates that organizations protect health information.
AAA
Identification, Authetication, authorization, accounting
VPN Authentication Methods
VPN should ensure that only authorized users access it.
1. PAP - Password Authentication Protocol
2. CHAP - Challenge Handshake Authentication Protocol
3. RADIUS
4. TACACS+
SOA record
Start of authority record
Includes information about the DNS zone and some of its settings which are useful for clients to know. E.g TTL
MX Record
Mail exchange record
Identifies a mail server used for email. Linked to A or AAAA record of the mail server. When there is more than one mail server, the one with the lowest preference number in the MX record is the primary mail server.
Corrective control
Mitigates damage
Compensating control
Restore from an attack by other means