Section 1: Fundamentals of Security Flashcards
DAC
Discretionary Access Control.
Authorization model where owner of the resource decides who is allowed to access the resource.
MAC
Mandatory Access Control.
Authorization model where access to resources is determined by a set or rules defined by the central authority.
RBAC
Role based access control.
Assigns permissions to roles rather than individual users.
Inline Devices
These devices are designed to interact with the network traffic actively and can take actions on packets.
SASE
Secure Access Service Edge.
Form of cloud architecture that combines a number of services as a single service. Reduces costs and simplify management, provides security, provides security by combining SD-WAN, firewall-as-a-service, secure web access, and ZTA access.
Fail-close
When a network encounters errors and exceptions the system will deny further access when an error occurs and will remain closed until delt with.
Due Diligence
Characteristics:
- assessing the security practices and confirming that they meet the organizations security requirements and standards
- evaluating financial stability of vendor
- ensure their practices comply with company’s own practice
- checking reputation
Cipher Block
A fixed-size portion of data that an encryption proccessess.
Layer 7 Firewall
operates at the application layer and can make more granular decisions about the traffic based on the applicaiton-payload
802.1x
IEEE standard that governs port-based access.
Layer 4 Firewall
operates at the transport layer and provides less granularity for blocking or allowing traffic based on the application payload
SD-WAN
Software-defined wide area network.
Provides centralized network management, flexible routing, and traffic management capabilities. It can be hosted on-prem or in cloud.
TLS
Transport Layer Security.
Operates on layer 7 and is used for securing application layer communication. Used for secure network communication.
AH
Authentication Header.
Protocol component of IPsec which offers packet integrity.
WPA2-PSK
Wi-Fi Protected Access 2—Pre-Shared-Key.
This is the WPA2 Personal mode authentication process that leverages a passphrase to create a key called the PMK.
PMK
Pairwise Master Key.
Dragonfly Handshake
A feature of WPA3s SAE method.
SAE
Simultaneous Authentication of Equals
PAKE
Password Authentication Key Exchange.
Is for SAE protocol.
End-of-life Vulnerability
Can allow hardware attack that involves exploiting vulnerabilities in devices that are no longer supported or updated by the manufacturer. These are still usable.
Shadow IT
Threat actor resulting from unauthorized or unapproved IT systems or devices within an organization. The employee is not usually intending harm.
TOC Vulnerability
Time-of-Check Vulnerability
Attacker exploits the time gap between the verification of data and its use, potentially leading to unauthorized or malicious activities.
Risk Tolerance
An organization predetermined level of acceptable risk exposure. It represents the extent to which an organization is willing to tolerate potential risks before taking action to mitigate or avoid them.
Risk Appetite
Refers to the amount of risk an organization is willing to take on to achieve its strategic objectives.
Risk Register
Tools used to track and assess the risk.
Risk Indicator
Metric that is monitored to assess risk levels.
RTOS
Real-time Operating System
Prioritizes performance, sometimes at the expense of security features. E.g. sacrificing a buffer overflow protection.
Environmental Variables
The unique characteristics of an organizations infrastructure, business environment, and operational context that can impact vulnerability assessments and risk analysis.
National Legal Implications
Laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy.
Symmetric Encryption
Uses the same key for encryption and decryption but does not involve key exchange.
Decentralized Governance
Decision-making is distributed among various departments or sectors, promoting responsiveness and specialization.
Archive
In the context of security, it provides insights into past incidents.
SCADA
These systems often have limited security updates because they are engineered for a specific task.
Host-based Firewall
Hardening technique that can protect a system or device from unauthorized or malicious network traffic.
HIPS
Host based intrusion Prevention System
Can detect and prevent unauthorized file modifications, detect attacker intrusion, prevent changes to ports.
Layer 7
Application Layer; end-user services, appliances at this layer can make filtering decisions based on URL, HTTP, and application functions.
Layer 6
Presentation Layer, is responsible for translating data between the application and transport layers.
Layer 5
Session layer, manages corrections between applications.
Layer 3
Network Layer; Devices are conceived with IP addressing and routing.
ECC
Ecliptic Curve Cryptography
Trapdoor function that is efficient with shorter key lengths. Private and public key pairs are generated based on elliptic curve mathematics.
