Sec 701 - General Terms Flashcards
RADIUS
Remote Authentication Dial-In User Service - Networking protocol that authorizes & authenticates users who access a remote network.
NIDS
Network Intrusion Detection System - Inspects network traffic at the packet level to identify threat. ALERTS ONLY
HIPS
Host Intrusion Prevention System - Blocks malicious activities on a host machine
IoC
Indicators of Compromise - High network activity, changes to file hashes, irregular international traffic, account lockouts, etc.
SOAR
Security Orchestration Automation Response - Allows incidents to be responded to immediately through automation. SIEM but with automated response
AIS
Automated Indicator Sharing - Machine-readable threats communicated between private and public sectors
NVD
National Vulnerability Database - Government repository based on vulnerability management data
TAXII
Transport mechanism for STIX (Encrypted through HTTPS)
STIX
Programming language for conveying data about CS threats in a way that can be understood by humans and machines
CIA
Confidentiality, Integrity, Availability - Fundamentals of security
WMI
Windows Management Instrumentation - Standardized & flexible way to manage windows computers.
DLP
Data Loss Prevention - Detects & prevents data breaches
SIEM
Security Information & Event Manager - Helps organizations detect, analyze, and respond to threats. ALERTS ONLY
PCI Compliance
Payment Card Industry - Mandates how credit card information is stored on computer networks
PHP
Hypertext Pre-processor - General purpose scripting language geared toward web development. VULNERABLE
SMB
Server Message Block - Communication protocol between NODES used to share files, serial ports, misc communications.
RFC
Request for Comments - Formal documents that describes the specifications for a particular technology
Technical Controls
Controls implemented using systems (Firewalls, antivirus)
Managerial Controls
Administrative controls associated with security design & implementation. (Security policies, standard operating procedures)
Operational Controls
Controls implemented by people instead of systems (Security guards, awareness programs)
Physical Controls
Physical security (Guard shacks, fences, badge readers, etc.)
Preventative Control Type
Block access to a resource (Firewalls, guard shacks, etc)
Deterrent Control Type
Discourage an intrusion (Warning signs, threats of demotions, front desk)
Detective Control Type
Identify & log intrusion attempts (Syslogs, login reports, motion detectors)
Corrective Control Type
Apply a control after an event has been detected (Restoring from backups, contact law enforcement, policies created)
Compensating Control Type
Control using other means - may be temporary (Firewall blocks a specific app instead of patching, simultaneous guard duties, generator used after power outage.)
Directive Control Type
Direct a subject towards a security compliance
Non-repudiation
Cannot deny what you’ve said. Digital signature adds non-repudiation, others can see signature. Proves integrity.
AAA
Authentication, Authorization, and Accounting
Authentication
Prove who you are - Password & MFA
Authorization
Based on identification & authentication, what access do you have?
Accounting
Login time, data sent & received, logout time
CA
Certificate Authority - Entity that stores, signs, and issues digital certificates.
Gap Analysis
Where you are compared to where you want to be with security protocols and procedures
NIST
National Institute of Standards and Technology - Understand and REDUCE companies cybersecurity risk and protect their networks and data
ISO
Standard to IMPROVE an organization’s information security management system
Planes of Operation
Data Plane, Control Plane
Data Plane
Routers, switches, firewall (Process frames, packets, network data)
Control Plane
Policies, rules (Manages actions of data plane, how a packet should be forwarded, routing tables, etc.)
Honey Pots
Attractive target for an attacker, alerts IT when tripped
Honeynets
A real network that includes multiple devices, alerts & sometimes traps an attacker
Honeytokens
Tracks the malicious actors once tripped
Allow List
Nothing runs UNLESS APPROVED - very restrictive
Deny List
Nothing on the deny list can be executed - allow everything else
PKI
Public Key Infrastructure - Binding of public keys to people or devices
Symmetric Encryption
SINGLE shared key, encrypt & decrypt done with same key. Does not scale well but very fast.
Asymmetric Encryption
Two or more mathematically related keys. Private & public keys are used
Private Key
Asymmetric encryption - only you have access to this key. You receive an email sent to you using your public key, use your private key to decrypt the message.
Public Key
Asymmetric encryption - Everyone has access to this key, used to encrypt messages being sent to someone & they use their private key to decrypt the message.
VPN
Encrypts all data transmitted over the network, forms a tunnel to a target. Client-based uses SSL/TLS, Site-to-site uses IPsec
Key Stretching
Make a weak key stronger (hash a password then has the hash of the password, etc)
Out of Band Key Exchange
Do NOT use internet to exchange. Call, courier, or in-person exchange
In Band Key Exchange
On the network, use asymmetric encryption to deliver a symmetric key
TPM
Trusted Platform Module - Cryptography hardware on a device (micro-controller) on a motherboard. Bitlocker can utilize this unique hash to create encrypted keys to protect hardware from unwanted changes.
Tokenization
Replace sensitive data with a non-sensitive placeholder. Original data & token are not mathematically related
Rainbow Table
Common passwords and their respective hashes that can be used to match with user accounts if a malicious actor gets access to usernames and hashed passwords.
X.509
Standard format of certificates - easy readability and standard for digital certs
Root of Trust
I trust this site, so you should also trust this site because I do.
HSM
Hardware Security Module - Physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures
TOCTOU
Attack type. Something may happen between the check of variables and the change of variables. Gaps in this can allow an attacker to time a change perfectly so between the change and the check, there is a discrepancy between what is and what should be. (The what is, is beneficial to the attacker. Ex. Having more money than they should.)
XSS attack
Cross Site Scripting - Takes advantage of trust a user has for a site.
Attacker sends malicious script in email/SMS/etc, clicks link to legit site, malicious script sends important info (username, password) to the attacker in plaintext.
AUP
Acceptable Use Policy - Agreement between a user and the computer administrator that addresses all of the rights, privileges, and rules that users must adhere to when using computer resources.
TACACS+
Terminal Access Controller Access-Control System - Popular provider of AAA
PKI
Public Key Infrastructure - System of processes, technologies, and policies that allows you to encrypt and sign data
BIA
Business Impact Analysis - Process used by organizations to assess and evaluate the potential impact of disruptive incidents or disasters on their critical business functions and operations