Port 1433
Microsoft SQL Server
Port 53
DNS
Port 443
SSL/TLS Server
Port 21
FTP
Port 80
HTTP
Agent-based NACs
Uses a software component installed on a central server to monitor network traffic.
SCAP
Security Content Automation Protocol
Automates vulnerability management, maintains compliance with regulatory standards, standardized maintenance of system security, and managing configurations.
Stateful Firewall
Keeps track of active connections and decides on packet allowance based on content of traffic.
Cellular Connections
Uses GSM or CDMA technology provides wireless communication. Encryption and authentication methods to protect data with high bandwidth for reliable connection.
Satellite
High latency and low bandwidth. Signal loss can occur and have a high cost.
Bluetooth
Not encrypted, low bandwidth. Supports small amounts of devices at a time at short distances.
SD-WAN
Software defined- wide area networking
Virtual WAN, ideal for global infrastructure requiring a broad network.
Recurring Report
Report generated at random intervals to keep stakeholders updated on ongoing security metrics, trends, and concerns
Threat Intelligence Briefing
Specialized report highlighting current and emerging threats, often sourced from external threat providers.
TCO
Total Cost Ownership
Includes initial price of the total and ongoing expense related to maintenance, updates, and other associated costs over their lifecycle.
Hot Site
Full-scale replication of primary IT setup that can be activated immediately in the event of a system failure.
OSINT
Leverages publicly available data sources to gather intelligence on targets, providing valuable insight without breaching any laws.
Information Sharing Organization
Entities that facilitate the sharing of threat and vulnerability information among different organizations.
Proprietary/Third Party
Sourced from private or commercial databases available to subscribers or specific organizations.
BEC
Business Email Compromise
E.g. cybercriminals impersonating executives in a company and contacting you via email
TOU
Time of Use
This vulnerability arises when there’s an opportunity for an attacker to manipulate a resource after its creation but before its use by an application.
Memory Leaks
Involve releasing memory that is no longer in use, can potentially lead to reduced system performance.
On-path attack
Network attack that involves intercepting or modifying data in transit between two parties by using a packet sniffer, proxy server, or a rogue WAP.
Amplified DDoS Attack
Involves using a forged IP address, it typically relies on a smaller set of servers to send an amplified amount of traffic to the victim.
Reflected DDoS Attack
The attacker sends requests to multiply third-party servers using a forged source IP address (victim IP address). The servers respond to the victim thinking the request originated from there.
Wireless Attack
Network attack that involves exploiting vulnerabilities or weaknesses in wireless network devices, such as encryption, authentication, or configuration. This is specific to targeting the weakness of the network device.
FMEA
Failure Mode and Effects Analysis
SLA
Service Level Agreement
Defines agreed upon service levels and performance metrics that the vendor is expected to meet. It outlines specific services, performance expectations, response times, and remedies.
WO/SOW
Work Order/ Statement of Work
Document that provides detailed instructions, requirements, specific tasks, projects to be carried out by the vendor.
Blockchain
Decentralized nature b/c it distributes the ledger across P2P network to eliminate SPoF.
Homomorphic Encryption
Allows for computations on ciphertext without the need for decryption first.
Enumeration
In the concept of data access management, refers to the practice of assigning unique identifiers, access controls, and attributes to each asset.
Vulnerability Assessment
Specific method used within risk identification to determine the weaknesses an organizations IT infrastructure.
Horizontal Password Attack
An attack targets multiple accounts by using a few common passwords across them.
Vertical Password Attack
Targets a single user account and uses a large number of attempts until it finds the right one.
MTLS Authentication
Mutual TLS Authentication
Involves both client and server authenticating each other using certificates for secure communication.
RoT
Root of Trust
Source that can always be trusted and is a central part of trust. It can be a piece of hardware or software.
CRL
Certificate Revocation Lists
A list of certificates that have been revoked by a CA before their expiry date.
OSCP
Online Status Certificate Protocol
An internet protocol used for obtaining the revocation status of a digital certificate.
EF
Exposure Factor
Quantitative estimate of the potential damage to an asset if a given threat exploits the vulnerability.
SNMP
Simple Network Management Protocol
Its main purpose is the management and monitoring of network devices. Provides capabilities to handle network performance, control network configuration, store network component data.
DKIM
DomainKeys Identified Mail
A company can sign emails originating from their domain cryptographically.
SPF
Sender Policy Framework
Identifies which servers are authorized to send emails on behalf of a domain.
DMARC
Domain-based Message Authentication, Reporting, Conformance
Uses the results of DKIM and SPF checks. Focuses on the authenticity of the domain which the email originates.
Preparation Phase
Defines roles and responsibilities of the IRP and conduct regular training and drills.
Scalability
Architecture model that involves creating multiple instances of a system or service to handle increased demand or workload.
Containerization
A method that involves packaging an application and its dependencies into a lightweight unit that can run on any platform.
SAE
Simultaneous Authentication of Equals
Distributed Management
Allocation of management tasks across geographic regions; no specific decision-making authority.
Journaling
Form of backup that records all system transactions to be used to restore systems to a previous state.
Full backup
Makes a complete copy of all data in a system.
Differential Backups
Capture all changes going forward since the last full backup.
Wildcard Certificate
Used to secure multiple subdomains under a single main domain.
Self-signed Certificate
A certificate signed by the creator but does not cover multiple domains or sub domains.
CSR
Certificate Signing Request
This is a formal message to a CA for a digital certificate. It’s a request, not a type of certificate.
Data Custodian
Ensures that data is managed securely in line with the guidelines provided by the data owner and controller.
Agentless Security Monitoring/Alerting
Tools that collect and process logs without needing a dedicated agent on a system. E.g. SIEM
S/MIME
Secure Multipart Internet Message Extensions
Leverages email certificates to sign and encrypt email context.
Continuous Integration (4 items)
- Increase software quality to catch and fix bugs quickly
- Enables early detection to prevent issues of escalation
- Speeds up development process
- Automates code testing to enhance developer productivity 5
VPN
Virtual Private Network
Provides a secure method for remote operations by creating an encrypted connection over the internet. It establishes a secure tunnel so that data can be securely transferred even over insecure networks.
Logic Bombs
Malicious code segments inserted into software that are set to activate upon certain conditions, such as specific time and date.
Spyware
Designed to spy on user activities and will try to prevent being discovered.
Application Monitoring
Monitors software application’s performance and their security to ensure they operate without vulnerabilities and external compromises. E.g. CRM tools
CRM
Customer Relations Monitoring
Infrastructure Monitoring
Observes the overall health and security of foundational IT structures, servers, networks.
SDN
Software-defined networking
Network technology that separates the control plane from the data plane. allowing for more automation and flexibility in network management.
Control Plane
Provides intelligence and logic for a network. Withing a zero-trust framework is makes determinations on access requests and process the requests by referencing policies.
Data Plane
Handles traffic forwarding.
Port 25
SMTP
Port 22
SSH
Port 443
HTTPS
Zero-day vulnerability
Vulnerability in a system of software that is unknown to the vendor during the release of a product.
ACL Tampering
Involves direct tampering of ACL to change permissions on objects.
Privilege Escalation
Targets vulnerabilities to elevate a users access rights beyond what they were originally assigned.
UPS
Uninterruptible Power Supply
Provides immediate power protection from power interruptions by supplying short term battery power.
Probability
Quantitative percentage that indicates the statistical likelihood of a risk event.
Likelihood
Qualitative risk analysis expressed as “low”, “medium”, “high”
ARO
Annualized Rate of Occurrence
Annual measurement of how often a risk event is expected to happen.
MSA
Master Service Agreement
Establishes the framework between an organization and a vendor for the long-term business relationship.
BPA
Business Process Agreement
A type of agreement that outlines the terms and conditions of a partnership between two organizations.
Computer Security Act (1987)
Requires federal agencies to develop policies to secure computer systems that process sensitive data or confidential information.
GDPR
General Data Protection Regulation
Is an EU regulation that deals with the protection of personal data.
GLBA
Gramm-Leach-Bliley-Act
Focuses on financial institutions and requires them to ensure the security and confidentiality of customer data.
SOX
Sorbanes-Oxley Act
Emphasizes transparency and accountability in financial reporting.
Installation of endpoint protection (3 items)
- installs antivirus, firewall, anti-malware
- installs systems that can detect, block, remove malicious or unwanted programs or files that may compromise security or performance in systems
- improves system performance and stability by optimizing and managing system resources and processes
Hardening techniques (2 items)
- disabling unused features and services
- changing default settings, applying security configurations
TPM
Trusted Platform Module
A windows OS, hardware-based storage system embedded in the motherboard that stores keys, digital certificates, hashed passwords.
Secure Enclave
Chip used only to secure encryption keys, hashes and other important data embedded in apple and android devices.
HSM
Hardware Security Module
Physical computing device that safeguards and manages keys for strong authentication. It can be an external device or plugged-in.
Quantitative Rish Analysis
Calculates financial impact of a risk by considering the probability of occurrence and potential loss.
ALE
Annualized Loss Expectancy
Expected financial loss an org will experience due to a risk. Considers SLE and ARO.
SLE
Single Loss Expectancy
Potential financial loss associated with a risk event.
RTO
Recovery Time Objective
Sets the goal for the time taken to recover business operations after an outage, essential for continuity planning.
BCP
Business Continuity Planning
The overarching process that includes RTO.
MTTR
Mean Time To Repair
Average repair time for a failed system component.
RPO
Recovery Point Objective
Assesses the maximum tolerable data age for recovery purposes, unrelated to the duration for restoring operations.
Degaussing
Exposes hard disks to electromagnets to disrupt data storage patterns. Industial machinery is the best method for total destruction.
Key Stretching
Method to repeatedly hash a password to make it longer and more random. This makes the key more time consuming to break.
Salting
Adds random data to the input of a hash function to increase security. Applies some key stretching.
Volume Encryption
Encryption of a specific volume of virtual drive.
AES
Advanced Encryption Standard
Symmetric encryption algorithm where the same key is used for encryption and decryption. Most adopted and secure for wireless networks.
RSA
Rivest-Shamir-Adleman
Asymmetric encryption technique that uses 2 distinct keys- one private, one public for encryption and decryption.
Diffie-Hellman
Asymmetric key exchange method used to securely exchange crypto graphic keys over a public channel.
TKIP
Temporal Key Identity Protocol
Encryption protocol considered weak with known vulnerabilities. Only use if a device is not compatible with AES.
WEP
Outdated encryption protocol and should be avoided. Uses static keys.
WPA
Encryption protocol that should be used in conjunction with other methods. Not capable of securing modern wireless networks.
Jump Server
Used as an intermediary for managing devices in separate security zone.
E-discovery
Component of incident response that relates to the handling and collection of electronic data. It is designed to be used as evidence in legal cases and includes anything in scope that is used electronically.
Physical Isolation
Users air-gapping, disconnecting cables, or locking devices to prevent unauthorized access.
Logical Segmentation
Network design that involves dividing a network into smaller segments to improve performance and security.
EDR
Endpoint detection response
Provides advanced behavioral analysis and threat intelligence to detect and respond to cyber threats on endpoints.
Committees
Specialized groups that include subject matter experts who support the governance board with expert analysis and recommendations.
Stream Cipher
Encrypts plaintext data one byte or bit at a time, making them suitable for scenarios where the total message length is unknown.
Initialization Vector (IV)
Ensures uniqueness of the resulting ciphertext even with identical plaintexts. Used in the encryption process
secure erase
Overwrites data in a manner that ensures its permanently removed and unrecoverable. Gold standard for data destruction on a storage device.
Disk defragmentation
Optimizes storage by rearranging the fragmented data on a disk.
ISO 31K
Offers a comprehensive framework designed for enterprise risk management (ERM). Ensures organizations implement effective risk assessments and follow best practices.
ISO 14K
Aids companies in establishing, improving, and maintaining an environmentally friendly operational framework.
ISO 9K
Tailored for quality management systems; ensures organizations provide consistent quality in offerings and processes.
ISO 21K
Centered on cybersecurity; provides guidelines and process that organizations should adopt to ensure the security of digital assets, networks, and data.
EAP
Extensible Authentication Protocol
A network access authentication protocol that can handle multiple authentication methods.
IPsec
Secures communication across an IP network by protecting data through encryption and authentication.
Continuous Assessment
Refers to an ongoing, real-time process of evaluating risks to ensure that an organization can quickly identify and respond to new threats.
Attribute-based access control (ABAC)
Uses multiple attributes, such as user, environment, and resource, to decide access.
Third-party certificate
Signed and verified by a recognized external certificate authority.
Vulnerability Scanner
Essential for detecting and assessing security weaknesses in systems and applications. Proactively can address vulnerabilities and can identify security weaknesses.
Continuous integration
